Published company policies provide a(n) ____ for a business to conduct internal investigations.

Computer Forensics

Chain of custody is also known as chain of evidence.

ISPs can investigate computer abuse committed by their customers.

If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.

The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.

One way to examine a partition's physical level is to use a disk editor, such as Norton DiskEdit, WinHex, or Hex Workshop.

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

A nonsteganographic graphics file has a different size than an identical steganographic graphics file.

Bitmap images are collections of dots, or pixels, that form an image.

FBI Computer Analysis and Response Team (CART)

The was formed in 1984 to handle the increasing number of cases involving digital evidence.

involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.

involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.

The group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.

In a case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation.

In general, a criminal case follows three stages: the complaint, the investigation, and the

Based on the incident or crime, the complainant makes a(n), an accusation or supposition of fact that a crime has been committed.

In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n)

It's the investigator's responsibility to write the affidavit, which must include (evidence) that support the allegation to justify the warrant.

The affidavit must be under sworn oath to verify that the information in the affidavit is true.

Published company policies provide a(n) for a business to conduct internal investigations.

A(n) is a person using a computer to perform routine tasks other than systems administration.

standard risk assessment.

The list of problems you normally expect in the type of case you are handling is known as the

The basic plan for your investigation includes gathering the evidence, establishing the , and performing the forensic analysis.

investigations typically include spam, inappropriate and offensive message content, and harassment or threats.

A is a bit-by-bit copy of the original storage medium.

A bit-stream image is also known as a(n)

To create an exact image of an evidence disk, copying the to a target work disk that's identical to the evidence disk is preferable.

In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as

After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and

For computer forensics, is the task of collecting digital evidence from electronic media.

If the computer has an encrypted drive, a (x) acquisition is done if the password or passphrase is available.

creating a disk-to-image file.

____ 68. The most common and flexible data-acquisition method is c

If your time is limited, consider using a logical acquisition or (x) acquisition data copy method.

Microsoft has recently added (x) in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.

Most federal courts have interpreted computer records as x evidence.

Generally, computer records are considered admissible if they qualify as a x record.

The FOIA (Freedom of Information Act) was originally enacted in the

Investigating and controlling computer incident scenes in the corporate environment is x in the criminal environment.

Every business or organization must have a well defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a x that a law or policy is being violated.

Environmental and x issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.

initial-response field kit

With a(n) x you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.

extensive-response field kit

A(n) x kid should include all the tools you can afford to take to the field.

Courts consider evidence data in a computer as x evidence

Evidence is commonly lost or corrupted through professional x, which involves police officers and other professionals who aren't part of the crime scene processing team.

U.S. Department of Justice (DOJ)
Homeland Security
Patriot Act
Department of Defense

When seizing computer evidence in criminal investigations, follow the x standards for seizing digital data.

During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older x or MS-DOS system.

Real-time surveillance requires x data transmissions between a suspect's computer and a network server.

The most common computer-related crime is

A x is a column of tracks on two or more disk platters.

Records in the MFT are referred to as x.

The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are referred to as x

A x allows you to create a representation of another computer on an existing physical computer.

You begin any computer forensics case by creating a(n) x

In civil and criminal cases, the scope is often defined by search warrants or x, which specify what data you can recover.

FTK and other computer forensics programs use x to tag and document digital evidence.

full-featured hexadecimal editor, computer forensics tool

Getting a hash value with a x is much faster and easier than with a(n) x

x are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

You use x to create, modify, and save bitmap, vector, and metafile graphics files.

x images store graphics information as grids of individual pixels.

Exchangable Image File (EXIF)

The majority of digital cameras use the x format to store digital pictures.

Recovering pieces of a file is called x

The image format XIF is derived from the more common x file format.

The simplest way to access a file header is to use a(n) x editor

x steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.

x steganography replaces bits of the host file with other bits of data.

x has also been used to protect copyrighted material by inserting digital watermarks into a file.

When working with image files, computer investigators also need to be aware of x laws to guard against copyright violations.

Under copyright laws, computer programs may be registered as x

pictoral, graphic, and sculptural.

Under copyright laws, maps and architectural plans may be registered as x

x involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases.

The x to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.

assessment and risk management

When you work in the vulnerability x group, you test and verify the integrity of standalone workstations and network servers.

The x provides a record of clues to crimes that have been committed previously.

password -cracking software

When you are dealing with password protected files, you might need to acquire x or find an expert who can help you crack the passwords.

During the x design or approach to the case, you outline the general steps you need to follow to investigate the case.

The Expert Witness format

x is the default format for acquisitions for Guidance Software EnCase.

There are two types of acquisitions: static acquisitions and x acquisitions.

x can be any information stored or transmitted in digital form.

Private-sector organizations include businesses and x that aren't involved in law enforcement.

If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have a(n) x

When an investigator finds a mix of information, judges often issue a(n) x to the warrant, which allows the police to separate innocent information from evidence.

hazardous materials (HAZMAT)

Some computer cases involve dangerous settings. For these types of investigations, you must rely on the skills of x teams to recover evidence from the scene.

x refers to a disk's structure of platters, tracks, and sectors.

In Microsoft file structures, sectors are grouped to form x, which are storage allocation units of one or more sectors.

On Windows and DOS computer systems, the x stores information about partitions on a disk and their locations, size, and other important items.

Drive slack includes RAM slack (found primarily in older Microsoft OSs) and x slack.

On an NTFS disk, the first data set is the x which starts at sector [0] of the disk.

For most law-enforcement-related computing investigations, the investigator is limited to working with data defined in the search x.

FTK provides two options for searching for keywords: indexed search and x search.

x search catalogs all words on the evidence disk so that FTK can find them quickly.

To generate reports with the FTK ReportWizard, first you need to x files during an examination.

The data-hiding technique x changes data from readable code to data that looks like binary executable code.

A graphics program creates and saves one of three types of image files: bitmap, vector, or x.

x is the process of coding of data from a larger form to a smaller form.

The x is the best source for learning more about file formats and their associated extensions

Who are public investigations conducted by?

Which agency introduced training on software for forensics investigations by the early 1990s?

When confidential business data are included with criminal evidence What are they referred to as?

What section of a report should restate the objectives aims and key questions and summarize the findings with clear concise statements?