Computer Forensics

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/14

flashcard set

Earn XP

Description and Tags

scientific method of investigation and analysis in order to gather evidence from digital devices or computer networks and components which is suitable for presentation in a court of law or legal body

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

15 Terms

1
New cards

Types of Computer Forensics

Disk, Network, Malware, Email, Memory, Mobile Phone, Database

2
New cards

Difficulties encountered in attempting to locate and recover electronic evidence:

‒ Sheer volume of files stored on a computer
‒ Ability to move files quickly and easily anywhere in the world, hide files or store them on a remote server, encrypt files, misleadingly title files, commingle files with thousands of unrelated, innocuous files

3
New cards

Process

Identification, Preservation, Analysis, Documentation, Presentation

4
New cards

Hardware

Comprises the physical and tangible components of the computer

5
New cards

Software

A set of instructions compiled into a program that performs a particular task

6
New cards

Input Devices

Keyboard, Mouse, Joystick, Game Controller, Scanner, Camera, “Floppy” Disk Drive, CD/DVD/Optical Drive, External Hard Drive

7
New cards

Output Devices

Monitor, Printer, Speakers, “Floppy” Disk Drive, CD/DVD/Optical Drive, External Hard Drive, Network Router

8
New cards

Exigent Circumstances

no search warrant is required if entry is
necessary to prevent the destruction of evidence

9
New cards

Horton v. Cali

evidence may be seized if it is in plain
view to an officer while an unrelated search is being conducted

10
New cards

Throughout the entire process, the forensic examiner must adopt the method that is…

least intrusive

11
New cards

Visible data

that data which the operating system is aware of

12
New cards

Latent data

that data which the operating system is not aware of; can exist in both RAM and file sack or unallocated space

13
New cards

Slack space

the leftover storage space on a
computer's hard disk drive when a file does not need all the space it has been allocated by the operating system

14
New cards

Places where a forensic computer examiner might look to determine what websites a computer user has visited recently are:

‒ Internet cache
‒ Cookies
‒ Internet history

15
New cards

IP Addresses

provide the means by which data can be routed to the appropriate location, and they also provide the means by which most Internet investigations are conducted

Explore top notes

Explore top flashcards