Professional Documents
Culture Documents
141
141
20 points
2. What are some of the reasons a safeguard or control may not have been successful
3. What must be done with interrupted services during the recovery process?
periodic plan review and maintenance, continue the training of staff members who
a. Digital forensics is the use of forensic techniques when the source of evidence is a
smartphones, tablets, portable music players, and all other electronic devices
a. It depends on the size and nature of the organization, and on the available
i. Cost — This includes the costs of the tools, hardware, and other
cheaper because the service is only paid for when actually used, the
place and up to speed may turn out to be more expensive than maintaining
complicate their use. Forensic data collection can expose highly sensitive
business plans.
a. First response — Assessing the “scene,” identifying the sources of relevant digital
material facts that bear on the subject of the investigation; preparing and
8. What are the common roles and duties of a digital forensic first-response team?
information. Also orchestrates the work of the other team members and usually
b. Scribe — Produces the written record of the team ’ s activities and maintains
Chapter 8 Questions
20 points
9. What factors determine which digital evidence should be collected and in what
order?
b. Volatility — The stability of the information over time, some types of information
becoming lost when the power is cut and by default over time.
information
10. In forensic analysis, what are the differences between examination and analysis?
a. The examination phase involves the use of forensic tools to recover the content of
files that were deleted, operating system artifacts, and other relevant facts. The
analysis phase uses those materials to answer the questions that gave rise to the
investigation.
11. What type of document is usually required when an organization other than a law
12. In what main way does search and seizure differ in the public and the private
sectors?
a. In general, a law enforcement organization cannot be sued for its conduct during
groundless.
a. To prove that the relevant evidence did not come from somewhere else or was
15. What type of forensics is used for practices that continue to operate while being
examined?
a. A live acquisition is used on systems that are operating while being examined.
16. What types of information are missed by a normal copying process but included in a
forensic image?
a. Deleted files and file fragments are generally missed by normal copying
processes.
17. What is the relationship between forensics and anti-forensics, and why is it
18. Why is cryptography a good thing for IT workers but a bad thing for forensic
Chapter 8 Questions
20 points
investigators?
a. As long as the incident does not violate a civil or criminal law, it is optional. The