Digital Forensics in Cyber security - C840 Study guide
2022 with complete solution- A+ graded
FAT Correct ans - Stores file locations by sector in a file called the file
allocation table. This table contains information about which clusters are
being used by which particular files and which clusters are free to be used.
NTFS (New Technology File System) Correct ans - File system used by
Windows NT 4, 2000, XP, Vista, 7, Server 2003, and Server 2008. One major
improvement of this system was the increased volume sizes.
Extended file system Correct ans - System created specifically for
Linux. There have been many versions; the current version is 4.
ReiserFS Correct ans - Popular journaling file system, used primarily
with Linux. It was the first file system to be included with the standard Linux
kernel, and first appeared in kernel version 2.4.1.
The Berkeley Fast File System Correct ans - This is also known as the
UNIX file system. Uses a bitmap to track free clusters, indicating which
clusters are available and which are not.
Data hiding Correct ans - Storage of data where an investigator is
unlikely to find it.
Data transformation Correct ans - Disguising the meaning of
information.
Data contraception Correct ans - Storage of data where a forensic
specialist cannot analyze it.
Data fabrication Correct ans - Uses false positives and false leads
extensively.
File system alteration Correct ans - Corruption of data structures and
files that organize data.
Daubert standard Correct ans - Any scientific evidence presented in a
trial has to have been reviewed and tested by the relevant scientific
community. For a computer forensics investigator, that means that any tools,
techniques, or processes you utilize in your investigation should be ones that
are widely accepted in the computer forensics community. You cannot simply
make up new tests or procedures. (1) whether the theory or technique in
question can be and has been tested; (2) whether it has been subjected to
peer review and publication; (3) its known or potential error rate; (4) the
existence and maintenance of standards controlling its operation; and (5)
,whether it has attracted widespread acceptance within a relevant scientific
community.
The Federal Privacy Act of 1974 Correct ans - Prohibits unauthorized
disclosures of records( about people, citizens, individuals) maintained by
Federal Agencies. Also allows individuals the ability to request to review their
record.
The Privacy Protection Act of 1980 Correct ans - (PPA) of 1980 protects
journalists from being required to turn over to law enforcement any work
product and documentary materials, including sources, before it is
disseminated to the public. Journalists who most need the protection of the
PPA are those who are working on stories that are highly controversial or
about criminal acts because the information gathered may also be useful to
law enforcement.
The Communications Assistance to Law Enforcement Act of 1994
Correct ans - a federal wiretap law for traditional wired telephony to allow
cops to wiretap with a warrant. It was expanded to include wireless, voice
over packet, and other forms of electronic communications, including
signaling traffic and metadata.
The Electronic Communications Privacy Act of 1986 Correct ans -
Prevents unauthorized government access to individuals' private electronic
communications (things done on the computer or saved on the computer)
The Computer Security Act of 1987 Correct ans - was passed to
improve the security and privacy of sensitive information in federal computer
systems. The law requires the establishment of minimum acceptable security
practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information.
The Foreign Intelligence Surveillance Act of 1978 Correct ans - (FISA)
is a law that allows for collection of "foreign intelligence information"
between foreign powers and agents of foreign powers using physical and
electronic surveillance. A warrant is issued by the FISA court for actions
under FISA.
The Child Protection and Sexual Predator Punishment Act of 1998
Correct ans - requires service providers that become aware of the storage
or transmission of child pornography to report it to law enforcement.
The Children's Online Privacy Protection Act of 1998 Correct ans -
(COPPA) protects children 13 years of age and under from the collection and
use of their personal information by Web sites. It is noteworthy that COPPA
,replaces the Child Online Protection Act of 1988 (COPA), which was
determined to be unconstitutional.
The Communications Decency Act of 1996 Correct ans - was designed
to protect persons 18 years of age and under from downloading or viewing
material considered indecent. This act has been subject to court cases that
subsequently changed some definitions and penalties.
The Telecommunications Act of 1996 Correct ans - Allows anyone to
enter the communication business and compete against other businesses.
Prevents one business from dominating. (for example: Cox Cable, Charter
Cable, Verizon Fios, etc..)
The Wireless Communications and Public Safety Act of 1999 Correct ans
- allows for collection and use of "empty" communications, which means
nonverbal and nontext communications, such as GPS information.
The USA Patriot Act Correct ans - Allows the use of certain tools to
intercept and obstruct terrorism (such as money laundering and financing of
terrorism through internet and telecommunication)
The Sarbanes-Oxley Act of 2002 Correct ans - contains many
provisions about recordkeeping and destruction of electronic records relating
to the management and operation of publicly held companies.
Real evidence Correct ans - a physical object that someone can touch,
hold, or directly observe. Examples of real evidence are a laptop with a
suspect's fingerprints on the keyboard, a hard drive, a universal serial bus
(USB) drive, or a handwritten note.
Documentary evidence Correct ans - data stored as written matter, on
paper or in electronic files. THIS includes memory-resident data and
computer files. Examples are e-mail messages, logs, databases,
photographs, and telephone call-detail records. Investigators must
authenticate documentary evidence.
Testimonial evidence Correct ans - information that forensic specialists
use to support or interpret real or documentary evidence. For example, they
may employ THIS to demonstrate that the fingerprints found on a keyboard
are those of a specific individual. Or system access controls might show that
a particular user stored specific photographs on a desktop.
Demonstrative evidence Correct ans - information that helps explain
other evidence. An example is a chart that explains a technical concept to
the judge and jury. Forensic specialists must often provide testimony to
support the conclusions of their analyses. For example, a member of an
, incident response team might be required to testify that he or she identified
the computer program that deleted customer records at a specified date and
time.
sector Correct ans - the basic unit of data storage on a hard disk,
which is usually 512 bytes
The premier federal agency tasked with combating cybercrime. Correct
ans - The United States Secret Service
Internet forensics Correct ans - the process of piecing together where
and when a user has been on the Internet. For example, you can use THIS to
determine whether inappropriate Internet content access and downloading
were accidental.
Malware forensics is also known as Correct ans - software forensics.
Why should you note all cable connections for a computer you want to seize
as evidence? Correct ans - In case other devices were connected. To
reach a conclusion and turn raw information into supportable, actionable
evidence, a forensic specialist must identify and analyze corroborating
information, such as what devices or connections are involved with a
computer in question. In other words, it is often the case that a single piece
of information is not conclusive. It often takes the examination and
correlation of multiple individual pieces of information to reach a conclusion.
discarded information Correct ans - Any documents that are thrown
out without first being shredded could potentially aid an identity thief.
You can monitor employee activities, but only on Correct ans -
company systems.
Fraud Correct ans - any attempt to gain financial reward through
deception is fraud
_____ is a popular DoS tool. Correct ans - Trin00 is another popular DoS
tool. It was originally available only for UNIX but is now available for Windows
as well. It is an alternative to TFN. One common technique attackers use is to
send the Trin00 client to machines via a Trojan horse. Then, the infected
machines can all be used to launch a coordinated attack on the target
system.
cyberstalking Correct ans - The use of electronic communications to
harass or threaten another person. While some conduct involving annoying
or menacing behavior might fall short of illegal stalking, such behavior may
be a prelude to stalking and violence and should be treated seriously.
2022 with complete solution- A+ graded
FAT Correct ans - Stores file locations by sector in a file called the file
allocation table. This table contains information about which clusters are
being used by which particular files and which clusters are free to be used.
NTFS (New Technology File System) Correct ans - File system used by
Windows NT 4, 2000, XP, Vista, 7, Server 2003, and Server 2008. One major
improvement of this system was the increased volume sizes.
Extended file system Correct ans - System created specifically for
Linux. There have been many versions; the current version is 4.
ReiserFS Correct ans - Popular journaling file system, used primarily
with Linux. It was the first file system to be included with the standard Linux
kernel, and first appeared in kernel version 2.4.1.
The Berkeley Fast File System Correct ans - This is also known as the
UNIX file system. Uses a bitmap to track free clusters, indicating which
clusters are available and which are not.
Data hiding Correct ans - Storage of data where an investigator is
unlikely to find it.
Data transformation Correct ans - Disguising the meaning of
information.
Data contraception Correct ans - Storage of data where a forensic
specialist cannot analyze it.
Data fabrication Correct ans - Uses false positives and false leads
extensively.
File system alteration Correct ans - Corruption of data structures and
files that organize data.
Daubert standard Correct ans - Any scientific evidence presented in a
trial has to have been reviewed and tested by the relevant scientific
community. For a computer forensics investigator, that means that any tools,
techniques, or processes you utilize in your investigation should be ones that
are widely accepted in the computer forensics community. You cannot simply
make up new tests or procedures. (1) whether the theory or technique in
question can be and has been tested; (2) whether it has been subjected to
peer review and publication; (3) its known or potential error rate; (4) the
existence and maintenance of standards controlling its operation; and (5)
,whether it has attracted widespread acceptance within a relevant scientific
community.
The Federal Privacy Act of 1974 Correct ans - Prohibits unauthorized
disclosures of records( about people, citizens, individuals) maintained by
Federal Agencies. Also allows individuals the ability to request to review their
record.
The Privacy Protection Act of 1980 Correct ans - (PPA) of 1980 protects
journalists from being required to turn over to law enforcement any work
product and documentary materials, including sources, before it is
disseminated to the public. Journalists who most need the protection of the
PPA are those who are working on stories that are highly controversial or
about criminal acts because the information gathered may also be useful to
law enforcement.
The Communications Assistance to Law Enforcement Act of 1994
Correct ans - a federal wiretap law for traditional wired telephony to allow
cops to wiretap with a warrant. It was expanded to include wireless, voice
over packet, and other forms of electronic communications, including
signaling traffic and metadata.
The Electronic Communications Privacy Act of 1986 Correct ans -
Prevents unauthorized government access to individuals' private electronic
communications (things done on the computer or saved on the computer)
The Computer Security Act of 1987 Correct ans - was passed to
improve the security and privacy of sensitive information in federal computer
systems. The law requires the establishment of minimum acceptable security
practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information.
The Foreign Intelligence Surveillance Act of 1978 Correct ans - (FISA)
is a law that allows for collection of "foreign intelligence information"
between foreign powers and agents of foreign powers using physical and
electronic surveillance. A warrant is issued by the FISA court for actions
under FISA.
The Child Protection and Sexual Predator Punishment Act of 1998
Correct ans - requires service providers that become aware of the storage
or transmission of child pornography to report it to law enforcement.
The Children's Online Privacy Protection Act of 1998 Correct ans -
(COPPA) protects children 13 years of age and under from the collection and
use of their personal information by Web sites. It is noteworthy that COPPA
,replaces the Child Online Protection Act of 1988 (COPA), which was
determined to be unconstitutional.
The Communications Decency Act of 1996 Correct ans - was designed
to protect persons 18 years of age and under from downloading or viewing
material considered indecent. This act has been subject to court cases that
subsequently changed some definitions and penalties.
The Telecommunications Act of 1996 Correct ans - Allows anyone to
enter the communication business and compete against other businesses.
Prevents one business from dominating. (for example: Cox Cable, Charter
Cable, Verizon Fios, etc..)
The Wireless Communications and Public Safety Act of 1999 Correct ans
- allows for collection and use of "empty" communications, which means
nonverbal and nontext communications, such as GPS information.
The USA Patriot Act Correct ans - Allows the use of certain tools to
intercept and obstruct terrorism (such as money laundering and financing of
terrorism through internet and telecommunication)
The Sarbanes-Oxley Act of 2002 Correct ans - contains many
provisions about recordkeeping and destruction of electronic records relating
to the management and operation of publicly held companies.
Real evidence Correct ans - a physical object that someone can touch,
hold, or directly observe. Examples of real evidence are a laptop with a
suspect's fingerprints on the keyboard, a hard drive, a universal serial bus
(USB) drive, or a handwritten note.
Documentary evidence Correct ans - data stored as written matter, on
paper or in electronic files. THIS includes memory-resident data and
computer files. Examples are e-mail messages, logs, databases,
photographs, and telephone call-detail records. Investigators must
authenticate documentary evidence.
Testimonial evidence Correct ans - information that forensic specialists
use to support or interpret real or documentary evidence. For example, they
may employ THIS to demonstrate that the fingerprints found on a keyboard
are those of a specific individual. Or system access controls might show that
a particular user stored specific photographs on a desktop.
Demonstrative evidence Correct ans - information that helps explain
other evidence. An example is a chart that explains a technical concept to
the judge and jury. Forensic specialists must often provide testimony to
support the conclusions of their analyses. For example, a member of an
, incident response team might be required to testify that he or she identified
the computer program that deleted customer records at a specified date and
time.
sector Correct ans - the basic unit of data storage on a hard disk,
which is usually 512 bytes
The premier federal agency tasked with combating cybercrime. Correct
ans - The United States Secret Service
Internet forensics Correct ans - the process of piecing together where
and when a user has been on the Internet. For example, you can use THIS to
determine whether inappropriate Internet content access and downloading
were accidental.
Malware forensics is also known as Correct ans - software forensics.
Why should you note all cable connections for a computer you want to seize
as evidence? Correct ans - In case other devices were connected. To
reach a conclusion and turn raw information into supportable, actionable
evidence, a forensic specialist must identify and analyze corroborating
information, such as what devices or connections are involved with a
computer in question. In other words, it is often the case that a single piece
of information is not conclusive. It often takes the examination and
correlation of multiple individual pieces of information to reach a conclusion.
discarded information Correct ans - Any documents that are thrown
out without first being shredded could potentially aid an identity thief.
You can monitor employee activities, but only on Correct ans -
company systems.
Fraud Correct ans - any attempt to gain financial reward through
deception is fraud
_____ is a popular DoS tool. Correct ans - Trin00 is another popular DoS
tool. It was originally available only for UNIX but is now available for Windows
as well. It is an alternative to TFN. One common technique attackers use is to
send the Trin00 client to machines via a Trojan horse. Then, the infected
machines can all be used to launch a coordinated attack on the target
system.
cyberstalking Correct ans - The use of electronic communications to
harass or threaten another person. While some conduct involving annoying
or menacing behavior might fall short of illegal stalking, such behavior may
be a prelude to stalking and violence and should be treated seriously.
