ISM 4324 Fall 2012 Study Guide

Ch 1 Categories of Computer Systems Open systems Closed systems

Locards exchange principle Evidence of interaction is left behind

Forensic soundness Chain of Custody Evidence passes from one person to another

Evidence Integrity digital fingerprints MD5 & SHA

Challenges with digital forensics Data is easily altered Fragmented drives can cause problems

Ch 2-3 Florida Computer Crimes Act Florida Hacking Statute

Definition of digital evidence and difference between physical evidence Physical = tangible item Digital = no tangible

Hardware versus software Examination versus analysis

 Computer Evidence Categories Expert versus Traditional Witness Pre-conceived theories Criminal versus Civil Hearsay Best evidence rule Circumstantial versus direct evidence Daubert rule

Ch 4 Computer Fraud and Abuse Act Authorization versus Access Intent Intentional Damage Identity Theft Child Pornography Obscenity Defined by local community

Copyright Exists the moment a work is created. Copyright required if suing for monetary damages

Fourth Amendment Freedom of unreasonable search and seizures

Fifth Amendment Cannot be compelled to tesitify

Ch 15 Be able to convert between decimal, hexadecimal and binary using the Windows calculator Be able to change big-endian to little endian and vice-versa Magic Numbers Headers and footer on a file- tells investigator what is in the file

Wear-leveling on Solid State Drives DCO and HPA on a hard disk Master Boot Record File Systems used by Windows Volume slack File hiding

Ch 6 Hypothesis Theory based on scientific evidence

Prediction What you think will happen

Reporting and Testimony

Ch 7 Standard Operating Procedure Consequences of failing to handle evidence correctly ACPO Principles Requirements for a search warrant Probable Cause Evidence is likely to be found

 Order of Volatility The order in which evidence is completely lost Least volatile = harddrive

Ch 8-9 Investigative Reconstruction Behavioral Imprints Modus Operandi Motive Why you commit a crime The way you commit a crime

Equivocal Forensic Analysis Looking at both sides of and argument

Corpus Delicti Body of the crime

Three categories of Analysis and what they are Threshold assessment