Set 4 Flashcards
What is Lockard’s exchange principle?
If something is taken than there will be a trace of evidence.
While dinner with her family, tw police officers want to search her rouse with a warrant and without consent, what is this called?
unreasonable search 4th amendment violation
In 2020 a driver ran a light, the driver of other car must have medical care, the drunk driver is sued under ____ law.
tort
What are the 5 w h?
who, what, when, where, how
Dr cooper dark matter uses scientific method, wht is first step of scientific method?
Ask a question
George is ist for company as the forensic analyst he is not responsible for,
Discovering malicious activity
Getting systems back online
Ensuring all collected evidence follows chain of custody
Ensuring all collected evidence follows chain of custody
Local police department, police investigated crime scene murder, the dfi goes inside victims office what two things does he do?
sean does a memory dump,
sean is performing live collection,
dead collection,
sean does not require a warrant,
sean is performing live collection
sean does not require a warrant
Convert 34 to binary
convert 1001010 to decimal
100010
74
First bytes of a file are called?
Magic bytes, they tell the OS what kind of file it is
What isn’t an anti forensics technique?
data wiping,
physical destruction,
defragmentation,
encryption
defragmentation
What must be completed each time evidence is moved?
chain of custody
What are the different phases of the forensic analyst process, 6 of them?
pre-investigation,
preparing the investigation,
search and seizure,
analyze,
report and testify,
post investigation
Certified data forensic lab has what accredited standard,
iso-eic-17025,
Cluley works in data forensics lab, collects and retrieves digital evidence, called to testify in court. What fits him?
officer,
manager,
analyst,
investigator
analyst
Melissa works in data forensics lab, she collects and preserves digital evidence, called to testify in court. What is she?
officer,
manager,
analyst
investigator
investigator
What isn’t a Technical control?
Intrusion detection,
backups,
emergency repose procedures,
emergency repose procedures,
Police department team want to investigate crime scene goes into victim office and see laptop is turned on but screen is blank, what to do?
Move the mouse
Data forensics analyst investigate corporate and look at suspicious, employee internet activity on watchlist, before you got further you must get permission from _____
hr and legal
What equipment to use not contaminate digital evidence?
write blocker,
diode,
FTK
Write blocker
Detective gets info that gang has stolen computers, before officers can enter they must get a warrant, an affidavit is needed, what does detective need to get a warrant?
Probable cause
Officer spots suspects loading computers into a truck what allows officers to search truck?
exigent cicumstances
Computers are outside the warehouse victims name is on the computer?
plain view doctrine
Tcp and udp operate in what layer?
the 4th layer or transport layer
Which is not considered a common data acquisition practice?
making a true copy,
making a copy of a copy,
ensuring mace attributes are unchanged,
downloading an application on target system,
downloading an application on target system,
