Week 1 - Further Overview Flashcards
What is Digital Forensics?
The procedure of revealing, securing, retrieving and intrepreting electronic content.
Who do digital forensics experts work with?
Law enforcement
Private companies
Forensic consultants
What are the major components of Digital Forensics? What happens during Digitial Forensics?
Secure and detect evidence - IMPORTANT that evidence is secured first!
Following appropriate standards of practice
Analysis and investigate techniques
Using software tools
Determine the presence and nature of computer-based criminal activity
What devices are investigated in digital forensics?
PCs
Mobile phones
Game consoles
E.g. any digital device part of a cybercrime.
What are the ACPO guidelines?
The Association of Chief Police Officers guidelines iis a standard of practice set in place to ensure good practice when collecting computer-based electronic evidence, to ensure that it is secure and can be used as evidence.
What is the first step of securing and detecting evidence?
The seizure of relevent devices.
Explain the process that happens afte seizure of a digital device?
The device is seized, bagged, labelled and documented. A ‘chain of evidence’ log is maintained to provide an audit trail. All actions on the device are also logged for future reference to ensure integrity and security. The identity of investigators managing the devices at any time must also be recorded.
What is the second step of securing and detecting evidence?
The data storage is imaged (aka. copied) and stored securely. A MD5 or a SHA-1 hash is created to validate the data.
Why might a digital device be imaged?
To ensure that if data is corrupted or changed during investigation, the original data is still valid and correct. It ensures that the data can be showed to have integrity.
TRUE OR FALSE: Investigations are only conducted on images of the original data?
TRUE, this means that the original can be kept safe and used to validate the data collected during investigation.
What are the steps of Securing and Detecting?
Seizure of devices.
Imaging the data.
Evidence is detected.
What is the third step of securing and detecting?
The image is investigated, and the investigators look for any data/evidence that relates to the cybercrime. To do this they use digital forensics software tools. The searches may focus on different varieties of information: images, videos, web activitiy, specific document types, history/usgae, email content, key word searches etc.
What data may be investigated during a digital forensics investigations?
Images videos web activitiy specific document types history/usgae email content key word searches OS data etc.
What is the main use of Digital Forensics?
In cyber crime investigations.
