Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
34 Cards in this Set
- Front
- Back
Who is Edmond Locard |
Father of Locard Principle and the creator of the first general forensics laboratory |
|
What 3 roles can a computer play in an investigation? |
Tool Target Crime Scene |
|
Forensics Event in 1939 |
FBI set up region labs to provide forensic services. |
|
Forensics Event in 1910 |
Edmond Locard opens first police forensic laboratory in Lyon, France Albert Osborn Creates guide for documenting crime scene evidence |
|
Forensics Event 1984 |
FBI creates the national Computer Analysis and Response Team to support the regional field offices |
|
Forensics Event 2001 |
VMware creates first x86 virtualization Product |
|
Forensics Event 2003 |
First Open-Source hypervisor (Xen) |
|
Forensics Event 2006 |
Win Vista Enterprise and Ultimate Editions release BitLocker - Full Disk Encryption Amazon officer Amazon Web Services (AWS) |
|
Forensics Event 2009 |
Solid State Drives (SSD) offered in laptops |
|
Legal Event 1791 |
Bill of Rights (4th and 5th ammendments) Freedom from unreasonable search and seizure and Freedom from self-incrimination |
|
Legal Event 1934 |
Federal Communications Act |
|
Legal Event 1967 |
Katz v. United States (Physical Conversation protected from unreasonable search and seizure) |
|
Legal Event 1968 |
Omnibus Crime Reporting Act |
|
Legal Event 1986 |
Computer Fraud and Abuse Act |
|
Legal Event 2008 |
Identity Theft and Restitution Act |
|
Two(2) Primary objectives of computer forensics |
To Collect, Protect, and Store potential Evidence and To do so in a timely manner |
|
Role of the Forensics Investigator |
To act as the expert in detecting evidence, preserving evidence, analyzing evidence, and reporting findings. They go to the crime scene |
|
What is PIEID |
Preservation, Identification, Extraction, Interpretation, Documentation This is the process used by Forensics Investigators |
|
Two(2) Great Laws of Forensics Investigation |
1. Always work with a copy of the data 2. Leave the device in the state that you found it (If off, leave off - If on, leave on) |
|
What is FRE |
Federal Rules of Evidence Laws that determine what can be admitted into evidence in a Federal Courtroom |
|
What is hearsay |
Hearsay as defined in Rule 801 is: "A statement, that the declarant did not make while testifying at the current trial or hearing, and a party offers in evidence to prove the truth of the matter asserted in the statement." |
|
What are Computer Generated Records? |
Records produced by a running computer program. |
|
What are Computer-Stored Records? |
Records that have been generated by a person. "Only people go to the store" |
|
What is chain of custody? |
Chain of custody is a documented record of who had possession and control over a particular piece of evidence at every moment until that object is entered into evidence in the courtroom. |
|
What is Essential and Non-Essential Data? |
Data that can be trusted or not-trusted (Respectively) |
|
Who performs Software Testing to ensure software produces valid results |
CFTT (Computer Forensic Tool Testing) a group within NIST (National Institute of Standards and Technology) |
|
What is CFReDS? |
It is NISTs Computer Forensics Reference Data Set |
|
What activities should your toolset support? |
1. Acquisition 2. Validation and Discrimination 3. Extraction 4. Reconstruction 5. Reporting |
|
What is DOD 5220.22-M |
Often sited as the standard for data sanitization. Though it is now used more as a reference for finding other resources with regards to proper sanitization methods |
|
What is the Matlock Decision? |
A ruling that dictates a third party can consent to the search of property that is under their joint access or control. |
|
Under what circumstances can you search and seize evidence without a warrant? |
1. Under Exigent Circumstances (IE property is in the process of being destroyed)
2. Plain view (The evidence is in plain view of an individual) a. must be in lawful position to observe the evidence b. must the fact that it is incriminating must be readily apparent 3. After lawful arrest |
|
What is the Electronic Communications Privacy Act (ECPA) AKA Stored Communications Act (SCA)? And what is it's legal code? |
Regulates what and how the government can obtain from a network service providers.
18 U.S.C. SS 2701-2712 |
|
What is the:
Wiretap Statute AKA Title III And what is its legal code? |
Regulates the collection of actual content from a communications network. Prohibits the interception, use or disclosure of communication unless statutory exceptions apply. 18 U.S.C SS 2510-2522 |
|
What is the: Pen Registers and Trap and Trace Devices of title 18 AKA Pen/Trap statute And what is its legal code? |
Regulates the collection of addressing and non-content information (metadata and addressing information) 18 U.S.C SS 3121-3127 |