Chapters 13&14 Flashcards
(42 cards)
What is the definition of computer forensics?
The analysis of electronic and residual data for recovery, legal preservation, authentication, reconstruction, and presentation to solve or aid in solving technology-based crimes.
What are examples of crimes investigated in computer forensics?
Securities fraud, bank fraud, health care fraud, child pornography, public corruption, insurance fraud, money laundering, high yield investment fraud, terroristic acts, and computer intrusion.
What is digital forensics?
The investigation of all electronic devices (like cell phones, smart watches, GPS, and computers) to meet the collection and preservation goals of computer forensics.
What technical skills are necessary for digital evidence collection?
Understanding various operating systems; quickly identifying pertinent digital data; properly preserving, securing, and collecting data; maintaining a proper chain of custody.
What are some risks (“landmines”) in handling digital evidence?
Missing evidence, changing evidence during collection, destroying evidence, losing evidence, mishandling evidence, failing to protect evidence, or not properly collecting it.
What are the steps involved in the digital evidence process?
Legal access → Identify evidence → Record condition → Collect → Transport → Secure → Review → Identify to support fraud → Flag for future use → Demonstrate in trial → Disposition.
Why should you not power on an electronic device when collecting evidence?
It could compromise evidence integrity and result in suppression in court; powering off may also erase volatile data like cached memory or network state.
Name examples of imaging software tools used in digital forensics.
EnCase, Helix, SafeBack, Cellebrite (for cell phones).
What is the purpose of imaging software tools?
To collect digital data without affecting data integrity, creating a read-only bitstream duplicate of the original drive.
What are examples of data extraction or data mining software?
IDEA (Interactive Data Extraction & Analysis), ACL, ActiveData.
What are examples of digital evidence locations?
Text files, metadata, swap file space, cache, deleted files, email, slack space, LAN logs, WiFi connections, external networks.
What are protocols in internet communication?
Rules that allow different operating systems and machines to communicate over the internet.
What are TCP and IP protocols used for?
For communication over the internet; nearly every information packet uses TCP/IP for transmission.
What is an IP address?
A 32-bit number identifying the sender and recipient in internet communication.
Why was IPv4 replaced by IPv6?
IPv4 ran out of addresses; IPv6 uses 128 bits, providing ~340 undecillion unique addresses.
What is a MAC address?
A six two-digit hexadecimal number unique to each network interface, used for device identification in a network.
What is the purpose of examining web logs in an investigation?
To trace website usage and identify the attacker’s online activity.
What protocol is used to send email over the internet?
Simple Mail Transfer Protocol (SMTP).
Why are expanded email headers important?
They contain critical tracing data like IP addresses and message IDs for investigations.
What is an IMEI number?
A 15-digit number unique to each mobile device, used to track phones.
What is an ICCID number?
A 19- or 20-digit number unique to each SIM card, identifying the SIM globally.
What is a proxy server used for by cybercriminals?
To hide their IP address and conceal their online identity.
What is the Tor browser used for?
To anonymize internet use by routing communications through random networks of relays.
Time stamps cannot be altered
False
