IA - DIGITAL FORENSICS

Question 1

Branches of Digital Forensics

Answer 1

1. Computer Forensics
2. Mobile Device Forensics
3. Network Forensics

Question 2

is a branch of digital forensics concerned with evidence found in computers and digital storage media

Answer 2

Computer Forensics

Question 3

focused on the recovery of digital evidence form mobile devices using forensically sound methods

Answer 3

mobile device forensics

Question 4

involved the alleged breaking of laws and law enforcement agencies and their digital forensic examiners

Answer 4

criminal cases

Question 4

examiners specialize in one area of digital evidence; either at broad level or sub-specialisst

Answer 4

Digital Evidence Examiners

Question 4

focused on monitoring and analyzing computer network traffic for information gathering, legal evidence or intrusion detention

Answer 4

network forensics

Question 4

• gather or process evidence at crime scenes
• trained on the correct handling of technology

Answer 4

Digital Forensic Technician

Question 5

Purpose of digital forensics

Answer 5

1. criminal cases
2. civil cases

Question 6

• someone who has a desire to follow the evidence and solve a crime virtually
• recover data like documents, photos, and emails from a computer hard drive and other storage devices such as zip and flash drives with deleted, damaged, or otherwise manipulated

Answer 6

Digital Forensics Investigator

Question 6

involved the protection of rights and property of individuals or contractual disputes between commercial entities where a form of digital forensics called electronic discovery may be involved

Answer 6

civil cases

Question 7

• the admissibility of digital evidence relies on the tool used to extract it
• Forensic tools are subjected to the Daubert standard, where judge is responsible for ensuring that the processes and software used were acceptable

Answer 7

Investigative tools

Question 8

Example Uses of Digital Forensics

Answer 8

1. Intellectual Property Theft
2. Industrial Espionage
3. Employment Disputes
4. Fraud Investigations
5. Forgeries Related Matters
6. Bankruptcy Investigations
7. Inappropriate Use of The Internet and Email in workplace
8. Issues Concern with the regulatory compliance

Question 8

GENERAL TOOLS USED IN FOLLOWING CATEGORIES

Answer 8

1. disk and data capture tools
2. file viewer tools
3. file analysis tools
4. internet analysis tools
5. email analysis tools
6. registry analysis tools
7. mobile device analysis tools
8. mac os analysis tools
9. network forensics tools
10. database forensics tools

Question 9

Internet crime is for investigators, laboratory and technical personnel to understand and how the process works and to stay closely engaged with advances in software and tracking techologies

Answer 9

Internet-Based

Question 10

crims such as pornography, copyright infringement, extortion or counterfeiting have digital evidence which is on the computer’s hard drive and general equipment, including removable devices such as thumb drive and CRDOM

Answer 10

Stand-Alone Computers or Devices

Question 10

• allow criminals to engage in an ever-growing variety of activities and devices keep track of every move and message
• it is th tracking capability that truns mobile devices into key evidence in many cases

Answer 10

Mobile Devices

Question 10

Stages of Digital Forensics Investigation

Answer 10

1. identification
2. preservation
3. analysis
4. documentation
5. presentation

Question 10

is any probative information stored or transmitted in digital form that a party to a court case may use in trial

Answer 10

digital evidence

Question 11

physical evidence cannot be wrong. it cannot perjure itself, it cannot be wholly absent. only human failure to find it, study and understand it, can diminish its value

Answer 11

Locard’s Principle

Question 11

• deter any alteration in evidence, either intentionally or unintentionally, states that the court prefers original evidence in trial rather than a copy
• are used to establish a credible link between the attacker, victime, and crime scene

Answer 11

Best Evidence Rule

Question 12

types of investigation

Answer 12

1. criminal forensics
2. intelligence gathering
3. electronic discovery
4. intrusion investigation

Question 12

is usually part of a wider investigation conducted by law enforcement and other specialists with reports being intended to facilitate that investigation and ultimately be entered as an expert evidence before court

Answer 12

criminal forensics

Question 12

is often associated with crime providing intelligence to help track, stop, or identify criminal activity

Answer 12

intelligence gathering

Question 12

has a specific legal limitations and restrictions, usually in relation to the scope of any investigation

Answer 12

electronic discovery

Question 13

* final form of investigation is different from previous ones * instigated as a response to a network intrusion

Answer 13

intrusion investigation

Question 14

techniques of digital forensics

Answer 14

1. cross-drive analysis 2. live analysis 2.1 volatile analysis 3.recovery of deleted files 4.stochastic forensics 5.stenography

Question 15

* a forensic technique that correlates information found on multiple hard drives. * this process, still being researched can be used to identify social networks and perform anomaly detection

Answer 15

cross-drive analysis

Question 16

* the examination of computers from within the operating system using custom forensics to extract evidence * this practice is useful when dealing with encrypting file system

Answer 16

live analysis

Question 17

is data that is lost when power is switched off

Answer 17

volatile data

Question 18

a method uses stochastric properties of the computer system to investigate activities lacking digital artifacts

Answer 18

stochastic forensics

Question 18

order of voladility of digital evidences

Answer 18

1. CPU 2. ARP Cache 3. Memory 4. Temporary File System 5. Data on Hard Disk 6. remotely lagged data 7. data contained on archival media

Question 19

computer forensics professionals can fight this by looking at the hash of the file and comparing it to the original image

Answer 19

stenography

Question 19

* modern forensic softwares have their own tools for recovering deleted data * most OS and file systems fo not always rease physical file data, allowing investifators to reconstruct it from physical disk sectors

Answer 19

recovery of deleted files

Question 20

the **testbed should be created from the trusted source** and functionality of the testbed should be checked in advance before using them in the build

Answer 20

create forensic tool testbed

Question 20

chracteristics of digital evidence

Answer 20

1. admissibility 2. reliability 3. convincing to judges 4. completeness 5. authentication 6. assessment 7. acquisition 8. preservation 9. examination and analysis 10. documentation and reporting

Question 20

first responder toolkit

Answer 20

1. create forensic tool testbed 2. document the forensic tool testbed 3. document the summary of the forensic tools 4. test the tools

Question 21

for every tool that is acquired for the testbed, the **follwiing information is documented for easy reference and record**

Answer 21

document the summary of the forensic tools

Question 22

now the tools selected and installed are testedd in the testbed and its performance and output is examined

Answer 22

test the tools

Question 23

some common mistakes first responder should avoid

Answer 23

1. do not shu off or reboot machine 2. do not assume that any parts of the victim is reliable 3. take precaution 4. follow procedures

Question 24

issues facing computer forensics

Answer 24

1. technical issues 2. legal issues 3. administartive issues

Question 25

technical issues

Answer 25

1. encryption 2. increasing storage space 3. new technologies 4. anti-forensics

Question 26

* may confuse or distract computer examiner's findings. In such cases, a competent opposing lawyer supplied with evidence from competent computer forensic analysit shoulw be able to dismiss such argument

Answer 26

Legal Issues

Question 27

3 Famous Cases Solved Through Digital Forensics

Answer 27

1. BTK Killer 2. The Craigslist Killer 3. Larry J Thomas Vs State of Indiana

Question 28

dennis rader tortured and killed 10 people but the digital forensics experts were able to trace the metadata contained within the disk helping unveil the killers identity

Answer 28

BTK Killer

Question 29

when investigators traced emails exchanged between victims and ip address led them to unlikely suspect

Answer 29

the craigslist killer

Question 30

during the investigation, the authorities took the current posted on the culprits facebook account under consideration

Answer 30

Larry J. Thomas vs the state of Indiana