-Securing the scene: safety of all individuals, restricting unauthorized people from entering, prevent contamination
-Separating the witnesses: prevent collusion
-Scanning the scene: decide where photos need to be taken, primary vs secondary crime scene
-Seeing the scene: photos given to examiner
-Sketching the scene: position of remains and evidence
-Searching for evidence: flashlights or black lights
used, radar, thermal imaging (using 4 crime scene patterns), photographed, sketched, labeled, and documented
-Securing and collecting evidence: packaged, sealed, and labeled (paper bindle)
a. Police did not properly secure the scene, the father, John, picked up the dead body, he wrapped the body in a blanket, possibly contaminating the body, the house and scene was cleaned by the mom, random people were coming into the scene), and the parents didn't want
to talk to authorities
b. the ransom note was too long, the note was rewritten, the note had exact amount of dad's bonus, Dad knew the exact location of body, fibers on mom's coat were on body
Terms in this set (100)
Evidence can be found anywhere and everywhere. Some additional sources may include keyboard, mouse, touchpad, CD-ROM/DVD drive, laptop case, scanner lids, mobile device cradle (especially its buttons and switches), keyboard-video-monitor (KVM) switches, game controller, media storage units (CD/DVDs, tape, floppy cases, and drawers), and much more. Even a keyboard, mouse, or touchpad can provide evidence that a particular user must have touched a specific computer (although such devices, being without RAM or other storage, cannot usually provide more information than that).
Several tools are available to image data in the memory of cell phones, such as Device Seizure from Paraben, Palm dd (pdd) (for Palm OS), BitPim (for use with CDMA phones), Oxygen Forensic Suite 2010 (for use with cell phones, smartphones, and PDAs), Mobilyze (for use with iPhones, iPod Touch, and iPad devices), and Zdziarski's Forensics Guide for the iPhone.
Financial gain, anger or revenge, power, addiction, boredom, thrill-seeking, intellectual gain, recognition, sexual impulses, curiosity, and psychiatric illness.
Under Federal Rule of Civil Procedure 30(b)(6), a forensic investigator may be asked to provide information on such things as: quality and locations of computers in use, operating systems and application software installed and dates of use, file-naming conventions and what directories data is saved to, backup disk or tape inventories and schedules, computer use policies, identities of current and former employees responsible for systems operations, e-mail with dates, times, and attachments, Word documents, tables, graphs, and database files, and Internet bookmarks, cookies, and history logs.
Sets found in the same folder
Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only ₩37,125/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set (25)
Computer Forensics
The extraction of data from a electronic devices in a consistent, scientific manner.
The objective of computer forensics
To recover, analyze, and present computer-based material in such a way that it can be used as evidence in a court of law.
The Seven Domains of a Typical IT Infrastructure
1) User Domain
2) Workstation Domain
3) LAN Domain
4) LAN-to-WAN Domain
5) WAN Domain (Wide Area Network)
6) Remote Access Domain
7) System/Application Domain
User Domain
People
Workstation Domain
Work Computers
LAN Domain
Server, Hub
LAN-to-WAN Domain
Router, Firewall
Remote Access Domain
Internet
WAN Domain
Cloud
System/Application Domain
Firewall, Mainframe, Application and Web Servers
Expert Report
A formal document that lists what tests you conducted, what you found, and your conclusions. It also contains your curriculum vitae
Curriculum Vitae (CV)
Like a resume, only much more thorough and specific to your work experience as a forensic investigator
Expert Testimony
Your testimony. Will be given in either a deposition or a trial
Digital Evidence
Information that has been processed and assembled so that it is relevant to an investigation and supports a specific finding or determination
Chain of Custody
The continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court
Courts deal with four types of evidence
1) Real Evidence
2) Documentary Evidence
3) Testimonial Evidence
4)
Demonstrative Evidence
Real Evidence
A physical object that somebody can touch or observe
(Ex: a laptop with a suspect's fingerprints on the keyboard, a hard drive, a USB drive, or a handwritten note)
Documentary Evidence
Data stored as written matter, on paper or electronic files
(Ex: Email messages, logs, databases, photographs, and telephone call-detail records)
Testimonial Evidence
Information that forensic specialists use to support or interpret real or documentary evidence
(Ex: <this> may be employed to demonstrate in the form of system access controls that might show that a particular user stored specific photographs on a desktop)
Demonstrative Evidence
Information that helps explain other evidence
(Ex: A chart that explains a technical concept to the judge and jury.
Metadata
Data about information
(Ex: Disk partition structures and file tables)
ipconfig(Windows)/ifconfig(Linux/UNIX)
Command.
Gives you information about your connection to a network or to the internet (including your IP address)
ping
Command.
Used to send a test packet (or echo packet) to a machine to find out if the machine is reachable and how long the packet takes to reach the machine
tracert(Windows)/traceroute(Linus/UNIX)
Command.
Useful for live network troubleshooting, but not useful or trustworthy for forensic examination
Obscurred Information
Information scrambled by encryption, hidden using steganographic software, compressed, or in a proprietary format
Sets with similar termsChapter 8: Digital Forensics and Incident Response
23 terms
huthatis
Chapter 1: Understanding the Digital Forensics Pro…
48 terms
Katlin_Jones4
CHFI Module 2
49 terms
blakegrover
CF 106 Terminology Ch. 1
37 terms
Danilynne
Sets found in the same folderComputer forensics - Chapter 1
36 terms
Kciardiello
Computer Forensics Chapter 11
43 terms
chelsey_cantrell
Computer Forensics Chapter 12
61 terms
chelsey_cantrell
Computer Forensics Chapter 1
56 terms
julie_tran10
Other sets by this creatorCYBR 7050 Final Exam
354 terms
Doolittle0455
Chapter 12
79 terms
Doolittle0455
Chapter 11
25 terms
Doolittle0455
Chapter 10
57 terms
Doolittle0455
Other Quizlet setseconomic systems Marketing AJJ
28 terms
ljeffaresPLUS
oral mucosa
58 terms
stpotterdent
Philosophy Chapter 2
23 terms
AdrianPar
Math vocab
10 terms
e490ejk21
Related questionsQUESTION
What are the two ways that someone learns how to write?
2 answers
QUESTION
What mini-registration task require the user to possess an ampersand & fileman access code?
2 answers
QUESTION
THE UNLAWFUL TAKING OF PERSONAL PROPERTY FROM THE PERSON OF ANOTHER, OR IN HIS PRESENCE, AGAINST HIS WILL, BY MEANS OF FORCE OR VIOLENCE OR FEAR OF INJURY IMMEDIATE OR FUTURE.
5 answers
QUESTION
A search conducted pursuant to a search warrant must be limited in scope to what the warrant specifies.
2 answers