100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
WGU D431 OA & PRE-ASSESSMENT EXAM ACTUAL EXAM COMPLETE 200 QUESTIONS AND CORRECT DETAILED SOLUTIONS $19.99   Add to cart

Exam (elaborations)

WGU D431 OA & PRE-ASSESSMENT EXAM ACTUAL EXAM COMPLETE 200 QUESTIONS AND CORRECT DETAILED SOLUTIONS

 4 views  0 purchase
  • Course
  • WGU D431,
  • Institution
  • WGU D431,

WGU D431 OA & PRE-ASSESSMENT EXAM ACTUAL EXAM COMPLETE 200 QUESTIONS AND CORRECT DETAILED SOLUTIONS

Preview 4 out of 32  pages

  • September 5, 2024
  • 32
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • WGU D431,
  • WGU D431,
avatar-seller
eddietaylor
Page 1 of 32


WGU D431 OA & PRE-ASSESSMENT EXAM ACTUAL EXAM COMPLETE
200 QUESTIONS AND CORRECT DETAILED SOLUTIONS
WGU D431 OA EXAM

Disk Forensics

The process of acquiring and analyzing information stored on physical storage media, such as
computer hard drives, smartphones, GPS systems, and removable media. Includes both the
recovery of hidden and deleted information and the process of identifying who created a file or
message.

Email Forensics

The study of the source and content of email as evidence, including the identification of the
sender, recipient, date, time, and origination location of an email message.

Network Forensics

the process of examining network traffic, including transaction logs and real-time monitoring
using sniffers and tracing.

Internet Forensics

is the process of piecing together where and when a user has been on the internet. For
example, you can use internet forensics to determine whether inappropriate internet content
access and downloading were accidental.

Software Forensics

also known as malware forensics, is the process of examining malicious computer code

Live system forensics

The process of searching memory in real time, typically for working with compromised hosts or
to identify system abuse.

Cell-Phone Forensics


1

,Page 2 of 32


is the process of searching the contents of cell phones. A few years ago, this was just not a big
issue, but with the ubiquitous nature of cell phones today, cell-phone
forensics is a very important topic. A cell phone can be a treasure trove of evidence. Modern
cell phones are essentially computers with processors, memory, even hard drives and operating
systems, and they operate on networks. Phone forensics also includes VoIP and traditional
phones and may overlap the Foreign Intelligence Surveillance Act of 1978 (FISA), the USA
PATRIOT Act, and the Communications Assistance for Law Enforcement Act (CALEA) in the
United States.

Chain of Custody

From the time the evidence is first seized by a law
enforcement officer or civilian investigator until the moment it is shown in court, the
whereabouts and custody of the evidence, and how it was handled and stored and by whom,
must be able to be shown at all times. Failure to maintain the proper chain of custody can lead
to evidence being excluded from trial.

Don't Touch the Suspect Drive

One very important principle is to touch the system as little as possible. It is possible to make
changes to the system in the process of examining it, which is very undesirable. Obviously, you
have to interact with the system to investigate it. The answer is to make a forensic copy and
work with that copy. You can make a forensic copy with most major forensic tools such as
AccessData's Forensic Toolkit, Guidance Software's EnCase, or PassMark's OSForensics. There
are also open source software products that allow copying of original source information. To be
specific, make a copy and analyze the copy.

Document trail

The next issue is documentation. The rule is that you document everything. Who was present
when the device was seized? What was connected to the device or showing on the screen
when you seized it? What specific tools and techniques did you use? Who had access to the
evidence from the time of seizure until the time of trial? All of this must be documented. And

2

,Page 3 of 32


when in doubt, err on the side of over-documentation. It really is not possible to document too
much information about an investigation.

Secure the Evidence

It is absolutely critical to the integrity of your investigation as well as to maintaining the chain of
custody that you secure the evidence. It is common to have the forensic lab be a locked room
with access given only to those who must enter. Then, evidence is usually secured in a safe,
with access given out only on a need-to-know basis. You have to take every reasonable
precaution to ensure that no one can tamper with the evidence.

Daubert Standard

Standard used by a trial judge to make a preliminary assessment of whether an expert's
scientific testimony is based on reasoning or methodology that is scientifically valid and can
properly be applied to the facts at issue. Under this standard, the factors that may be
considered in determining whether the methodology is valid are: (1) whether the theory or
technique in question can be and has been tested; (2) whether it has been subjected to peer
review and publication; (3) its known or potential error rate; (4) the existence and maintenance
of standards controlling its operation; and (5) whether it has attracted widespread acceptance
within a relevant scientific community.

The Federal Privacy act of 1974

establishes a code of information-handling practices that governs the
collection, maintenance, use, and dissemination of information about individuals that is
maintained in systems of records by U.S. federal agencies. A system of records is a group of
records under the control of an agency from which information is retrieved by the name of the
individual or by some identifier assigned to the individual

The Privacy Protection Act of 1980

protects journalists from being required to turn over to
law enforcement any work product and documentary materials, including sources, before it is


3

, Page 4 of 32


disseminated to the public. Journalists who most need the protection of the PPA are those who
are working on stories that are highly controversial or that describe criminal acts, because the
information gathered may also be useful to law enforcement

The Communications Assistance to Law Enforcement Act of 1994 (CALEA)

federal wiretap law for traditional wired telephony. It was expanded in 2004 to include
wireless, voice over packets, and other forms of electronic communications, including signaling
traffic and metadata.

18 U.S.C. § 2701

This act covers access to a facility through which electronic communication is provided or
exceeding the access that was authorized. It is broadly written to apply to a range of offenses.
Punishment can be up to 5 years in prison and fines for the first offense

The Electronic Communications Privacy act of 1986

governs the privacy and disclosure, access, and interception of content and traffic data related
to electronic communications

The Computer Security Act of 1987

The law requires the establishment of minimum
acceptable security practices, creation of computer security plans, and training of system users
or owners of facilities that house sensitive information

The Foreign Intelligence Surveillance Act of 1978

a law that allows for collection of "foreign intelligence information" between foreign powers
and agents of foreign powers using
physical and electronic surveillance. A warrant is issued by the FISA court for actions under FISA

The Child Protection and Sexual Predator Punishment Act of 1998




4

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller eddietaylor. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $19.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

79373 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$19.99
  • (0)
  Add to cart