- ______Computer Forensic___________ can attempt to retrieve information that can be used in the pursuit of the criminal.
- The reasons to make computer forensics more important are: ___High amount of digital evidence; increased scrutiny by legal profession; higher lever of computer skill by criminals.
- List the ways that computer forensics is different from standard investigations: __Volume of electronic evidence; Distribution of evidence; Dynamic content; False leads; Encrypted evidence; Hidden evidence.
- Taking photographs of the crime scene is a step to ___secure the crime scene________.
- The computer forensic team first captures _______volatile____________ data to preserve the data; this includes any data in _______content of RAM; Current network connections; Logon sessions; network configurations; open files.
- _____Mirror image (bit-stream)____________ backups create exact replicas of the computer contents at the crime scene.
- The ____chain of custody___________ documents that the evidence was under strict control all times and no unauthorized person was given the opportunity to corrupt the evidence.
- __RAM slack______________ are data from RAM that is used to fill up the last sector on a disk.
Forensic Team Step | Action |
Secure the crime scene | Instruct users to call response team at first hint of security issue. |
Document surroundings | |
Label and photograph equipment | |
Take custody of computer, peripherals, and media. | |
Preserve the data | Capture volatile data |
Perform mirror image backup | |
Establish chain of custody | Document in detail location of evidence |
Examine for evidence | Search files, document, e-mail etc. |
Examine Windows page files. | |
Explore RAM slack | |
Look at file slack |
- ___Trusted Platform Model (TPM)___________ is to make a cryptographic coprocessor standard equipment on every microprocessor.
- ____Behavior blocking_________ protects computers by recognizing when they are not acting normally.
- ______Host intrusion prevention (HIP)_ restricts the availability of functions such as read, write and execute and protects system resources such as ports, files, and registry keys.
沒有留言:
張貼留言