By the 1970s, electronic crimes were increasing, especially in the financial sector.
To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
Computer investigations and forensics fall into the same category: public investigations.
The law of search and seizure protects the rights of all people, excluding people suspected of crimes.
After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.
Chain of custody is also known as chain of evidence.
ISPs can investigate computer abuse committed by their customers.
If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.
The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.
One way to examine a partition's physical level is to use a disk editor, such as Norton DiskEdit, WinHex, or Hex Workshop.
For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.
A nonsteganographic graphics file has a different size than an identical steganographic graphics file.
Bitmap images are collections of dots, or pixels, that form an image.
FBI Computer Analysis and Response Team (CART)
The was formed in 1984 to handle the increasing number of cases involving digital evidence.
involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.
The group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.
In a case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation.
In general, a criminal case follows three stages: the complaint, the investigation, and the
Based on the incident or crime, the complainant makes a(n), an accusation or supposition of fact that a crime has been committed.
In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n)
It's the investigator's responsibility to write the affidavit, which must include (evidence) that support the allegation to justify the warrant.
The affidavit must be under sworn oath to verify that the information in the affidavit is true.
line of authority
Published company policies provide a(n) for a business to conduct internal investigations.
A(n) is a person using a computer to perform routine tasks other than systems administration.
standard risk assessment.
The list of problems you normally expect in the type of case you are handling is known as the
chain of custody
The basic plan for your investigation includes gathering the evidence, establishing the , and performing the forensic analysis.
investigations typically include spam, inappropriate and offensive message content, and harassment or threats.
A is a bit-by-bit copy of the original storage medium.
A bit-stream image is also known as a(n)
bit stream image
To create an exact image of an evidence disk, copying the to a target work disk that's identical to the evidence disk is preferable.
In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as
critique the case.
After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and
For computer forensics, is the task of collecting digital evidence from electronic media.
If the computer has an encrypted drive, a (x) acquisition is done if the password or passphrase is available.
creating a disk-to-image file.
____ 68. The most common and flexible data-acquisition method is c
If your time is limited, consider using a logical acquisition or (x) acquisition data copy method.
whole disk encryption
Microsoft has recently added (x) in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.
Most federal courts have interpreted computer records as x evidence.
Generally, computer records are considered admissible if they qualify as a x record.
The FOIA (Freedom of Information Act) was originally enacted in the
much easier than
Investigating and controlling computer incident scenes in the corporate environment is x in the criminal environment.
Every business or organization must have a well defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a x that a law or policy is being violated.
Environmental and x issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.
initial-response field kit
With a(n) x you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.
extensive-response field kit
A(n) x kid should include all the tools you can afford to take to the field.
Courts consider evidence data in a computer as x evidence
Evidence is commonly lost or corrupted through professional x, which involves police officers and other professionals who aren't part of the crime scene processing team.
U.S. Department of Justice (DOJ) Homeland Security Patriot Act Department of Defense
When seizing computer evidence in criminal investigations, follow the x standards for seizing digital data.
During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older x or MS-DOS system.
Real-time surveillance requires x data transmissions between a suspect's computer and a network server.
The most common computer-related crime is
A x is a column of tracks on two or more disk platters.
Records in the MFT are referred to as x.
The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are referred to as x
A x allows you to create a representation of another computer on an existing physical computer.
You begin any computer forensics case by creating a(n) x
In civil and criminal cases, the scope is often defined by search warrants or x, which specify what data you can recover.
FTK and other computer forensics programs use x to tag and document digital evidence.