Exam 19: Computer Forensics

Which of the following actions taken at the crime scene involving a computer are incorrect?

Extraction of data from a mobile device can be done on a physical level and a(n)________ level.

The two main types of evidentiary computer data are visible data and latent data.

One should not look for "latent" data in:

Clusters are groups of ________.

The two types of slack space are ________ slack and ________ slack.

An IP address may lead to the identity of the person who was using a particular computer to access the Internet.

A Network Interface Card (NIC)enables a personal computer to communicate with other computers via:

A(n)________ is placed on a hard disk drive by a website to track certain information about its visitors.

When is it necessary to make a "fingerprint" of a HDD?

Which source will NOT be useful to investigators seeking to determine a user's Internet history?

One gigabyte can be expressed as:

________ consists of programs that are used to start the computer's boot process.

Hard drive partitions are typically divided into:

A(n)________ is a device that permits only requested traffic to enter a computer system.

URL stands for:

One should not search for "visible" data in:

Match the word in Column 1 to its definition in Column 2.Each answer can only be used once. A)A set of instructions compiled into a program that performs a particular task B)A group of sectors in multiples of two; typically the minimum space allocated to a file C)A standard method by which Internet sites are addressed D)All data that the operating system is presently aware of, and thus is readily accessible to the user E)Files placed on a computer from a visited website; they are used to track visits and usage of that site F)Hardware or software designed to protect against intrusions into a computer network G)Typically the main storage location within the computer, consisting of magnetic platters contained in a case H)The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes I)The main chip within the computer; also referred to as the brain of the computer.This microprocessor chip handles most of the operations (code and instructions)of the computer. J)Portions of visited Web pages placed on the local hard disk drive to facilitate quicker retrieval once revisited K)The main system board of a computer (and many other electronic devices)that delivers power, data, and instructions to the computer's components L)Areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless 1)Central processing unit (CPU) 2)Cluster 3)Hard disk drive (HDD) 4)Latent data 5)Motherboard 6)Sector 7)Software 8)Visible data 9)Cookies 10)Firewall 11)Internet cache 12)Uniform resource locater (URL)

A domain manages traffic between computers on a network.

An investigator would like to take a forensic "image" of a suspect's HDD.What is the primary goal in obtaining data from a HDD? What tools can the investigator use to achieve this goal?