100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Guide to Computer Forensics & Investigations $12.49   Add to cart

Exam (elaborations)

Guide to Computer Forensics & Investigations

 2 views  0 purchase
  • Course
  • Computer Forensics & Investigations
  • Institution
  • Computer Forensics & Investigations

The process of copying data, in general. - answer-Data acquisition The task of collecting digital evidence from electronic media, for digital forensics. - answer-Data acquisition The two types of data acquisition are: - answer-static and live Why are data acquisitions shifting towards live...

[Show more]

Preview 2 out of 10  pages

  • October 1, 2024
  • 10
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • Computer Forensics & Investigations
  • Computer Forensics & Investigations
avatar-seller
TOPDOCTOR
Guide to Computer Forensics & Investigations
The process of copying data, in general. - answer-Data acquisition

The task of collecting digital evidence from electronic media, for digital forensics. - answer-Data
acquisition

The two types of data acquisition are: - answer-static and live

Why are data acquisitions shifting towards live acquisitions? - answer-Because of the increased use of
whole disk encryption

The type of acquisition that can change file metadata, like date and time values. - answer-live
acquisitions

The type of acquisition that should produce the same results no matter how many times the data is
acquired - answer-static acquisitions

ISO/IEC for digital evidence handling and documenting - answer-ISO/IEC 27037

an older, open-source disk-to-image file format - answer-raw format

new, open-source disk-to-image file format - answer-Advanced Forensic Format (AFF)

AFF - answer-Advanced Forensic Format

Advantages of raw format - answer-1. Fast data transfers
2. Capability to ignore minor data read errors on the source drive.
3. Most forensic tools can read the raw format, for a near universal acquisition format for most tools.

The output of flat simple sequential flat files from writing bit-stream data from a suspect drive or data
set - answer-raw format

Disadvantages of raw format - answer-1. Requires as much storage space as the original disk or data set.
2. Some raw format tools (typically freeware) might not collect marginal (bad) sectors on the source
drive so they have a low threshold of retry reads on weak media spots on the drive. Many commercial
tools are better at this....

CRC32 - answer-Cyclic Redundancy Check, hashing function for validation checks, usually creates a
separate file

validation checks several commercial acquisition tools can perform - answer-Cyclic Redundancy Check
(CRC32), Message Digest 5 (MD5), and Secure Hash Algorithm (SHA-1 or later) hashing functions

MD5 - answer-Message Digest 5, hashing function for validation checks, usually creates a separate file

, SHA-1 or later - answer-Secure Hash Algorithm, hashing function for validation checks, usually creates a
separate file

Features of proprietary formats in commercial forensic tools - answer-1. options to compress or not
image files
2. ability to split an image into smaller segmented files for archiving purposes, with integrity checks for
each segment
3. ability to integrate metadata into the image file (date/time/hash value/examiner name/case details)

Several terms for copying evide data to files - answer-1. bit-stream copy
2. bit-stream image
3. image
4. mirror
5. sector copy

Disadvantages of proprietary format acquisitions - answer-1. Major: inability to share an image between
different vendor's computer forensics analysis tools.
2. file size limitation for each segmented volume, typically 650 MB, no more than 2 GB adjusted (for FAT
formats typically, which max out at 2 GB)

The three proprietary formats of ILookIX imaging tool: - answer-IDIF, IRBF, and IEIF (all can be copied
into a raw format, however)

the unofficial standard of all proprietary formats for image acquisitions - answer-Expert Witness format

the default format for Guidance Software EnCase - answer-Expert Witness format

Features of the Expert Witness format: - answer-1. produces compressed/uncompressed image files
2. writes an extension starting with .e01 and adds increments for each additional segmented image
volume created

Several forensics analysis tools that can generate generic version of Expert Witness format: - answer-X-
Ways Forensics
AccessData Forensic Toolket (FTK)
SMART

The developer of AFF - answer-Dr. Simson L. Garfinkel

Some design goals of AFF - answer-1. Capable of producing compressed or uncompressed image files
2. No size restrictions for disk 2 image files
3. space in the image file or segmented files for metadata
4. simple design with extensibility
5. open source for multi computing platofrms and OSs
6. internal consistency checks for self-authentication

file extensions for AFF - answer-afd for segmented image files
afm for AFF metadata

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TOPDOCTOR. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $12.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72042 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$12.49
  • (0)
  Add to cart