MSDF 530 / MSDF530
ALL QUIZES AND MIDTERM EXAM TEST BANK
The least important principle in any forensic effort, digital or nondigital, is chain of
... [Show More] custody.
This field describes the process of acquiring and analyzing information stored on physical storage media, such as computer hard drives, smartphones, GPS systems, and removable media.
The objective in computer forensics is to recover, analyze, and present computer-based material in such a way that it can be used as evidence in a court of law.
Many forensic techniques you use on a Linux can also be used on a Mactinosh, from the shell prompt so it is recommended you be familiar with Linux commands.
Computer forensics does not apply to all domains of a typical IT infrastructure.
As a general rule, it is okay to have at least ONE reference for every conclusion in your expert report.
This describes a physical object that someone can touch, hold, or directly observe.
One very important principle is to touch the sytem as little as possible.
One of the most challenging parts of an forensic investigation is the analysis part.
Obscured information may be scrambled by encryption, hidden using steanographic software, or compressed.
Cyberstalking is described using electronic communications to harass or threaten another person.
Hacking is a generic term that has different meanings to different people but in commmon speech, it means breaking into a system.
Hackers use this specific set of table of precomputed hashes which is used for braking passwords.
A computer can be a target of the crime.
A computer can be an evidence repository that stores valuable information about the crime.
A Trojan horse refers to an horse that is born in Trojan.
Discarded information is one common method used to perpetrate identify theft.
If you apply information about how a computer was used in a crime then that helps when searching the system for evidence e.g. if a computer was used to hack into a network password file, the investigator should look for a password-cracking software and password files.
A table of precrumpted hashes used for hacking would be described as what?
A computer can be the instrument of a crime.
A formal document that details the forensic expert's findings would be described as an expert report.
The unused space between the logical end of file and the physical end of file is known as disk slack or disk space.
A formal document that details the forensic expert's findings would be described as an expert report.
Life span refers to how long information is valid.
Volatility refers to how easy it is for data to change.
Forensic specialists must keep in mind three data collection considerations: (1) understanding the life span of information; (2) collecting information slowly; and (3) collecting files and folders.
It is common practice to make two copies of the evidence (one to work with and a backup). [Show Less]