Forensic investigators use ____ copying when making a forensic image of a device, which reads a sector (or block; 512 bytes on most devices) from the source drive and writes it to the target drive; this process continues until all sectors on the suspect drive have been copied.
answer
bitstream
question
One way to identify a particular digital item (collection of bits) is by means of a(n) ____.
answer
cryptographic hash
question
The legal decision that establishes the start point for "warrantless" workplace searches is the Supreme Court's complex ruling in ____.
answer
O'Connor vs. Ortega
question
____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.
answer
Root cause Analysis
question
The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages.
answer
Forensic Toolkit (FTK)
question
Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.
answer
affadavit
question
Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.
answer
write blocker
question
In evidence handling, specifically designed ____ are helpful because they are very difficult to remove without breaking.
answer
evidence seals
question
The stability of information over time is called its ____.
answer
volatility
question
The functional part of forensics called ____ is about assessing the "scene," identifying the sources of relevant digital information, and preserving it for later analysis using sound processes.
answer
first response
question
The ____ is a detailed examination of the events that occurred, from first detection to final recovery.
answer
after-action review
question
A continuously changing process presents challenges in acquisition, as there is not a fixed state that can be collected, hashed, and so forth. This has given rise to the concept of ____ forensics which captures a point-in-time picture of a process.
answer
snapshot
question
The ____ handles computer crimes that are categorized as felonies.
answer
FBI
question
____ involves an attempt made by those who may become subject to digital forensic techniques to obfuscate or hide items of evidentiary value.
answer
Anti-forensics
question
The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.
answer
examination
question
____ is defined as the search for, collection, and review of items stored in electronic (or, more precisely, digital) format that are of potential evidentiary value based on criteria specified by a legal team.
answer
eDiscovery
question
Grounds for challenging the results of a digital investigation can come from possible ____-that is, alleging that the relevant evidence came from somewhere else or was somehow tainted in the collection process.
answer
contamination
question
A forensics team typically uses two methods to document a scene as it exists at the time of arrival: photography and ____.
answer
field notes
question
A search is constitutional if it does not violate a person's reasonable or legitimate____.
answer
expectation of privacy
question
Most digital forensic teams have a prepacked field kit, also known as a(n) ____.
answer
jump bag
question
____ is used both for intrusion analysis and as part of evidence collection and analysis.
answer
Forensics
Haven't found what you need?
Search for quizzes and test answers now
Quizzes.studymoose.com uses cookies. By continuing you agree to our cookie policy
