WGU C840 Digital Forensics in Cybersecurity
The Computer Security Act of 1987 Correct Answer: Passed to improve the security and privacy of
sensitive information in federal computer systems. The law requires the establishment of minimum
acceptable security practices, creation of computer security plans, and training of system users or
owners of facilities that house sensitive information.
The Foreign Intelligence Surveillance Act of 1978 (FISA) Correct Answer: A law that allows for collection
of "foreign intelligence information" between foreign powers and agents of foreign powers using
physical and electronic surveillance. A warrant is issued by a special court created by this Act for actions
under this Act.
The Child Protection and Sexual Predator Punishment Act of 1998 Correct Answer: Requires service
providers that become aware of the storage or transmission of child pornography to report it to law
enforcement.
The Children's Online Privacy Protection Act of 1998 (COPPA) Correct Answer: Protects children 13
years of age and under from the collection and use of their personal information by Web sites. This act
replaces the Child Online Protection Act of 1988 (COPA), which was determined to be unconstitutional.
The Communications Decency Act of 1996 Correct Answer: Designed to protect persons 18 years of age
and under from downloading or viewing material considered indecent. This act has been subject to
court cases that subsequently changed some definitions and penalties
The Telecommunications Act of 1996 Correct Answer: Includes many provisions relative to the privacy
and disclosure of information in motion through and across telephony and computer networks.
The Wireless Communications and Public Safety Act of 1999 Correct Answer: Allows for collection and
use of "empty" communications, which means nonverbal and nontext communications, such as GPS
information.
The USA Patriot Act Correct Answer: The primary law under which a wide variety of Internet and
communications information content and metadata is currently collected. Provisions exist within the Act
to protect the identity and privacy of U.S. citizens
The Sarbanes-Oxley Act of 2002 (SOX) Correct Answer: Contains many provisions about record-keeping
and destruction of electronic records relating to the management and operation of publicly held
companies.
Anti-forensics Correct Answer: The actions that perpetrators take to conceal their locations, activities,
or identities.
Cell-phone forensics Correct Answer: The process of searching the contents of cell phones.
, Chain of custody Correct Answer: The continuity of control of evidence that makes it possible to
account for all that has happened to evidence between its original collection and its appearance in
court, preferably unaltered
Computer forensics Correct Answer: The use of analytical and investigative techniques to identify,
collect, examine and preserve computer-based material for presentation as evidence in a court of law
Curriculum Vitae (CV) Correct Answer: An extensive document expounding one's experience and
qualifications for a position, similar to a resume but with more detail. In academia and expert work, a CV
is usually used rather than a resume
Daubert Standard Correct Answer: The standard holding that only methods and tools widely accepted in
the scientific community can be used in court.
Demonstrative Evidence Correct Answer: Information that helps explain other evidence. And example is
a chart that explains a technical concept to the judge and jury
Digital Evidence Correct Answer: Information that has been processed and assembled so that it is
relevant to an investigation and supports a specific finding or determination
Disk Forensics Correct Answer: The process of acquiring and analyzing information stored on physical
storage media, such as computer hard drives or smartphones
Documentary Evidence Correct Answer: Data stored in written form, on paper or in electronic files, such
as email messages and telephone call-detail records. Investigators must authenticate documentary
evidence.
Email Forensics Correct Answer: The study of the source and content of email as evidence, including the
identification of the sender, recipient, date, time, and origination location of an email message.
Expert Report Correct Answer: A formal document prepared by a forensics specialist to document an
investigation, including a list of all tests conducted as well as the specialist's own Curriculum Vitae (CV).
Anything the specialist plans to testify about at a trial must be included in the expert report.
Expert Testimony Correct Answer: The testimony of an expert witness, one who testifies on the basis of
scientific or technical knowledge relevant to a case, rather than personal experience.
Internet Forensics Correct Answer: The process of piecing together where and when a user has been on
the Internet
Live System Forensics Correct Answer: The process of searching memory in real-time, typically for
working with compromised hosts or to identify system abuse.
Network Forensics Correct Answer: The process of examining network traffic, including transaction logs
and real-time monitoring.
Real Evidence Correct Answer: Physical objects that can be touched, held, or directly observed, such as
a laptop with a suspect's fingerprints on it, or a handwritten note.
The Computer Security Act of 1987 Correct Answer: Passed to improve the security and privacy of
sensitive information in federal computer systems. The law requires the establishment of minimum
acceptable security practices, creation of computer security plans, and training of system users or
owners of facilities that house sensitive information.
The Foreign Intelligence Surveillance Act of 1978 (FISA) Correct Answer: A law that allows for collection
of "foreign intelligence information" between foreign powers and agents of foreign powers using
physical and electronic surveillance. A warrant is issued by a special court created by this Act for actions
under this Act.
The Child Protection and Sexual Predator Punishment Act of 1998 Correct Answer: Requires service
providers that become aware of the storage or transmission of child pornography to report it to law
enforcement.
The Children's Online Privacy Protection Act of 1998 (COPPA) Correct Answer: Protects children 13
years of age and under from the collection and use of their personal information by Web sites. This act
replaces the Child Online Protection Act of 1988 (COPA), which was determined to be unconstitutional.
The Communications Decency Act of 1996 Correct Answer: Designed to protect persons 18 years of age
and under from downloading or viewing material considered indecent. This act has been subject to
court cases that subsequently changed some definitions and penalties
The Telecommunications Act of 1996 Correct Answer: Includes many provisions relative to the privacy
and disclosure of information in motion through and across telephony and computer networks.
The Wireless Communications and Public Safety Act of 1999 Correct Answer: Allows for collection and
use of "empty" communications, which means nonverbal and nontext communications, such as GPS
information.
The USA Patriot Act Correct Answer: The primary law under which a wide variety of Internet and
communications information content and metadata is currently collected. Provisions exist within the Act
to protect the identity and privacy of U.S. citizens
The Sarbanes-Oxley Act of 2002 (SOX) Correct Answer: Contains many provisions about record-keeping
and destruction of electronic records relating to the management and operation of publicly held
companies.
Anti-forensics Correct Answer: The actions that perpetrators take to conceal their locations, activities,
or identities.
Cell-phone forensics Correct Answer: The process of searching the contents of cell phones.
, Chain of custody Correct Answer: The continuity of control of evidence that makes it possible to
account for all that has happened to evidence between its original collection and its appearance in
court, preferably unaltered
Computer forensics Correct Answer: The use of analytical and investigative techniques to identify,
collect, examine and preserve computer-based material for presentation as evidence in a court of law
Curriculum Vitae (CV) Correct Answer: An extensive document expounding one's experience and
qualifications for a position, similar to a resume but with more detail. In academia and expert work, a CV
is usually used rather than a resume
Daubert Standard Correct Answer: The standard holding that only methods and tools widely accepted in
the scientific community can be used in court.
Demonstrative Evidence Correct Answer: Information that helps explain other evidence. And example is
a chart that explains a technical concept to the judge and jury
Digital Evidence Correct Answer: Information that has been processed and assembled so that it is
relevant to an investigation and supports a specific finding or determination
Disk Forensics Correct Answer: The process of acquiring and analyzing information stored on physical
storage media, such as computer hard drives or smartphones
Documentary Evidence Correct Answer: Data stored in written form, on paper or in electronic files, such
as email messages and telephone call-detail records. Investigators must authenticate documentary
evidence.
Email Forensics Correct Answer: The study of the source and content of email as evidence, including the
identification of the sender, recipient, date, time, and origination location of an email message.
Expert Report Correct Answer: A formal document prepared by a forensics specialist to document an
investigation, including a list of all tests conducted as well as the specialist's own Curriculum Vitae (CV).
Anything the specialist plans to testify about at a trial must be included in the expert report.
Expert Testimony Correct Answer: The testimony of an expert witness, one who testifies on the basis of
scientific or technical knowledge relevant to a case, rather than personal experience.
Internet Forensics Correct Answer: The process of piecing together where and when a user has been on
the Internet
Live System Forensics Correct Answer: The process of searching memory in real-time, typically for
working with compromised hosts or to identify system abuse.
Network Forensics Correct Answer: The process of examining network traffic, including transaction logs
and real-time monitoring.
Real Evidence Correct Answer: Physical objects that can be touched, held, or directly observed, such as
a laptop with a suspect's fingerprints on it, or a handwritten note.
