Computer Forensics Lab Standards

Questions and Answers

What is the purpose of the UltraBlock SATA/IDE WRITE-BLOCKER in a forensics lab?

• To prevent any modification of the evidence during acquisition (correct)
• To delete unwanted files from the evidence
• To enhance the speed of data processing
• To increase storage space on computers

The dd utility is commonly used for deleting files in forensic investigations.

False (B)

What is a skimmer?

An electronic device used to capture data from the magnetic stripe on a debit, credit, or prepaid card.

The first six digits of a credit card number are known as the _____ Identification Number (IIN).

Issuer

Which command-line utility is faster and interprets characters literally?

FGREP (A)

Match the following forensic tools with their functions:

SIM Card Reader = Reads data from mobile SIM cards Evidence Bags = Secures physical evidence USB-Powered Hard Drive = Stores digital evidence Computer Forensics Laboratory Sign-In = Tracks personnel access to the lab

Email preparation is not part of the evidence acquisition process in computer forensics labs.

False (B)

What does GREP stand for?

Global Regular Expressions Print

What organization provides guidelines and standards for forensic labs?

American Society of Crime Laboratory Directors (C)

ASCLD is an accrediting body for forensic laboratories.

False (B)

What is the primary purpose of a computer forensics laboratory?

To handle, acquire, and analyze digital evidence.

ASCLD/LAB has been accrediting crime labs since _______.

1982

Which of the following is NOT a requirement for a computer forensics lab?

Membership in ASCLD (D)

The certification process for crime labs includes computer forensics labs.

True (A)

What is the role of ASCLD/LAB?

To accredit crime labs including computer forensics labs.

Match the following organizations with their roles:

ASCLD = Provides guidelines and standards ASCLD/LAB = Accredits crime laboratories FBI = Investigates federal crimes ANSI = Develops national standards

Flashcards are hidden until you start studying

Study Notes

Acquiring Evidence in a Computer Forensics Lab

• A computer forensics lab is essential for evidence handling, acquisition, and analysis
• There are similarities in basic requirements and guidelines for forensics labs
• The American Society of Crime Laboratory Directors (ASCLD) provides guidelines and standards for forensics labs.
• ASCLD/LAB is a separate nonprofit entity that accredits crime labs.
• ASCLD/LAB was originally a committee within ASCLD and became a separate entity in 1984.
• ASCLD/LAB certifies labs for federal, state, and local agencies, and some crime labs outside the United States.
• ASCLD/LAB certification includes standards for computer forensics labs.
• ASCLD/LAB promotes a code of ethics for lab staff and management.

Computer Forensics Laboratory Requirements

• Private sector computer forensics laboratories have specific requirements.
• Private sector labs require expertise in evidence acquisition, email preparation, inventory control, and web hosting.

Laboratory Requirements

• Evidence lockers are crucial for secure storage of digital evidence.
• Evidence lockers should meet specific security and environmental standards.
• Digital evidence requires specific handling and storage procedures.

Digital Evidence

• Digital evidence includes data stored electronically
• Digital evidence is susceptible to alteration, deletion, or corruption
• Proper procedures must be implemented to preserve the integrity and authenticity of
• digital evidence.

UltraBlock SATA/IDE WRITE-BLOCKER

• Write-blockers prevent accidental modification of evidence drives.
• Write-blockers ensure that evidence is not altered or deleted.
• They are a critical component for evidence acquisition.

SIM Card Reader

• SIM card readers are used to extract data from mobile phones.
• Information on SIM cards can include contacts, messages, and call logs.
• These readers are essential for mobile device forensics.

USB-Powered Hard Drive

• USB-powered hard drives provide portable storage for forensic data.
• They are convenient for transferring data between labs and workstations.
• USB-powered hard drives should be formatted using a forensic file system.

Evidence Bags

• Evidence bags are used to package and seal digital evidence.
• Evidence bags should be tamper-evident to ensure chain of custody.
• They help to preserve the integrity of evidence during transport and storage.

Computer Forensics Laboratory Sign-In

• A sign-in log helps to track access to the laboratory.
• The sign-in log ensures accountability for evidence handling.
• It helps to maintain the chain of custody for digital evidence.

UNIX & Linux Commands

• UNIX and Linux commands are powerful tools for data extraction.
• The dd utility copies data from a source to a destination.
• The dd utility is an accepted file format for forensic imaging.
• Global Regular Expressions Print (GREP) extracts data using pattern matching.
• Extended Global Regular Expressions Print (EGREP) allows for use of operators not found
• in basic GREP.
• Fast Global Regular Expressions Print (FGREP) interprets characters literally and is faster than GREP.

Financial Fraud

• Credit card numbering systems, including the Major Industry Identifier (MII), are used to identify various industry categories.
• The Issuer Identification Number (IIN) refers to the first six digits of a credit card number.
• Skimmers are electronic devices used to capture data from magnetic stripes on cards.
• Skimmers are common tools used by identity thieves.
• Skimmers are often examined in a computer forensics laboratory.
• Skimmers are illegal in the United States but can be purchased in Canada or online.
• Parasites are point-of-sale skimmers.