Karten 7 Karten
Lernende 1 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 20.06.2019 / 30.06.2019
Lizenzierung Keine Angabe
0 Exakte Antworten 7 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What is the basic forensic process for digital evidence?

Basic forensic process for digital evidence:

  1. Evidence collection/acquisition
  2. Preservation, integrity, chain-of-custody
  3. Analysis, interpretation
  4. Presentation, reporting
Fenster schliessen

Why is digital evidence important or useful?

  • Admissible in court of law
  • Usable for internal disciplinary hearings
  • Supporting data for internal incident reports
  • Assisting/furthering other investigations
  • Helps reconstrucht past events or activity (timelines)
  • Shows possession / handling of digital data
  • Show use/abuse of IT infrastructure & services
  • Shows evidence of policy violation or illegar activity
Fenster schliessen

What are the original areas of digital forensics?

  • Computer forensics (disks, removable media, flash chips ...)
  • Network forensics (network intrusion, abuse ...)
  • Software forensics (examining malicious code, malware ...)
  • Live system forensics (compormied hosts, memory dumps ...)
Fenster schliessen

What has modern digital forensics grown to include?

  • Mobile forensics (smart phones, tablets)
  • IoT forensics (internet connected toasters, tiny devices ...)
  • Vehicle forensics (automobiles, drones)
  • Cloud and Social Media forensics
Fenster schliessen

What are the characteristics of digital evidence?

Easy to destroy

  • bootin a PC updates timestamps and modifies files
  • attaching external drives can modify file system timestamps, create files, overwrite deleted data
  • volatile memory is lost when a machine is powered off

Hard to get

  • network traffic only exists on the wire for milliseconds
  • intrusions and attacks may be cleverly hidden (steg, obfuscation, crypto)
  • anti-forensic activity may prevent collection
  • proprietary devices of file formats
  • over-providioned ares on flash drives
  • service ares on disks
  • encrypted drives and files
Fenster schliessen

What are some concepts of digital forensics?

  • acquisition vs analysis
  • evidence vs intelligence
  • private vs public sectors
  • victioms vs perpetrators (ebanking, CP)
  • limitations vs requierments (technical, policy, legal, ehtical)
Fenster schliessen

Name some digital forensics resources and tools

  • Academic papers and conferences
  • DF (data forensic) tools and platforms
    • sleuth kit + autopsy
    • forensic focus
    • kali linux
    • my forensics page