CRJ-355: Midterm Study Guide
1. What is digital forensics?: incident response, collecting and assessing media, data integrity
and preservation, methods using scientific method, use of validated tools, use of mathematical
hashing to verify integrity
2. What are the three focus areas of digital forensics?: Incident response, pen- etration testing,
past-facto analysis
3. What is the Arc of investigations?: Understand the scope and depth of the investigation,
gather proper tools, obtain a search warrant, note priorities, look through potential evidence
sources
4. Some potential complications or errors when conducting an investigation?-
: Encryption, error of volatility, items damaged and/or hidden
5. What are some priorities at a investigation scene?: documentation of steps taken,
photographs of scene, investigators safety protocols.
6. Where can digital evidence be located?: hardware, cameras, phones, flash drives, gps units,
thermostat
7. How is evidence processed?: create a chain of custody, protect integrity, con- sider bodily
fluids
8. How do you properly power down devices?: cut the power source by pulling the plug or
battery to protect the data
9. Brief summary of Jeff Bezos case?: Malware was sent in the form of a video to iPhone on
WhatsApp
10.What was the main issue within the investigation of the Bezos case?: All of the digital forensic
tests run on his iPhone failed to detect the malware for a copious amount of time.
11.What were some mistakes made within the Bezos case that exposed the hacker?: He
constantly sent hints to Bezos about personal information that was contained only on Bezos
phone.
12.What is a bit-stream copy? (Forensic copy): take data and use software to take everything
since the
beginning of the data, this is an exact copy with metadata, hash values are identical
13.What is a copy and paste?: exact copy of the data that is currently there, metadata
however is not copied over, hash values are not identical
14.What is a physical image?: Capturing of all the binary present on the drive as well as any
deleted space and file fragments.
15.What is a logical image?: Capturing of all the active data. Does not capture deleted file
space and file fragments.
16.What tools can be used to make a forensic copy?: FTK imager, autopsy, DD function in linux
1/
2
1. What is digital forensics?: incident response, collecting and assessing media, data integrity
and preservation, methods using scientific method, use of validated tools, use of mathematical
hashing to verify integrity
2. What are the three focus areas of digital forensics?: Incident response, pen- etration testing,
past-facto analysis
3. What is the Arc of investigations?: Understand the scope and depth of the investigation,
gather proper tools, obtain a search warrant, note priorities, look through potential evidence
sources
4. Some potential complications or errors when conducting an investigation?-
: Encryption, error of volatility, items damaged and/or hidden
5. What are some priorities at a investigation scene?: documentation of steps taken,
photographs of scene, investigators safety protocols.
6. Where can digital evidence be located?: hardware, cameras, phones, flash drives, gps units,
thermostat
7. How is evidence processed?: create a chain of custody, protect integrity, con- sider bodily
fluids
8. How do you properly power down devices?: cut the power source by pulling the plug or
battery to protect the data
9. Brief summary of Jeff Bezos case?: Malware was sent in the form of a video to iPhone on
10.What was the main issue within the investigation of the Bezos case?: All of the digital forensic
tests run on his iPhone failed to detect the malware for a copious amount of time.
11.What were some mistakes made within the Bezos case that exposed the hacker?: He
constantly sent hints to Bezos about personal information that was contained only on Bezos
phone.
12.What is a bit-stream copy? (Forensic copy): take data and use software to take everything
since the
beginning of the data, this is an exact copy with metadata, hash values are identical
13.What is a copy and paste?: exact copy of the data that is currently there, metadata
however is not copied over, hash values are not identical
14.What is a physical image?: Capturing of all the binary present on the drive as well as any
deleted space and file fragments.
15.What is a logical image?: Capturing of all the active data. Does not capture deleted file
space and file fragments.
16.What tools can be used to make a forensic copy?: FTK imager, autopsy, DD function in linux
1/
2
