Digital Forensics in Cybersecurity - D431 Exam Questions And Answers. Verified and Updated
5 views 0 purchase
Course
WGU D431
Institution
WGU D431
Digital Forensics in Cybersecurity - D431
Exam Questions And Answers. Verified and
Updated
Forensics - answerthe use of science and technology to investigate and establish facts in
criminal or civil courts of law
computer forensics - answeris considered to be the use of analytical and investig...
EXAM STUDY MATERIALS July 24, 2024 1:33:58 PM Digital Forensic s in Cybersecurity - D431 Exam Questions And Answers. Verified and Updated Forensics - answer✔✔the use of science and technology to investigate and establish facts in criminal or civil courts of law computer forensics - answer✔✔is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded. Collecting data - answer✔✔Before you can do any forensic analysis or examination, you have to gather the evidence. There are very specific procedures for properly gather evidence. Analyzing - answer✔✔is one of the most time -consuming parts of a forensic in vestigation, and it can be the most challenging. It is solving a complex puzzle —putting together the data you have and finding out what sort of picture is revealed. Presenting - answer✔✔Once you have finished your investigation, done your analysis, and obeyed all the rules and guidelines, you still need to display the data. Expert Report - answer✔✔is a formal document that lists what tests you conducted, what you found, and your conclusions. curriculum vitae (CV) - answer✔✔is like a r ésumé, only much more t horough and specific to your work experience as a forensic investigator. Expert Testimony - answer✔✔you will testify as an expert witness —that is, on the basis of scientific or technical knowledge you have that is relevant to a case, rather than on the bas is of direct personal experience. Rule 703: Bases of an expert - answer✔✔RULE: An expert may base an opinion on facts or data in the case that the expert has been made aware of or personally observed. If experts in the particular field would reasonably rel y on those kinds of facts or data in forming an opinion on the subject, they need not be admissible for the opinion to be admitted. But if the facts or data would otherwise be inadmissible, the proponent of the opinion may disclose them to the jury only if their probative value in helping the jury evaluate the opinion substantially outweighs their prejudicial effect. EXAM STUDY MATERIALS July 24, 2024 1:33:58 PM Rule 704: Opinion on ultimate issue - answer✔✔RULE: an expert witness can, in many cases, offer an opinion as to the ultimate issue in a case. Rule 705: Disclosing the facts or data underlying an expert - answer✔✔RULE: Unless the court orders otherwise, an expert may state an opinion —and give the reasons for it —without first testifying to the underlying facts or data. Rule 706: Court -appointed e xpert witness - answer✔✔This rule covers the appointment of neutral experts used to advise the court. Such experts are working for neither the plaintiff nor the defendant; they work for the court. Rule 401: Test for relevant evidence - answer✔✔RULE: Eviden ce is relevant if (a) it has any tendency to make a fact more or less probable than it would be without the evidence and (b) the fact is of consequence in determining the action. Digital Evidence - answer✔✔is information that has been processed and assembl ed so that it is relevant to an investigation and supports a specific finding or determination. chain of custody - answer✔✔is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered. Real evidence - answer✔✔is a physical object that someone can touch, hold, or directly observe Documentary Evidence - answer✔✔evidence is data stored as written matter, on paper, or in electron ic files. Testimonial evidence - answer✔✔is information that forensic specialists use to support or interpret real or documentary evidence. demonstrative evidence - answer✔✔evidence is information that helps explain other evidence —
any other evidence Distri buted Crime Scenes - answer✔✔networks are geographically dispersed, crime scenes may also be geographically dispersed. This creates practical as well as jurisdictional problems. Disk forensics - answer✔✔is the process of acquiring and analyzing information stored on physical storage media, such as computer hard drives, smartphones, GPS systems, and removable media. Email forensics - answer✔✔is the study of the source and content of email as evidence. Network forensics - answer✔✔is the process of examining n etwork traffic, including transaction logs and real -time monitoring using sniffers and tracing. EXAM STUDY MATERIALS July 24, 2024 1:33:58 PM Internet forensics - answer✔✔is the process of piecing together where and when a user has been on the internet Software forensics - answer✔✔also known as malwar e forensics, is the process of examining malicious computer code. Live system forensics - answer✔✔the process of searching memory in real time, typically for working with compromised hosts or to identify system abuse. cell-phone forensics - answer✔✔is the process of searching the contents of cell phones. Chain of Custody Don't Touch the Suspect Drive Document Trail Secure the Evidence - answer✔✔General Guidelines for forensics work Don't Touch the Suspect Drive - answer✔✔One very important principle is to touch the system as little as possible. Document Trail - answer✔✔The rule is that you document everything. Secure the Evidence - answer✔✔It is absolutely critical to the integrity o f your investigation as well as to maintaining the chain of custody that you secure the evidence volatile memory - answer✔✔stores the programs and data you currently have open, but only for as long as the computer has power supplied to it. Extended data ou t dynamic random access memory (EDO DRAM) - answer✔✔Single cycle EDO has the ability to carry out a complete memory transaction in one clock cycle Burst EDO (BEDO) DRAM - answer✔✔An evolution of the EDO, burst EDO DRAM can process four memory addresses in one burst. Asynchronous dynamic random access memory (ADRAM) - answer✔✔is not synchronized to the CPU clock Synchronous dynamic random access memory (SDRAM) - answer✔✔is a replacement for EDO. Double data rate (DDR) SDRAM - answer✔✔a later development of S DRAM DDR2, DDR3, and DDR4, DDR 5 are now available. Programmable read -only memory (PROM) - answer✔✔PROM can be programmed only once. Data is not lost when power is removed.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Thebright. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
