Guide to Computer Forensics and Investigations

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/18

flashcard set

Earn XP

Description and Tags

These flashcards cover important vocabulary and concepts related to computer forensics and data acquisition methods.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

19 Terms

1
New cards

Raw Format

A data acquisition format that creates a bit-by-bit copy of the original data, requiring as much storage as the original disk.

2
New cards

Proprietary Formats

Specialized formats used by forensics tools that may limit the sharing of acquired data between different tools.

3
New cards

Advanced Forensics Format (AFF)

An open-source format developed for capturing forensics images without size restrictions, allowing metadata integration.

4
New cards

Static Acquisitions

Data captures performed on powered-off devices.

5
New cards

Live Acquisitions

Data captures performed on devices that are powered on, often to collect volatile data.

6
New cards

Disk-to-Image File

A method of creating a complete image copy of a disk for forensic analysis.

7
New cards

Logical Acquisition

The process of acquiring only specific files or file fragments of interest instead of the entire disk.

8
New cards

Contingency Planning

Preparation for potential issues in data acquisition, including the need for multiple copies and protection against encryption.

9
New cards

Write Blocking

A hardware or software technique that prevents alteration of data on the source device during forensic acquisition.

10
New cards

RAID (Redundant Array of Independent Disks)

A storage system that combines multiple physical disks into a single logical unit for redundancy and performance.

11
New cards

Remote Acquisition Tools

Software that allows forensic examiners to gather evidence from a suspect’s computer over a network.

12
New cards

Validation Techniques

Methods used to verify the integrity of acquired data, often through hashing algorithms like MD5 and SHA.

13
New cards

dffldd

An enhanced command for data imaging in Linux that includes additional functions beyond the standard dd command.

14
New cards

Write Blocker

A device used to prevent writing to a storage device during forensic analysis to protect the integrity of data.

15
New cards

AccessData FTK

A software suite used for forensic analysis and data acquisition, including creating disk image copies.

16
New cards

ImageUSB

A PassMark Software tool for creating bootable flash drives from disk images.

17
New cards

ASR Data SMART

A forensics analysis tool that can make image files of suspect drives and manage bad sectors.

18
New cards

ProDiscover

A remote acquisition tool utilized to capture system state information and analyze processes.

19
New cards

SIFT

A Linux distribution used for digital forensics, containing various tools and utilities for evidence acquisition.