DF347 Networks Forensics Quiz

Questions and Answers

What is a key measure to minimize accidental contamination during evidence handling?

Using standard envelopes for evidence packaging

Isolating bulk and trace evidence (correct)

Storing evidence in open containers

Assigning multiple people to handle evidence

Which of the following is essential for maintaining the integrity of evidence?

Keeping evidence in closed boxes until needed

Mixing samples to verify testing

Assiduous use of logging systems (correct)

Omitting note-taking for efficiency

How can the accidental mislabeling of evidence be minimized?

Relying on verbal descriptions instead of written labels

Incorporating specific SOPs designed for labeling (correct)

Allowing anyone to label their own evidence

Using disposable labeling materials

What is an effective way to prevent cross-contamination between samples?

Employing decontamination procedures for surfaces and people

What role does contemporaneous note taking play in evidence handling?

It serves to demonstrate compliance with SOPs

What role can a dedicated exhibits officer play in the evidence chain?

What is the primary objective of forensic science in the context of a criminal investigation?

To establish guilt or innocence of suspected individuals

Which phase in evidence processing involves the examination and laboratory work on recovered evidence?

Examination and laboratory analysis

What is critical to maintaining the integrity of physical evidence collected from a crime scene?

Properly documenting and securing the evidence

What does the term 'chain of custody' refer to in forensic investigations?

The chronological documentation of evidence handling

Which type of evidence may be collected during a forensic investigation at a crime scene?

Various types including DNA, fingerprints, and digital evidence

What is the first step in processing physical evidence from a crime scene?

Recovery and continuity of evidence

Which of the following processes ensures that forensic evidence is trustworthy and relevant to law enforcement?

Quality standards and ethical oversight in forensic practice

What is an essential consideration when packaging evidence from a crime scene?

Ensure the packaging prevents contamination or damage

What is the primary responsibility of Scenes of Crime Officers (SOCOs)?

To identify and recover items of physical evidence

What is a critical aspect of maintaining evidence integrity?

Documenting the chain of custody accurately

Which component is NOT necessary for ensuring continuity of evidence?

Signatures not required on evidence seals

What does the term 'chain of custody' primarily ensure?

The legal admissibility of evidence in court

What procedure can help prevent evidence tampering?

Implementing tamper-evident seals on packaging

What must be done whenever evidence is handled to maintain its integrity?

Document who handled it and when

Why is it important to guard against evidence contamination?

It may lead to evidence being declared inadmissible

What procedure helps maintain security during evidence handling?

Securing packaging while documenting the handling process

Study Notes

DF347 Networks Forensics

• Course: DF347 Networks Forensics
• Semester: 1
• Academic Year: 2024/2025
• Dates: October 13th - 17th, 2024
• Instructor: Dr. Basil Elmasri
• Email: [email protected]

Computer Networks Layers

• TCP/IP protocol suite and OSI 7-layer model are presented.
• The TCP/IP model is a hybrid model combining the layers.

Encapsulation and Decapsulation

• Data is encapsulated with headers at each layer of the model.
• Headers are added at each layer (application, transport, network, data link, physical).
• Each layer adds its header to the data before sending it to the next layer.
• The process of unpacking the headers is known as decapsulation.
• The process of packaging the data with headers at each layer is called encapsulation.

Encapsulation and Decapsulation Example

• Server A sends a webpage to B.
• The webpage is broken into chunks.
• Headers are added to each chunk—HTTP, TCP, IP, MAC—along with a trailer.
• The frame is converted to bits (0s and 1s).
• The bits are sent through the network.
• PC B receives the bits and unpacks the headers (decapsulation).
• The webpage is assembled by removing the headers.

Forensic Science

• Forensic science is the application of science to the justice system.
• It aims to resolve both civil and criminal cases.
• Forensic science commonly involves criminal case investigations.
• It is used to associate people, places, and things to criminal activities.
• The discipline divides into distinct parts, like the definition itself.

Evidence Processing

• Crime scene investigation starts with evidence processing.
• Three phases are typically involved: recovery, examination, and interpretation.
• The recovery involves gathering evidence.
• Examination involves detailed analysis in a lab.
• Interpretation is the process of determining the meaning of the evidence found.

Recovery and Continuity of Evidence

• Integrity of evidence is crucial.
• Documentation of each evidence step is required.
• The chain of custody records who handled the evidence, when, and how.
• Records must track who handled the evidence, keeping track of contamination, deterioration, and mislabeling.
• Courts require a documented and uninterrupted chain of custody.

Loss of Integrity

• Includes tampering, accidental contamination, deterioration, and accidental mislabeling.
• Proper packaging and storage are crucial.
• Use of tamper-evident seals and secure evidence storage is important.
• Documentation needs to be preserved throughout the process.

Description

Test your understanding of the encapsulation and decapsulation processes in computer networks. This quiz covers the TCP/IP protocol suite and the OSI 7-layer model as discussed in the DF347 Networks Forensics course. Evaluate your knowledge on how data is transmitted across different layers of the model.