Related Essays

  • Forensic Investigation Failure

    Secondly is to protect and secure the useful promising information that is relevant to the computer. An investigator should ensure that no available evidenc...

  • Loss Of Evidence

    Preserving and maintaining evidence in a forensic lab that was collected at a scene is crucial when conducting an investigation. A device that is suspected t...

  • Digital Forensic Investigation

    The collection process shall commence utilizing the forensic toolkit necessary for all the devices, conducting either live or dead acquisition, depending the...

  • Why Is Computer Forensics Important

    The most important rule in computer forensics is minimal handling of the original. This is when you can make a copy of the evidence you’ve discovered but is ...

  • Questions Relevant Guidelines For Forensic Investigations

    Before starting the investigation, I need to prepare in order to conduct the investigation efficiently. The following steps are needed to take in the prepara...

  • Forensic Technology Essay

    It’s very important to get copies of all the documents and prepare a testimony in court. With copies, the original computer and evidence stays intact com...

  • Digital Forensics

    It is critical to precisely recode the area of the scene; the scene itself, the power state (i.e. on or off), computer conditions, storage media, remote netw...

  • Key Factors In Digital Forensics

    Another key factor in digital forensics is following evidence handling protocols. Bulbul (2013) says “Digital evidence must be handled carefully to preser...

  • Computer Forensic Investigation

    In computer forensic investigation, the first pro-active step is that of acquisition. However, the method used for data acquisition by a forensics investigat...

  • Digital Forensics

    With that being said, the purpose of writing this document will aide in helping to train patrol officers in how to do a complete analysis when collecting and...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/15

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

15 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)

, after an intrusion has occurred and the intruder has been removed from the system which of the following is the best next step or action to take

Backup all logs an audit regarding the incident

Which of the following is important aspect of evidence gathering

Backing up all log files and audit trails

which method can be used to verify that a bit level image copy of a hard drive is an exact clone of the original hard drive collected as evidence

Hashing

The immediate preservation of evidence is paramount when conducting a forensic analysis which of the following actions is most likely to destroy critical evidence

Rebooting the system

How can a criminal investigator ensure the integrity of removable media device found while collecting evidence

Create a checksum using a hashing algorithm

You manage to network for you company you have recently discovered information on a computer hard drive that might indicate evidence of illegal activity you want to perform forensic activities on the best to see what kind of information it contains what should you do first

Make a bit level copy of the disc

During a recent site survey you find the ROUGE wireless access point on your network which of the following actions with you take first protect your network while still preserving evidence

Disconnect the access point from the network

You have discovered a computer that is connected to your network that was used for an attack you have disconnected computer from the network to isolate it from the network and stop the attack what should you do next

Perform a memory dump

When conducting a forensic investigation in assuming that the attack has been stopped which of the following actions would you perform first

Document what's on the screen

From most to least volatile

From most to least

Best definition of security incident

When conducting a forensic investigation which of the following initial actions is appropriate for preserving evidence

Document what's on the screen

What is most important element related to evidence in addition to the evidence itself

Chain of Custody documents

,chain of custody is used for what purpose

Listing people coming into contact with evidence

You have been asked to draft a document related to evidence gathering that contains details about personal and professional in control of evidence from the time of discovery up through the time of presentation in court what type of document is it,?

Chain of custody