Cengage Chapter 1 - Understanding the Digital Forensics Profession and Operations

Question 1

A notarized document, given under penalty of perjury, that investigators create to detail their findings. This document is often used to justify issuing a warrant or to deal with abuse in a corporation. Also called a “declaration” when the document isn’t notarized.

Answer 1

affidavit

Question 2

A charge made against someone or something before proof has been found.

Answer 2

allegation

Question 3

A fireproof container locked by a key or combination.

Answer 3

approved secure container

Question 4

Communication between an attorney and client about legal matters is protected as confidential communications. The purpose of having confidential communications is to promote honest and open dialogue between an attorney and client. This confidential information must not be shared with unauthorized people.

Answer 4

attorney-client privilege (ACP)

Question 5

In a private-sector environment, the person who has the right to request an investigation, such as the chief security officer or chief intelligence officer.

Answer 5

authorized requester

Question 6

A bit-by-bit duplicate of data on the original storage medium. This process is usually called “acquiring an image,” “making an image,” or “forensic copy.”

Answer 6

bit-stream copy

Question 7

The file where the bitstream copy is stored; usually referred to as an “image,” “image save,” or “image file.”

Answer 7

bit-stream image

Question 8

The route evidence takes from the time the investigator obtains it until the case is closed or goes to court.

Answer 8

chain of custody

Question 9

A nonprofit group based in Seattle-Tacoma, WA, composed of law enforcement members, private corporation security professionals, and other security professionals whose aim is to improve the quality of high-technology investigations in the Pacific Northwest.

Answer 9

Computer Technology Investigators Network (CTIN)

Question 10

Retrieving files that were deleted accidentally or purposefully.

Answer 10

data recovery

Question 11

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

Answer 11

Digital Evidence First Responder (DEFR)

Question 12

An expert who analyzes digital evidence and determines whether additional specialists are needed.

Answer 12

Digital Evidence Specialist (DES)

Question 13

Applying investigative procedures for a legal purpose; involves the analysis of digital evidence as well as obtaining search warrants, maintaining a chain of custody, validating with mathematical hash functions, using validated tools, ensuring repeatability, reporting, and presenting evidence as an expert witness.

Answer 13

digital forensics

Question 14

The process of conducting forensic analysis of systems suspected of containing evidence related to an incident or a crime.

Answer 14

digital investigations

Question 15

Nonstatic bags used to transport computer components and other digital devices.

Answer 15

evidence bags

Question 16

A printed form indicating who has signed out and been in physical possession of evidence.

Answer 16

evidence custody form

Question 17

Evidence that indicates the suspect is innocent of the crime.

Answer 17

exculpatory evidence

Question 18

Evidence used in court to prove a case.

Answer 18

exhibits

Question 19

A workstation set up to allow copying forensic evidence, whether it’s on a hard drive, flash drive, or the cloud. It usually has software preloaded and ready to use.

Answer 19

forensic workstation

Question 20

The ______________________ to the U.S. Constitution in the Bill of Rights dictates that the government and its agents must have probable cause for search and seizure.

Answer 20

Fourth Amendment

Question 21

An environment in which employees can’t perform their assigned duties because of the actions of others. In the workplace, these actions include sending threatening or demeaning e-mail or a co-worker viewing pornographic or hate sites.

Answer 21

hostile work environment

Question 22

Evidence that indicates a suspect is guilty of the crime he or she is charged with.

Answer 22

inculpatory evidence

Question 23

Theft of company sensitive or proprietary company information often to sell to a competitor.

Answer 23

industrial espionage

Question 24

An organization created to provide training and software for law enforcement in the digital forensics field.

Answer 24

International Association of Computer Investigative Specialists (IACIS)

Question 25

The process of trying to get a suspect to confess to a specific incident or crime.

Answer 25

interrogation

Question 26

A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation.

Answer 26

interview

Question 27

The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take possession of evidence, and have access to evidence.

Answer 27

line of authority

Question 28

An evidence custody form used to list all items associated with a case.

Answer 28

multi-evidence form

Question 29

Detecting attacks from intruders by using automated tools; also includes the manual process of monitoring network firewall logs.

Answer 29

network intrusion detection and incident response

Question 30

Behavior expected of an employee in the workplace or other professional setting.

Answer 30

professional conduct

Question 31

Being able to obtain the same results every time from a digital forensics examination.

Answer 31

repeatable findings

Question 32

The legal act of acquiring evidence for an investigation.

Answer 32

search and seizure

Question 33

Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime.

Answer 33

search warrants

Question 34

A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.

Answer 34

single-evidence form

Question 35

The decision returned by a jury.

Answer 35

verdict

Question 36

The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.

Answer 36

vulnerability/threat assessment and risk management

Question 37

Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access.

Answer 37

warning banner

Question 38

Financial crimes, including falsification of financial information, fraud, identify theft, intellectual property theft and piracy, embezzlement, and money laundering.

Answer 38

white-collar crimes