What you need to know for the D431 OA

What you need to know for the D431 OA 3.6 (5 reviews) Students also studied Terms in this set (71) Social SciencesLaw Criminal Law Save Digital Forensics EXAM 1 117 terms darkprinx2500 Preview D431 Laws 22 terms stevie_kernPreview C840/D431 Digital Forensics - What ...36 terms kim_dilkeyPreview

D333 -

20 terms das Disk ForensicsThe process of acquiring and analyzing information stored on physical storage media, such as computer hard drives, smartphones, GPS systems, and removable media. Includes both the recovery of hidden and deleted information and the process of identifying who created a file or message.

• multiple choice options

Email ForensicsThe study of the source and content of email as evidence, including the identification of the sender, recipient, date, time, and origination location of an email message.

• multiple choice options

Network Forensicsthe process of examining network traffic, including transaction logs and real-time monitoring using sniffers and tracing.

• multiple choice options

Internet Forensicsis the process of piecing together where and when a user has been on the internet. For example, you can use internet forensics to determine whether inappropriate internet content access and downloading were accidental.

• multiple choice options

Software Forensicsalso known as malware forensics, is the process of examining malicious computer code

• multiple choice options

Live system forensicsThe process of searching memory in real time, typically for working with compromised hosts or to identify system abuse.

• multiple choice options

Cell-Phone Forensicsis the process of searching the contents of cell phones. A few years ago, this was just not a big issue, but with the ubiquitous nature of cell phones today, cell- phone forensics is a very important topic. A cell phone can be a treasure trove of evidence. Modern cell phones are essentially computers with processors, memory, even hard drives and operating systems, and they operate on networks. Phone forensics also includes VoIP and traditional phones and may overlap the Foreign Intelligence Surveillance Act of 1978 (FISA), the USA PATRIOT Act, and the Communications Assistance for Law Enforcement Act (CALEA) in the United States.

• multiple choice options

Chain of CustodyFrom the time the evidence is first seized by a law enforcement officer or civilian investigator until the moment it is shown in court, the whereabouts and custody of the evidence, and how it was handled and stored and by whom, must be able to be shown at all times. Failure to maintain the proper chain of custody can lead to evidence being excluded from trial.

• multiple choice options

Don't Touch the Suspect DriveOne very important principle is to touch the system as little as possible. It is possible to make changes to the system in the process of examining it, which is very undesirable. Obviously, you have to interact with the system to investigate it.The answer is to make a forensic copy and work with that copy. You can make a forensic copy with most major forensic tools such as AccessData's Forensic Toolkit, Guidance Software's EnCase, or PassMark's OSForensics. There are also open source software products that allow copying of original source information.To be specific, make a copy and analyze the copy.

• multiple choice options

Document trailThe next issue is documentation. The rule is that you document everything. Who was present when the device was seized? What was connected to the device or showing on the screen when you seized it? What specific tools and techniques did you use? Who had access to the evidence from the time of seizure until the time of trial? All of this must be documented. And when in doubt, err on the side of over-documentation. It really is not possible to document too much information about an investigation.

• multiple choice options

Secure the EvidenceIt is absolutely critical to the integrity of your investigation as well as to maintaining the chain of custody that you secure the evidence. It is common to have the forensic lab be a locked room with access given only to those who must enter. Then, evidence is usually secured in a safe, with access given out only on a need-to-know basis. You have to take every reasonable precaution to ensure that no one can tamper with the evidence.

• multiple choice options

Daubert StandardStandard used by a trial judge to make a preliminary assessment of whether an expert's scientific testimony is based on reasoning or methodology that is scientifically valid and can properly be applied to the facts at issue. Under this standard, the factors that may

be considered in determining whether the methodology is valid are: (1) whether

the theory or technique in question can be and has been tested; (2) whether it has been subjected to peer review and publication; (3) its known or potential error rate; (4) the existence and maintenance of standards controlling its operation; and (5) whether it has attracted widespread acceptance within a relevant scientific community.The Federal Privacy act of 1974establishes a code of information-handling practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by U.S. federal agencies. A system of records is a group of records under the control of an agency from which information is retrieved by the name of the individual or by some identifier assigned to the individual

• multiple choice options

The Privacy Protection Act of 1980protects journalists from being required to turn over to law enforcement any work product and documentary materials, including sources, before it is disseminated to the public. Journalists who most need the protection of the PPA are those who are working on stories that are highly controversial or that describe criminal acts, because the information gathered may also be useful to law enforcement

• multiple choice options

The Communications Assistance to Law Enforcement Act of 1994 (CALEA) federal wiretap law for traditional wired telephony. It was expanded in 2004 to include wireless, voice over packets, and other forms of electronic communications, including signaling traffic and metadata.

• multiple choice options

18 U.S.C. § 2701This act covers access to a facility through which electronic communication is provided or exceeding the access that was authorized. It is broadly written to apply to a range of offenses.Punishment can be up to 5 years in prison and fines for the first offense The Electronic Communications Privacy act of 1986 governs the privacy and disclosure, access, and interception of content and traffic data related to electronic communications The Computer Security Act of 1987The law requires the establishment of minimum acceptable security practices, creation of computer security plans, and training of system users or owners of facilities that house sensitive information

The Foreign Intelligence Surveillance Act of 1978 a law that allows for collection of "foreign intelligence information" between foreign powers and agents of foreign powers using physical and electronic surveillance. A warrant is issued by the FISA court for actions under FISA The Child Protection and Sexual Predator Punishment Act of 1998 requires service providers that become aware of the storage or transmission of child pornography to report it to law enforcement.The Children's Online Privacy Protection Act of 1998 protects children 13 years of age and under from the collection and use of their personal information by websites.The Communications Decency Act of 1996designed to protect persons 18 years of age and under from downloading or viewing material considered indecent. This act has been subject to court cases that subsequently changed some definitions and penalties.The Telecommunications Act of 1996includes many provisions relative to the privacy and disclosure of information in motion through and across telephony and computer networks The Wireless Communications and Public Safety Act of 1999 allows for collection and use of "empty" communications, which means nonverbal and nontext communications, such as GPS information.USA PATRIOT ACTthe primary law under which a wide variety of internet and communications information content and metadata is currently collected The Sarbanes-Oxley Act of 2002contains many provisions about recordkeeping and destruction of electronic records relating to the management and operation of publicly held companies 18 USC 1030 Fraud and Related Activity in Connection with Computers This is one of the most widely used laws in hacking cases. It covers a wide range of crimes involving illicit access of any computer.18 USC 1020This is closely related to 1030 but covers access devices (such as routers).The Digital Millennium Copyright Act (DMCA)This controversial law was enacted in 1998. It makes it a crime to publish methods or techniques to circumvent copyright protection. It is controversial because it has been used against legitimate researchers publishing research papers 18 USC § 1028Athis law targets any crime related to identity theft. It is often applied in stolen credit card cases.18 USC § 2251This law covers a range of child exploitation crimes and is often seen in child pornography cases 18 U.S.C. § 2260Production of sexually explicit depictions of a minor for importation into the United States