.png){kind=logo}
Guide to Computer Forensics and Investigations, 6e, 9781337568944 Ch. 1 Solutions-1
Review Questions
- Digital forensics and data recovery refer to the same activities. True or False?
- Police in the United States must use procedures that adhere to which of the following?
- Fourth Amendment
- The triad of computing security includes which of the following?
- Vulnerability/threat assessment, intrusion detection and incident response, and digital investigation
- What’s the purpose of maintaining a network of digital forensics specialists?
- Policies can address rules for which of the following?
- Any of the above
- List two items that should appear on a warning banner.
- Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.
- List two types of digital investigations typically conducted in a business environment.
- What is professional conduct, and why is it important?
- What’s the purpose of an affidavit?
- What are the necessary components of a search warrant?
- What are some ways to determine the resources needed for an investigation?
- List three items that should be on an evidence custody form.
False
To develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation.
Statements that the organization has the right to monitor what users do, that their e-mail is not personal, and so on
True or False?False
Fraud, embezzlement, insider trading, espionage, and e-mail harassment
Professional conduct includes ethics, morals, and standards of behavior. It affects a professional’s credibility.
To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
A search warrant must specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth—and include any supporting materials (affidavits and exhibits, for example). In addition, a search warrant must be signed by an impartial judicial officer. In many cases, a search warrant can limit the scope of what can be seized.
Determine the OS of the suspect computer and list the software needed for the examination.
Answers include case number, name of the investigator assigned to the case, nature of the case, location where evidence was obtained, description of the evidence, and so on.Chapter 1 (Guide to Computer Forensics and Investigations, 6e Bill Nelson, Amelia Phillips, Christopher Steuart) (Solution Manual, For Complete File, Download link at the end of this File) 1 / 4
Guide to Computer Forensics and Investigations, 6e, 9781337568944 Ch. 1 Solutions-2
- Why should you do a standard risk assessment to prepare for an investigation?
- You should always prove the allegations made by the person who hired you. True or False?
- For digital evidence, an evidence bag is typically made of antistatic material. True or False?
- Why should evidence media be write-protected?
- List three items that should be in your case report.
- Why should you critique your case after it’s finished?
- What do you call a list of people who have had physical possession of the evidence?
- Data collected before an attorney issues a memo for an attorney-client privilege case is
To list problems that might happen when conducting an investigation, which can help in planning your case
False
True
To make sure data isn’t altered
Answers can include an explanation of basic computer and network processes, a narrative of what steps you took, a description of your findings, and log files generated from your analysis tools.
To improve your work
Chain of custody
protected under the confidential work product rule. True or False?False. All data collected before an attorney issues notice of attorney-client privilege is subject to discovery by opposing counsel.Hands-On Projects Hands-On Project 1-1 Students should be able to find two files of interest to this case. The first file, in Autopsy’s Documents folder, is a text message pleading for help. The second file, in Autopsy’s Plain Text folder, is an Excel spreadsheet containing the victim’s assets and their values. Students’ reports should include basic information about each file found on the USB drive.Hands-On Project 1-2 Students should be able to find eight message files and one LibreOffice Calc spreadsheet. They should create a spreadsheet listing information about these files with Autopsy’s report generator. They should also submit a short report listing the files they found in the disk image and include the Autopsy spreadsheet.Hands-On Project 1-3 Students should be able to find three files showing a sailboat and sections of a sailboat and create an HTML
Web report with links to the sailboat files, which are as follows:
/img_C1Prj03.E01/Pictures/Boat Building/PICT0010.JPG
2006-04-13 21:16:26 PDT 2 / 4
Guide to Computer Forensics and Investigations, 6e, 9781337568944 Ch. 1 Solutions-3
0000-00-00 00:00:00
2006-07-30 00:00:00 PDT
2006-07-30 18:04:43 PDT
415407
bdd77bb8089f147d16fb4fd11039e951
/img_C1Prj03.E01/Pictures/Boat Building/PICT0012.JPG
2006-04-13 21:16:42 PDT
0000-00-00 00:00:00
2006-07-30 00:00:00 PDT
2006-07-30 18:04:44 PDT
230593
fb6613de0ece7b5ca0e0ef7f520f2294
/img_C1Prj03.E01/Pictures/Boat Building/Boat Building/PICT0019.JPG
2006-04-14 19:15:32 PDT
0000-00-00 00:00:00
2006-07-30 00:00:00 PDT
2006-07-30 18:04:52 PDT
62676 5bf706c6309a71355a74260d1071186c Hands-On Project 1-4 Student should be able to find and export two allocated files from the Images subfolder and four allocated
files from the Office subfolder. The files are as follows:
6-Lin_tomb.jpg 16-Gettysbg.jpg 18-magnaCt.doc 19-USConst.doc 20-USDeclar.doc 22-Botany.doc Hands-On Project 1-5 Students should be able to find the deleted files in the Deleted Files subfolder, tag all deleted files, and
generate a spreadsheet listing the following files:
/img_C1Prj04.E01/Gettysburg.jpg /img_C1Prj04.E01/THE DECLARATION OF INDEPEND ENCE.doc /img_C1Prj04.E01/Amendments to the Constitution.doc /img_C1Prj04.E01/$CarvedFiles/f0000037.doc /img_C1Prj04.E01/Lincoln.jpg /img_C1Prj04.E01/Magna Carta.doc /img_C1Prj04.E01/USAmmend.doc /img_C1Prj04.E01/THE UNITED STATES CONSTITUTION.doc /img_C1Prj04.E01/$CarvedFiles/f0000000.jpg Hands-On Project 1-6 Students should be able to find four files and one unallocated area containing the keyword search results.When examining the unallocated area for the keyword Horatio, Autopsy’s Content Viewer defaults to the Media tab and displays a photograph of artwork for the path 3 / 4
Guide to Computer Forensics and Investigations, 6e, 9781337568944 Ch. 1 Solutions-4 /img_C1Prj06.E01//$Unalloc/Unalloc_19_29696_1474560. The keyword Horatio isn’t visiblein the Media tab. To see this keyword, students need to switch to the Indexed Text tab. In addition, this file’s content is visible only in the following path in the tree view: Results, Keyword Hits, Single Literal Keyword Search,
HORATIO.
Students’ reports should contain the following information:
Keyword: ANTONIO
Path & Filename: /img_C1Prj06.E01/The Merchant of Venice.doc
Modified date: 2004-06-23 21:25:20 PDT Create date: 2004-06-23 22:40:23 PDT
File size: 72704
Keyword: HORATIO
Path & Filename: /img_C1Prj06.E01//$Unalloc/Unalloc_19_29696_1474 560
Modified date: 0000-00-00 00:00:00 Create date: 0000-00-00 00:00:00
File size: 1019392
Keyword: HORATIO
Path & Filename: /img_C1Prj06.E01/$CarvedFiles/f0000068.doc
Modified date: 0000-00-00 00:00:00 Create date: 0000-00-00 00:00:00
File size: 90112
Keyword: HORATIO
Path & Filename: /img_C1Prj06.E01/The Tragedy of Hamlet.doc
Modified date: 2004-06-23 21:26:16 PDT Create date: 2004-06-23 22:40:33 PDT
File size: 90112
Keyword: HUGH EVANS
Path & Filename: /img_C1Prj06.E01/The Merry Wives of Windsor.doc
Modified date: 2004-06-23 21:24:40 PDT Create date: 2004-06-23 22:40:27 PDT
File size: 164352
Case Projects Case Project 1-1 Students need to do an assessment of what the case involves. What is the nature of the case? What challenges do they expect to encounter, and how much time do they think the investigation will take?Case Project 1-2 Most likely, Jonathan needs his computer to do other things in his business. Students need to acquire an image (preferably two) of the drive. Also, they should look around for clues of other storage media, and then go back to the lab and analyze the image. They should get as much detail as possible about the company and the other person.Case Project 1-3
- / 4
.png)