Computer forensics bullshit

[Asphyxia]

You use ____ to create, modify, and save bitmap, vector, and metafile graphics.
Graphics editors

See: Ch. 8: Recovering Graphics Files, Section - Recognizing a Graphics File

____ compression compresses data by permanently discarding bits of information in the file.
Lossy

See: Ch. 8: Recovering Graphics Files, Section - Understanding Data Compression

____ is the file structure database that Microsoft originally designed for floppy disks.
FAT

See: Ch. 5: Working with Windows and CLI Systems, Section - Exploring Microsoft File Structures

Lab costs can be broken down into monthly, ____, and annual expenses.
Quarterly

See: Ch. 2: The Investigator's Office and Laboratory, Section - Understanding Forensics Lab Accreditation Requirements

Software forensics tools are commonly used to copy data from a suspect's disk drive to a(n) ____.
Image file

See: Ch. 6: Current Digital Forensics Tools, Section - Evaluating Digital Forensics Tool Needs

The ____ command displays pages from the online help manual for information on Linux commands and their options.
man

See: Ch. 3: Data Acquisition, Section - Using Acquisition Tools

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
Data recovery

See: Ch. 1: Understanding the Digital Forensics Profession and Investigations, Section - An Overview of Digital Forensics

In general, a criminal case follows three stages: the complaint, the investigation, and the ____.
Prosecution

See: Ch. 1: Understanding the Digital Forensics Profession and Investigations, Section - Preparing a Digital Forensics Investigation

With ____, Macintosh moved to the Intel processor and became UNIX based.
OS X

See: Ch. 7: Linux and Macintosh File Systems, Section - Understanding Macintosh File Structures

____ records are data the system maintains, such as system log files and proxy server logs.
Computer-generated

See: Ch. 4: Processing Crime and Incident Scenes, Section - Identifying Digital Evidence

 

[Asphyxia]

Chapter Summary
Digital forensics applies forensics procedures to digital evidence. This process involves systematically accumulating and analyzing digital information for use as evidence in civil, criminal, and administrative cases. Digital forensics differs from network forensics and data recovery in scope, technique, and objective.

Laws relating to digital evidence were established in the 1970s.

To be a successful digital forensics investigator, you must be familiar with more than one computing platform. To supplement your knowledge, develop and maintain contact with computer, network, and investigative professionals.

Investigators need specialized workstations to examine digital evidence, including additional bays for evidence drives, forensics software, and write blockers.

Public-sector and private-sector investigations differ, in that public-sector investigations typically require a search warrant before seizing digital evidence. The Fourth Amendment to the U.S. Constitution and similar legislation in other countries apply to government search and seizure. During public-sector investigations, you search for evidence to support criminal allegations. During private-sector investigations, you search for evidence to support allegations of policy violations, abuse of assets, and, in some cases, criminal complaints.

Warning banners should be used to remind employees and visitors of company policy on computer, e-mail, and Internet use.

Companies should define and limit the number of authorized requesters who can start an investigation.

Digital forensics investigators must maintain professional conduct to protect their credibility.

Always use a systematic approach to your investigations. Follow the checklist in this chapter as a guideline for your case.

When planning a case, take into account the nature of the case, instructions from the requester, what additional tools and expertise you might need, and how you will acquire the evidence.

Criminal cases and company-policy violations should be handled in much the same manner to ensure that quality evidence is presented. Both criminal cases and company-policy violations can go to court.

When you begin a case, there might be unanticipated challenges that weren’t obvious when applying a systematic approach to your investigation plan. For all investigations, you need to plan for contingencies for any unexpected problems you might encounter.

You should create a standard evidence custody form to track the chain of custody of evidence for your case. There are two types of forms: a multi-evidence form and a single-evidence form.

Internet abuse investigations require examining server log data.

For attorney-client privilege cases, all written communication should have a header label stating that it’s privileged communication and a confidential work product.

A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the duplicate, whenever possible, when analyzing evidence.

Always maintain a journal to keep notes on exactly what you did when handling evidence.

You should always critique your own work to determine what improvements you made during each case, what could have been done differently, and how to apply those lessons to future cases.

Now I am done today lol

 

[Jackbox]

More bullsh**:

Which of the following types of files can provide useful information when you're examining an e-mail server?
.log files

After examining e-mail headers to find an e-mail's originating address, investigators use forward lookups to track an e-mail to a suspect.
true

What information is not in an e-mail header?
Blind copy (bcc) addresses

To trace an IP address in an e-mail header, what type of lookup service can you use?
A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net

When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do?
Restore the e-mail server from a backup.

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations.
True

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?
Both a and c

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator?
Both a and c

Phishing does which of the following?
Lures users with false promises

What's the main piece of information you look for in an e-mail message you're investigating?
Originating e-mail domain or IP address

On a UNIX-like system, which file specifies where to save different types of e-mail log files?
syslog.conf

In Microsoft Outlook, e-mails are typically stored in which of the following?
.pst and .ost files

Sendmail uses which file for instructions on processing an e-mail message?
sendmail.cf

A forensic linguist can determine an author's gender by analyzing chat logs and social media communications.
False

Logging options on e-mail servers can be which of the following?
c: Configured to a specified size before being overwritten

When you access your e-mail, what type of computer architecture are you using?
Client/server

E-mail accessed with a Web browser leaves files in temporary folders.
True

Router logs can be used to verify what types of e-mail data?
Tracking flows through e-mail server ports

E-mail headers contain which of the following information?
All of the above

Which of the following is a current formatting standard for e-mail?
MIME

You can view e-mail headers in Notepad with all popular e-mail clients.
False

 

[Jackbox]

Which of the following mobile generations that is widely available as of 2012 offers the fastest data speed?
4G

What is used to store a user's mobile phone data?
SIM

What type of technology is used by devices that wirelessly transmit data at close range?
Bluetooth

What item would you use to identify the user of a cellular network?
IMSI

Choose the item that is used to define the content of the cell broadcast message.
CBMI

 

[white12]

I am done too