WGU Forensics and Network Intrusion - C702
Computer forensics - ANSWER ==refers to a set of methodological procedures and techniques to
... [Show More] identify, gather, preserve, extract, interpret, document and present evidence from computing equipment that is acceptable in a court of Law
Cybercrime is defined - ANSWER ==as any illegal act involving a computing device, network, its systems, or its applications. It is categorized into two types based on the line of attack: internal attacks and external attacks
Computer crimes - ANSWER ==pose new challenges for investigators due to their speed, anonymity, volatile nature of evidence, global origin of the crimes and difference in laws, and limited legal understanding
Approaches to manage cybercrime investigations include - ANSWER ==civil, criminal, and administrative approaches
Digital evidence is - ANSWER =="any information of probative value that is either stored or transmitted in a digital form". It is of two types: volatile (Power off its lost) and non-volatile (now difference if off)
Forensic readiness refers to - ANSWER ==an organization's ability to optimally use digital evidence in a limited period of time and with minimal investigation costs. Helps maintain Business Continuity. Practice Drills.
'
Plan:
1. Identify potential evidence required.
2. Determine Source
3. Define Policy
4. establish Policy
5. Identify if Full/formal investigation is required.
6. create process for documenting procedure
7. Legal advisory board
8. Keep Incident response team ready.
includes technical and non-technical actions that maximize an organization's competence to use digital evidence.
Organizations often include computer forensics as part of their - ANSWER ==incident response plan to track and prosecute the perpetrators of an incident
Which of the following is true regarding computer forensics? - ANSWER ==Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
Which of the following is not an objective of computer forensics? - ANSWER ==Document vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack.
What is not an impact of cybercrime? - ANSWER ==Huge financial gain
Which of the following is true of cybercrimes? - ANSWER ==Investigators, with a warrant, have the authority to forcibly seize the computing devices.
Which of the following is true of civil crimes? - ANSWER ==The initial reporting of the evidence is generally informal.
Which of the following is a user-created source of potential evidence? - ANSWER ==Address book
Which of the following is a computer-created source of potential evidence? - ANSWER ==Steganography
Under which of the following conditions will duplicate evidence not suffice? - ANSWER ==When original evidence is in possession of the originator [Show Less]