100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
CHFI - my WGU notes $19.99   Add to cart

Class notes

CHFI - my WGU notes

 2 views  0 purchase
  • Course
  • Institution

US Federal Rules of Evidence • 101 - Govern proceedings in the US and before UC bankruptcy judges and magistrate judges • 102 - Purpose and construction - the truth may be ascertained and proceedings justly determined • 103 - Ruling on evidence (if error- how to deal with it, if objection ...

[Show more]

Preview 4 out of 77  pages

  • August 13, 2022
  • 77
  • 2022/2023
  • Class notes
  • Professor
  • Chfi - my wgu notes
avatar-seller
CHFI - my WGU notes
US Federal Rules of Evidence - Answer • 101 - Govern proceedings in the US and
before UC bankruptcy judges and magistrate judges
• 102 - Purpose and construction - the truth may be ascertained and proceedings justly
determined
• 103 - Ruling on evidence (if error- how to deal with it, if objection - how to deal with
etc)
• 105 - Limited admissibility - When evidence is admissible or not. When admissible for
one purpose but not another, the court will restrict the evidence to its scope
• Rule 402 - General Admissibility of Relevant Evidence
• Rule 502 - Attorney-Client privilege and work product; Limitations on waiver
• Rule 608 - Evidence of character and conduct of witness
• Rule 609 - Impeachment by evidence of a criminal conviction
• Rule 614 - Calling and interrogation of witnesses by court
• Rule 701 - Opinion testimony by lay witnesses
• Rule 705 - Disclosure of facts or data underlying expert opinion
• 801 - 804 Hearsay - Relaying to something 3rd party stated
• Rule 901 - Authenticating or Identifying Evidence
• 1001 - Definitions
• 1002 Requirement of original
• 1003 - Admissibility of Duplicates
• 1004 - Admissibility of other evidence of content

SWGDE - Answer Based on the SWGDE work to create the set of standards for
gathering of digital evidence.
• Criteria 1.1 - All agencies that seize and/or examine digital evidence must maintain an
appropriate SOP document
• Criteria 1.2 - Agency management must review the SOPs annually
• Criteria 1.3 - Procedures used must be generally accepted in the field
• Criteria 1.4 - The agency must maintain written copies of appropriate technical
procedures
• Criteria 1.5 - The agency must use hardware and software that is appropriate and
effective
• Criteria 1.6 - All activities must be recorded in writing and be available for review and
testimony
• Criteria 1.7 - Any action that has the potential to alter, damage, or destroy any aspect
of original evidence must be performed by qualified persons in a forensically sound
manner

Cloud Crime - Answer *Cloud as a subject It refers to a crime in which the attackers try
to compromise the security of a cloud environment to steal data or inject a malware. Ex:
Identity theft of cloud user's accounts, unauthorized modification or deletion of data
stored in the Cloud, installation of malware on the cloud, etc.

,*Cloud as an object when the attacker uses the cloud to commit a crime targeted
towards the CSP. The main aim of the attacker is to impact cloud service provider. Ex:
DDoS attacks that can bring the whole cloud down.
*Cloud as a tool when the attacker uses one compromised cloud account to attack other
accounts. In such cases, both the source and target cloud can store the evidence data.

Rule 101 - Answer Govern proceedings in the courts of the U.S. and before U.S.
bankruptcy judges and the U.S. magistrate judges, to the extent and with the exceptions
stated in rule 1101

Purpose and construction

law of evidence to the end that the truth may be ascertained and proceedings justly
determined - Answer Rule 102

Rule 103 - Answer Rulings on evidence

Rule 105 - Answer Limited Admissibility
When evidence is admissible or not and under what conditions 2. When evidence is
admissible for one purpose but not another, the court will restrict the evidence to its
scope

Rule 1001 - Answer Definitions
Consist of letters, words, or numbers, or their equivalent, set down by handwriting,
typewriting, printing, photostating, photographing, magnetic impulse, mechanical or
electric recording, or other forms of data

The UEFI boot process has five phases and each phase has its own role. These five
phases are: - Answer SEC (Security) Phase This phase of EFI consists of initialization
code that the system executes after powering the EFI system on. It manages platform
reset events and sets the system so that it can find, validate, install, and run the PEI.

PEI (Pre-EFI Initialization) Phase The PEI phase initializes the CPU, temporary
memory, and boot firmware volume (BFV). It locates and executes the Pre Initialization
chapters (PEIMs) present in the BFV so as to initialize all the found hardware in the
system. Finally, it creates a Hand-Off Block List with all found resources interface
descriptors and passes it to the next phase i.e. the DXE phase.

DXE (Driver Execution Environment) Phase Most of the initialization happens in this
phase. Using the Hand-Off Block List (HOBL), it initializes the entire system physical
memory, I/O, and MIMO (Memory Mapped Input Output) resources and finally begins
dispatching DXE Drivers present in the system Firmware Volumes (given in the HOBL).
The DXE core produces a set of EFI Boot Services and EFI Runtime Services. The EFI
Boot Services provided are allocating memory and loading executable images. The EFI
Runtime services provided are converting memory addresses from physical to virtual

,while handing over to the kernel, and resetting the CPU, to code running within the EFI
environment or within the OS kernel once the CPU takes the control of the system.

BDS (Boot Device Selection) Phase In this phase, the BDS interprets the boot
configuration data and selects the Boot Policy for later implementation. This phase
works with the DXE to check if the device drivers require signature verification. In this
phase, the system loads MBR boot code into memory for Legacy BIOS Boot or loads
the Bootloader program from the EFI partition for UEFI Boot. It also provides an option
for the user to choose EFI Shell or an UEFI application as the Boot Device from the
Setup.

RT (Run Time) Phase At this point, the system clears the UEFI program from memory
and transfers it to the OS. During UEFI BIOS update the OS calls the run time service
using a small part of the memory.

SEC - Answer SEC (Security) Phase This phase of EFI consists of initialization code
that the system executes after powering the EFI system on. It manages platform reset
events and sets the system so that it can find, validate, install, and run the PEI.

PEI - Answer (Pre-EFI Initialization) Phase The PEI phase initializes the CPU,
temporary memory, and boot firmware volume (BFV). It locates and executes the Pre
Initialization chapters (PEIMs) present in the BFV so as to initialize all the found
hardware in the system. Finally, it creates a Hand-Off Block List with all found resources
interface descriptors and passes it to the next phase i.e. the DXE phase.

DXE - Answer (Driver Execution Environment) Phase Most of the initialization happens
in this phase. Using the Hand-Off Block List (HOBL), it initializes the entire system
physical memory, I/O, and MIMO (Memory Mapped Input Output) resources and finally
begins dispatching DXE Drivers present in the system Firmware Volumes (given in the
HOBL). The DXE core produces a set of EFI Boot Services and EFI Runtime Services.
The EFI Boot Services provided are allocating memory and loading executable images.
The EFI Runtime services provided are converting memory addresses from physical to
virtual while handing over to the kernel, and resetting the CPU, to code running within
the EFI environment or within the OS kernel once the CPU takes the control of the
system.

BDS (Boot Device Selection) - Answer Phase In this phase, the BDS interprets the boot
configuration data and selects the Boot Policy for later implementation. This phase
works with the DXE to check if the device drivers require signature verification. In this
phase, the system loads MBR boot code into memory for Legacy BIOS Boot or loads
the Bootloader program from the EFI partition for UEFI Boot. It also provides an option
for the user to choose EFI Shell or an UEFI application as the Boot Device from the
Setup.

, RT (Run Time) - Answer Phase At this point, the system clears the UEFI program from
memory and transfers it to the OS. During UEFI BIOS update the OS calls the run time
service using a small part of the memory.

Superblock holds the following information: - Answer Magic Number: It allows the
mounting software to verify the Superblock for the EXT2 file system. For the present
EXT2 version, it is 0xEF53. •

Revision Level: The major and minor revision levels allow the mounting code to
determine whether or not this file system supports features that are only available in
particular revisions of the file system. There are also feature compatibility fields that
help the mounting code to determine which new features can safely be used on this file
system. •

Mount Count and Maximum Mount Count: Together these allow the system to
determine if it needs to fully check the file system. The mount count increments each
time the system mounts the file system and displays the warning message of "maximal
mount count reached, running e2fsck is recommended'' when it equals the maximum
mount count

GUID Partition Table (GPT) - Answer LBA0 - stores the protective MBR
LBA1- contains the GPT header
LBA2- GPT header comprises a pointer partition table or Partition Array at LBA2
LBA34 - the first usable sector

Sending Email using the following machine reliable language - Answer ASCI

UNICODE - Answer Microsoft Work, Java, XML and .Net

Power Point Format - Answer PPT- Power Point Format

EaseUS Data Recovery Wizard - Answer EaseUS Data Recovery Wizard software is
used to do format recovery and unformat and recover deleted files emptied from the
Recycle Bin or data lost due to partition loss or damage, software crash, virus infection,
unexpected shutdown, or any other unknown reasons under Windows 10, 8, 7,
2000/XP/Vista/2003/2008 R2 SP1/Windows 7 SP1. This software supports hardware
RAID and hard drive, USB drive, SD card, memory card

Recover My Files - Answer data recovery software recovers deleted files emptied from
the Windows Recycle Bin and files lost due to the format or corruption of a hard drive,
virus or Trojan infection, and unexpected system shutdown or software failure
• Recovers files even if emptied from the Recycle Bin data
• Recovers files after accidental format, even after Windows is reinstalled
• Performs disk recovery after a hard disk crash • Recovers files after a partitioning
error
• Recovers data from RAW hard drives

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller EvaTee. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $19.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$19.99
  • (0)
  Add to cart