Exam (elaborations)
WGU C840 DIGITAL FORENSICS STUDY GUIDE
- Course
- Institution
WGU C840 DIGITAL FORENSICS STUDY GUIDE
[Show more]
Content preview
WGU C840 DIGITAL FORENSICS STUDY GUIDEexpert report - Answers -A formal document prepared by a forensics specialist to
document an investigation, including a list of all tests conducted as well as the
specialist's own curriculum vitae (CV). Anything the specialist plans to testify about at a
trial must be included in the expert report.
Testimonial evidence - Answers -Information that forensic specialists use to support or
interpret real or documentary evidence; for example, to demonstrate that the fingerprints
found on a keyboard are those of a specific individual.
What is the starting point for investigating the denial of service attacks? - Answers -
Tracing the packets
China Eagle Union - Answers -The cyberterrorism group, the China Eagle Union,
consists of several thousand Chinese hackers whose stated goal is to infiltrate Western
computer systems. Members and leaders of the group insist that not only does the
Chinese government have no involvement in their activities, but that they are breaking
Chinese law and are in constant danger of arrest and imprisonment. However, most
analysts believe this group is working with the full knowledge and support of the
Chinese government.
Rules of evidence - Answers -Rules that govern whether, when, how, and why proof of
a legal case can be placed before a judge or jury.
file slack - Answers -The unused space between the logical end of the file and the
physical end of the file. It is also called slack space.
The Analysis Plan - Answers -Before forensic examination can begin, an analysis plan
should be created. This plan guides work in the analysis process. How will you gather
evidence? Are there concerns about evidence being changed or destroyed? What tools
are most appropriate for this specific investigation? A standard data analysis plan
should be created and customized for specific situations and circumstances.
What is the most important reason that you not touch the actual original evidence any
more than you have to? - Answers -Each time you touch digital data, there is some
chance of altering it.
You should make at least two bitstream copies of a suspect drive. - Answers -TRUE
To preserve digital evidence, an investigator should - Answers -make two copies of
each evidence item using different imaging tools
What would be the primary reason for you to recommend for or against making a DOS
Copy - Answers -A simple DOS copy will not include deleted files, file slack, and other
information.
,Which starting-point forensic certification covers the general principles and techniques
of forensics, but not specific tools such as EnCase or FTK? - Answers -(CHFI) EC
Council Certified Hacking Forensic Investigator
This forensic certification is open to both the public and private sectors and is specific to
the use and mastery of FTK. Requirements for taking the exam include completing the
boot camp and Windows forensic courses. - Answers -AccessData Certified Examiner.
AccessData is the creator of Forensic Toolkit (FTK) software.
Federal Rules of Evidence (FRE) - Answers -The Federal Rules of Evidence (FRE) is a
code of evidence law. The FRE governs the admission of facts by which parties in the
U.S. federal court system may prove their cases. The rules of evidence, encompasses
the rules and legal principles that govern the proof of facts in a legal proceeding. These
rules determine what evidence must or must not be considered by the trier of fact in
reaching its decision
The DoD Cyber Crime Center (DC3) - Answers -DC3 is involved with DoD
investigations that require computer forensics support to detect, enhance, or recover
digital media. DC3 provides computer investigation training. It trains forensic examiners,
investigators, system administrators, and others. It also ensures that defense
information systems are secure from unauthorized use, criminal and fraudulent
activities, and foreign intelligence service exploitation. DC3 ets standards for digital
evidence processing, analysis, and diagnostics.
Expert testimony - Answers -Expert testimony involves the authentication of evidence-
based upon scientific or technical knowledge relevant to cases. Forensic examiners are
often called upon to authenticate evidence between given specimens and other items.
Forensic specialists should not undertake an examination that is beyond their
knowledge and skill.
temporary data - Answers -Data that an operating system creates and overwrites
without the computer user taking direct action to save this data.
Daubert standard - Answers -The standard holding that only methods and tools widely
accepted in the scientific community can be used in court.
If the computer is turned on when you arrive, what does the Secret Service recommend
you do? - Answers -Shut down according to the recommended Secret Service
procedure.
Communications Assistance to Law Enforcement Act of 1994 - Answers -The
Communications Assistance to Law Enforcement Act of 1994 is a federal wiretap law for
traditional wired telephony. It was expanded to include wireless, voice over packet, and
other forms of electronic communications, including signaling traffic and metadata.
, Digital evidence - Answers -Digital evidence is information processed and assembled so
that it is relevant to an investigation and supports a specific finding or determination.
Federal Privacy Act of 1974 - Answers -The Federal Privacy Act of 1974, a United
States federal law that establishes a code of Fair Information Practice that governs the
collection, maintenance, use, and dissemination of information about individuals that is
maintained in systems of records by U.S. federal agencies.
Power Spy, Verity, ICU, and WorkTime - Answers -Spyware
good fictitious e-mail response rate - Answers -1-3%
Which crime is most likely to leave e-mail evidence? - Answers -Cyberstalking
Where would you seek evidence that ophcrack had been used on a Windows Server
2008 machine? - Answers -In the logs of the server; look for the reboot of the system
A SYN flood is an example of what? - Answers -DoS attack
definition of a virus, in relation to a computer? - Answers -a type of malware that
requires a host program or human help to propagate
Physical analysis - Answers -Offline analysis conducted on an evidence disk or forensic
duplicate after booting from a CD or another system.
Logical analysis - Answers -Analysis involving using the native operating system, on the
evidence disk or a forensic duplicate, to peruse the data.
sweepers - Answers -A kind of software that cleans unallocated space. Also called a
scrubber.
It is acceptable, when you have evidence in a vehicle, to stop for a meal, if the vehicle is
locked. - Answers -FALSE
What Linux command can be used to create a hash? - Answers -MD5sum
EnCase Format - Answers -The EnCase format is a proprietary format that is defined by
Guidance Software for use in its forensic tool to store hard drive images and individual
files. It includes a hash of the file to ensure nothing was changed when it was copied
from the source.
advanced Forensic Format (AFF) - Answers -This file format, abbreviated AFF, has
three variations: AFF, AFM, and AFD. The AFF variation stores all data and metadata in
a single file. The AFM variation stores the data and the metadata in separate files. The
AFD variation stores the data and metadata in multiple small files. The AFF file format is
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GEEKA. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
78462 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now