Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS414 - Digital Forensics > Week 3 - Stages of Acquisition > Flashcards

Week 3 - Stages of Acquisition Flashcards

1
Q

What are some other names for the Acquisition stage

A

Capturing
Seizure
Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the acqusition stage?

A

Seizing the devices, hardware and data related to the investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TRUE OR FALSE: Digital investigative acquisition follows the same evidence acquisition laws related to normal non-digital evidence.

A

TRUE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What must be done before a device is collected for acquisition?

A

It must be deemed legally appropriate to seize for the investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a data object?

A

An object or piece of information that has potential data related to the investigation. It is associated with physcial items. It can come in different formats and is used as evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the definition of Digital evidence?

A

Information of probative value stored or transmitted in a digital form.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the definition of Physical evidence?

A

Items on which data objects or evidence may be stored and/or through which data objects are transferred.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the definition of Original Digital evidence?

A

Physical items and the data objects associated with these physical items collected at the time of acquisition.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the definition of Duplicate Digital evidence?

A

An accurate digital reproduction of all data objects contained on an original physical item.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the definition of Copy?

A

An accurate reproduction of information contained on an original physical item, independent of the original physical item.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What principle must be followed during the acquisition of evidence?

A

It must be ensured that digital evidence is collected, preserved, examined, or transferred in a manner safeguarding the accuracy and reliability of the evidence, law enforcement and forensic organizations must establish and maintain effective quality system. Standard Operating Procedures (SOPs) must be followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does SOP stand for?

A

Standard Operating Procedure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are SOPs?

A

They are quality-control guidelines that ensure the integrity of digital investigations by making sure that there are proper case records and that the investigation uses broadly accepted procedures, equipment, and materials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the 1st ACPO principle?

A

Don’t change the original data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the main stages of acquisition?

A 
Assessment
Documentation
Seizure/Collection
Chain of custody
Identification
Transportation
Storage
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the assessment stage of acquisition?

A

The initial assessment of the scene and/or details surrounding the investigation with a specific digital frame of mind. It is the assessment of the devices associated with the scene and the context and/or states they are in. During this stage it is also important to preserve the state of the machines at the scene so they are not tampered with.

17
Q

What might you initially assess about the state of a machine?

A

Connection to a network
Power connection
Current usage of device (on or off, what programs is it running)
Its means of storage

18
Q

What is the seizure/collection stage of acquisition?

A

When the relevent devices/machine/data is collected from the scene for further investigation. It is important to record the state of the hardware when there were found (e.g. connectivity of the machine, powered on or off). You may take photographs, label them and keep records. When the items are seizure they are ‘bagged and tagged’ with appropriate labels. This stage can only happen once, so it must be done right.

19
Q

What is the chain of custody stage of acquisition?

A

The process of documenting the chain of custody and complete journey of the evidence during the investigation. This data is normally maintained in an evidence log, that includes a case number, a brief description, the signature of the individual responsible for the seizure documentation and the data and time collected.
The records will also include how it was collected, who has had possession of it, when did they get possession, when was it handed off and to who, how and where is it stored, who took it out of storage and why. It is meant to protect the integrity of the evidence so that no tampering occurs.

20
Q

When do data objects become evidence?

A

When so deemed by a law enforcement official or designated agent.

CS414 - Digital Forensics (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions