WGU C840 Digital Forensics 2023
expert report Ans- A formal document prepared by a forensics specialist to document an investigation,
including a list of all tests conducted as well as the specialist's own curriculum vitae (CV). Anything the
specialist plans to testify about at a trial must be...
WGU C840 Digital Forensics 2023
expert report Ans- A formal document prepared by a forensics specialist to document an investigation,
including a list of all tests conducted as well as the specialist's own curriculum vitae (CV). Anything the
specialist plans to testify about at a trial must be included in the expert report.
Testimonial evidence Ans- Information that forensic specialists use to support or interpret real or
documentary evidence; for example, to demonstrate that the fingerprints found on a keyboard are
those of a specific individual.
Daubert standard Ans- The standard holding that only methods and tools widely accepted in the
scientific community can be used in court.
If the computer is turned on when you arrive, what does the Secret Service recommend you do? Ans-
Shut down according to the recommended Secret Service procedure.
Communications Assistance to Law Enforcement Act of 1994 Ans- The Communications Assistance to
Law Enforcement Act of 1994 is a federal wiretap law for traditional wired telephony. It was expanded
to include wireless, voice over packet, and other forms of electronic communications, including signaling
traffic and metadata.
Digital evidence Ans- Digital evidence is information processed and assembled so that it is relevant to an
investigation and supports a specific finding or determination.
Federal Privacy Act of 1974 Ans- The Federal Privacy Act of 1974, a United States federal law that
establishes a code of Fair Information Practice that governs the collection, maintenance, use, and
dissemination of information about individuals that is maintained in systems of records by U.S. federal
agencies.
Power Spy, Verity, ICU, and WorkTime Ans- Spyware
good fictitious e-mail response rate Ans- 1-3%
,Which crime is most likely to leave e-mail evidence? Ans- Cyberstalking
Where would you seek evidence that ophcrack had been used on a Windows Server 2008 machine? Ans-
In the logs of the server; look for the reboot of the system
A SYN flood is an example of what? Ans- DoS attack
definition of a virus, in relation to a computer? Ans- a type of malware that requires a host program or
human help to propagate
What is the starting point for investigating the denial of service attacks? Ans- Tracing the packets
China Eagle Union Ans- The cyberterrorism group, the China Eagle Union, consists of several thousand
Chinese hackers whose stated goal is to infiltrate Western computer systems. Members and leaders of
the group insist that not only does the Chinese government have no involvement in their activities, but
that they are breaking Chinese law and are in constant danger of arrest and imprisonment. However,
most analysts believe this group is working with the full knowledge and support of the Chinese
government.
Rules of evidence Ans- Rules that govern whether, when, how, and why proof of a legal case can be
placed before a judge or jury.
file slack Ans- The unused space between the logical end of the file and the physical end of the file. It is
also called slack space.
The Analysis Plan Ans- Before forensic examination can begin, an analysis plan should be created. This
plan guides work in the analysis process. How will you gather evidence? Are there concerns about
evidence being changed or destroyed? What tools are most appropriate for this specific investigation? A
standard data analysis plan should be created and customized for specific situations and circumstances.
What is the most important reason that you not touch the actual original evidence any more than you
have to? Ans- Each time you touch digital data, there is some chance of altering it.
, You should make at least two bitstream copies of a suspect drive. Ans- TRUE
To preserve digital evidence, an investigator should Ans- make two copies of each evidence item using
different imaging tools
What would be the primary reason for you to recommend for or against making a DOS Copy Ans- A
simple DOS copy will not include deleted files, file slack, and other information.
Which starting-point forensic certification covers the general principles and techniques of forensics, but
not specific tools such as EnCase or FTK? Ans- (CHFI) EC Council Certified Hacking Forensic Investigator
This forensic certification is open to both the public and private sectors and is specific to the use and
mastery of FTK. Requirements for taking the exam include completing the boot camp and Windows
forensic courses. Ans- AccessData Certified Examiner. AccessData is the creator of Forensic Toolkit (FTK)
software.
Federal Rules of Evidence (FRE) Ans- The Federal Rules of Evidence (FRE) is a code of evidence law. The
FRE governs the admission of facts by which parties in the U.S. federal court system may prove their
cases. The rules of evidence, encompasses the rules and legal principles that govern the proof of facts in
a legal proceeding. These rules determine what evidence must or must not be considered by the trier of
fact in reaching its decision
The DoD Cyber Crime Center (DC3) Ans- DC3 is involved with DoD investigations that require computer
forensics support to detect, enhance, or recover digital media. DC3 provides computer investigation
training. It trains forensic examiners, investigators, system administrators, and others. It also ensures
that defense information systems are secure from unauthorized use, criminal and fraudulent activities,
and foreign intelligence service exploitation. DC3 ets standards for digital evidence processing, analysis,
and diagnostics.
Expert testimony Ans- Expert testimony involves the authentication of evidence-based upon scientific or
technical knowledge relevant to cases. Forensic examiners are often called upon to authenticate
evidence between given specimens and other items. Forensic specialists should not undertake an
examination that is beyond their knowledge and skill.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CertifiedGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.