Exam 12: Digital Forensics

A(n) ____ is used to sniff network traffic.

There are various ways to prepare sterile media, but a common method is to write ____ to every block on the device to erase any previous contents and then, if needed, format the device with a file system.

Match each item with a statement below. a.Discoverable f.Carving b.Cartwheeling g.FTK c.Jump bag h.EnCase Forensic d.Desiccants i.Write blocker e.Faraday Cage -Has a set of all the portable equipment and tools needed for an investigation

Match each item with a statement below. a.Discoverable f.Carving b.Cartwheeling g.FTK c.Jump bag h.EnCase Forensic d.Desiccants i.Write blocker e.Faraday Cage -Drying agents to absorb any moisture

When prioritizing collected evidence, which term refers to the likelihood that the information will be useful?

Match each item with a statement below. a.Discoverable f.Carving b.Cartwheeling g.FTK c.Jump bag h.EnCase Forensic d.Desiccants i.Write blocker e.Faraday Cage -A technique in which a term is extended via links to subsidiary terms

One of the more perplexing problems in collecting digital data concerns so-called volatile information, such as the contents of a ____.

____________________ is collecting evidence from a currently running system.

Why is tagging equipment vital to the organization's business as evidence a very real issue for commercial organizations?

The ____ handles computer crimes that are categorized as felonies.

Match each item with a statement below. a.Discoverable f.Carving b.Cartwheeling g.FTK c.Jump bag h.EnCase Forensic d.Desiccants i.Write blocker e.Faraday Cage -An enclosure that ensures that electromagnetic waves are blocked so that a device cannot transmit or receive radio waves while in custody

Which audience is interested in analysis report issues in terms of compliance with organizational policies?

In a live acquisition, the investigator has a good idea of what the attacker did to the system during the compromise.

An organization's ____ policy must spell out the procedures for initiating the investigative process, including management approvals.

In a dead acquisition, an investigator seeks to obtain a forensic image of the disk or device.

Why does encrypted information present challenges to forensic investigators?

In large organizations, ____ know operating systems and networks as well as how to interpret the information gleaned by the examiners.

If an organization routinely searches every employee's computer or if it conducts truly random searches and uncovers potential evidentiary material, then the findings are admissible in any legal proceeding.

Media that is used to collect digital evidence must be forensically ____.

List the four steps considered to be at the heart of digital evidence collection.