CSCI 511: Final Liberty University
CSCI 511: Final Liberty University
CSCI 511 Final Liberty University
The file allocation table is really a list of entries that map to each on the disk partition.
The unused space between the logical end of file and the physical end of file is known as .
What is meant by home location register (HLR)?
is the process whereby the file system keeps a record of what file transactions take place so that in the event of a hard drive crash, the files can be recovered.
The standard of proof in a civil trial is:
The following are characteristics of the certification: Only lawenforcement personnel and government employees working as system forensics examiners may join. Students learn to interpret and trace e-mail, acquire evidence properly, identify operating systems, recover data, and understand encryption theory and other topics. Students must pass a written exam before continuing to the next level. There are multiple levels.
One of the first steps in any forensic examination should be to check the logs. If you need to know what documents have been printed from the Macintosh, the
folder can give you that information.
The , which is imprinted on the SIM card, can be used by the service provider operator to trace the SIM card back to the number that it was assigned to.
What name is given to analysis involving using the native operating system, on the evidence disk or a forensic duplicate, to peruse the data?
Digital cameras contain a wealth of metadata in:
Certain exceptions may justify the search of a computer without a warrant, including .
There are five ways to document the crime scene:
The attack hijacks a TCP connection between a client and a server.
There are four layers to iOS. The layer is how applications interact with the iOS.
Which of the following common e-mail header fields is commonly used with values bulk, junk, or list; or used to indicate that automated vacation or out of office responses should not be returned for the mail?
is essentially data about the data. In the case of files, it can include creation time/date, size, last modified date, and even file header information.
What is meant by steganalysis?
The required states to implement a sex offender registry.involve written questions that are provided to a witness.
When filing a , the attorney seeks a pretrial ruling on the admissibility of evidence.
To establish the competency of a technical or expert witness to participate in a trial, a thorough examination of that persons background and credentials is required. This occurs through a process known as .
In which DoS attack does the attacker send fragments of packets with bad values
The states that forensic tools, techniques, procedures and evidence are admissible in court only if they have a general acceptance within the scientific community.
Because the requires that scientific evidence presented in court be generally accepted in the relevant scientific field, new techniques need to be verified before being used in court.
Maintaining is a problem with live system forensics in which data is not acquired at a unified moment.
The TCP header has synchronization bits that are used to establish and terminate communications between both communicating parties. The bit acknowledges the attempt to synchronize communications.
occurs when a SIM cards identifying information is copied to a different SIM card. That card can then be used in a new phone but will operate as if it were the original phone.
The National Institute of Standards and Technology (NIST) guidelines list four different states a mobile device can be in when you extract data. Devices are in the state when received from the manufacturer.
The standard for wireless communication of high-speed data for mobile devices is what is commonly called 4G.
The subscriber identity module (SIM) is a memory chip that stores the .
is the process by which investigators preserve the crime scene and evidence throughout the life cycle of a case.
The is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered.
The is a federal wiretap law for traditional wired telephony that was expanded to include wireless, voice over packet, and other forms of electronic communications, including signaling traffic and metadata.
Which Linux shell command lists all currently running processes that the user has started (any program or daemon is a process)?has a source and destination port number, but it lacks a sequence number and synchronization bits.
What term is used to describe statements that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury?
Eyewitness testimony is an example of:
A port is a number that identifies a channel in which communication can occur. There are certain ports a forensic analyst should know on sight. Which port uses DNS to translate uniform resource locators into Web addresses and possibly retrieve other information about the system that matches the URL?
provide a narrative of what happened at the crime scene and how the investigation of the scene was conducted.
is a type of scam in which the offender creates a Web site that looks identical to an authentic Web site. However, the mirror Web site carries a malicious payload.
Electronic evidence must be extracted first from a CD before the investigator dusts it for fingerprints so as not to damage it.
A common portscan is the FIN scan, wherein a packet is sent with the FIN flag turned on. If the port is open, this generates an error message. Because there was no prior communication, an error is generated telling the hacker that this port is open and in use.
When a file is deleted on the iPhone, iPad, or iPod, it is actually moved to the
.Trashes501 folder so the data is still there until it is overwritten, which means recently deleted files can be retrieved.
Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspects fingerprints on it, or a handwritten note.
The Fourth Amendment applies to searches conducted by private individuals, businesses, and nongovernmental agencies.
A victim of a criminal act can sue the perpetrator for damages in civil court.
An individual cannot be compelled by authorities to reveal passwords to
Spaces can be left in bound notebooks to go back and make any additions to previous entries.
What is the first thing a forensic investigator should do in mobile phone investigations?
What are the advantages to using external computer forensics investigators in corporate cases?