Professional Documents
Culture Documents
Forensics Study Guide Midterm
Forensics Study Guide Midterm
Forensic soundness Chain of Custody Evidence passes from one person to another
Challenges with digital forensics Data is easily altered Fragmented drives can cause problems
Definition of digital evidence and difference between physical evidence Physical = tangible item Digital = no tangible
Computer Evidence Categories Expert versus Traditional Witness Pre-conceived theories Criminal versus Civil Hearsay Best evidence rule Circumstantial versus direct evidence Daubert rule
Ch 4 Computer Fraud and Abuse Act Authorization versus Access Intent Intentional Damage Identity Theft Child Pornography Obscenity Defined by local community
Copyright Exists the moment a work is created. Copyright required if suing for monetary damages
Ch 15 Be able to convert between decimal, hexadecimal and binary using the Windows calculator Be able to change big-endian to little endian and vice-versa Magic Numbers Headers and footer on a file- tells investigator what is in the file
Wear-leveling on Solid State Drives DCO and HPA on a hard disk Master Boot Record File Systems used by Windows Volume slack File hiding
Ch 7 Standard Operating Procedure Consequences of failing to handle evidence correctly ACPO Principles Requirements for a search warrant Probable Cause Evidence is likely to be found
Order of Volatility The order in which evidence is completely lost Least volatile = harddrive
Ch 8-9 Investigative Reconstruction Behavioral Imprints Modus Operandi Motive Why you commit a crime The way you commit a crime