ICT378 Sample Exam Questions
Hot topics for long answer questions:
COC(chain of custody) ,
Chain of Custody refers to the logical sequence that records the sequence of custody,
control, transfer, analysis and disposition of physical or electronic evidence in legal cases.
Each step in the chain is essential as if broke, the evidence may be rendered inadmissible.
Thus we can say that preserving the chain of custody is about following the correct and
consistent procedure and hence ensuring the quality of evidence.
Chain of Custody Process:
In order to preserve digital evidence, the chain of custody should span from the first step of
data collection to examination, analysis, reporting, and the time of presentation to the
Courts. This is very important to avoid the possibility of any suggestion that the evidence has
been compromised in any way.
m
1. Data Collection: This is where chain of custody process is initiated. It
er as
involves identification, labeling, recording, and the acquisition of data from all
co
the possible relevant sources that preserve the integrity of the data and
eH w
evidence collected.
o.
2. Examination: During this process, the chain of custody information is
rs e
documented outlining the forensic process undertaken. It is important to capture
ou urc
screenshots throughout the process to show the tasks that are completed and
the evidence uncovered.
3. Analysis: This stage is the result of the examination stage. In the Analysis
o
stage, legally justifiable methods and techniques are used to derive useful
information to address questions posed in the particular case.
aC s
4. Reporting: This is the documentation phase of the Examination and Analysis
v i y re
stage. Reporting includes the following:
Statement regarding Chain of Custody.
Explanation of the various tools used.
ed d
A description of the analysis of various data sources.
ar stu
Issues identified.
Vulnerabilities identified.
Recommendation for additional forensics measures that can be taken.
sh is
Stenography
Th
Steganography is an encryption technique that can be used along with cryptography as an extra-
secure method in which to protect data. Steganography techniques can be applied to images, a
video file or an audio file
5 Steps for conducting forensics investigations
Policy and Procedure Development, Evidence Assessment, Evidence Acquisition, Evidence
Examination, Documenting and Reporting.
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 01:35:28 GMT -05:00
https://www.coursehero.com/file/74928839/ICT378-Sample-Exam-Questionsdocx/
, You get a call from a high school student named Marco who claims he has just received an email
from another student threatening to commit suicide. Marco isn’t sure where the student sent the e-
mail from.
a) Given that this is a time-sensitive matter, how would you proceed to learn more about this
Email?
b) Describe some of the kinds of information that your analysis may uncover, that would not
normally be in plain view in a regular email client
Data Acquisition
a) Discuss one advantage and one disadvantage of the raw format?
b) With remote acquisitions, what problems should you be aware of?
c) Compare and contrast the terms BITSTREAM COPY and FILE BACKUP COPY.
Bitstream copies are bit-by-bit duplicated of data on the original storage medium. The
m
copied files are all of the same size and location as they were in the original file
er as
contents. Bitstream copies can be use in court. When using a bitstream copy, the
co
eH w
metadata is not modified as each file is being copied by-by-bit.
o.
File backup copies is the process of copying only the files themselves and not the
rs e
underlying data. It does copy over certain files like a bitstream copy does which includes
ou urc
files in the file system. However, it does not copy the entire system across. File backup
copies also modify the metadata as the information is copied over to another device.
o
aC s
v i y re
ed d
ar stu
sh is
Th
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 01:35:28 GMT -05:00
https://www.coursehero.com/file/74928839/ICT378-Sample-Exam-Questionsdocx/
Hot topics for long answer questions:
COC(chain of custody) ,
Chain of Custody refers to the logical sequence that records the sequence of custody,
control, transfer, analysis and disposition of physical or electronic evidence in legal cases.
Each step in the chain is essential as if broke, the evidence may be rendered inadmissible.
Thus we can say that preserving the chain of custody is about following the correct and
consistent procedure and hence ensuring the quality of evidence.
Chain of Custody Process:
In order to preserve digital evidence, the chain of custody should span from the first step of
data collection to examination, analysis, reporting, and the time of presentation to the
Courts. This is very important to avoid the possibility of any suggestion that the evidence has
been compromised in any way.
m
1. Data Collection: This is where chain of custody process is initiated. It
er as
involves identification, labeling, recording, and the acquisition of data from all
co
the possible relevant sources that preserve the integrity of the data and
eH w
evidence collected.
o.
2. Examination: During this process, the chain of custody information is
rs e
documented outlining the forensic process undertaken. It is important to capture
ou urc
screenshots throughout the process to show the tasks that are completed and
the evidence uncovered.
3. Analysis: This stage is the result of the examination stage. In the Analysis
o
stage, legally justifiable methods and techniques are used to derive useful
information to address questions posed in the particular case.
aC s
4. Reporting: This is the documentation phase of the Examination and Analysis
v i y re
stage. Reporting includes the following:
Statement regarding Chain of Custody.
Explanation of the various tools used.
ed d
A description of the analysis of various data sources.
ar stu
Issues identified.
Vulnerabilities identified.
Recommendation for additional forensics measures that can be taken.
sh is
Stenography
Th
Steganography is an encryption technique that can be used along with cryptography as an extra-
secure method in which to protect data. Steganography techniques can be applied to images, a
video file or an audio file
5 Steps for conducting forensics investigations
Policy and Procedure Development, Evidence Assessment, Evidence Acquisition, Evidence
Examination, Documenting and Reporting.
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 01:35:28 GMT -05:00
https://www.coursehero.com/file/74928839/ICT378-Sample-Exam-Questionsdocx/
, You get a call from a high school student named Marco who claims he has just received an email
from another student threatening to commit suicide. Marco isn’t sure where the student sent the e-
mail from.
a) Given that this is a time-sensitive matter, how would you proceed to learn more about this
Email?
b) Describe some of the kinds of information that your analysis may uncover, that would not
normally be in plain view in a regular email client
Data Acquisition
a) Discuss one advantage and one disadvantage of the raw format?
b) With remote acquisitions, what problems should you be aware of?
c) Compare and contrast the terms BITSTREAM COPY and FILE BACKUP COPY.
Bitstream copies are bit-by-bit duplicated of data on the original storage medium. The
m
copied files are all of the same size and location as they were in the original file
er as
contents. Bitstream copies can be use in court. When using a bitstream copy, the
co
eH w
metadata is not modified as each file is being copied by-by-bit.
o.
File backup copies is the process of copying only the files themselves and not the
rs e
underlying data. It does copy over certain files like a bitstream copy does which includes
ou urc
files in the file system. However, it does not copy the entire system across. File backup
copies also modify the metadata as the information is copied over to another device.
o
aC s
v i y re
ed d
ar stu
sh is
Th
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 01:35:28 GMT -05:00
https://www.coursehero.com/file/74928839/ICT378-Sample-Exam-Questionsdocx/
