Securitate Cybernetic: Personas e Roles

Questions and Answers

Quale position es tenite per Robert Morgester?

Attorney Advisor

Vice President

Detective

Deputy Attorney General (correct)

Unde se trova le office de Abigail Abraham?

Sacramento, California

Chicago, Illinois (correct)

Charlotte, North Carolina

Phoenix, Arizona

Qual es le titolo de Amber Haqqani?

Sergeant

Chief Systems Engineer

Director de Digital Evidence (correct)

Staff Attorney

Quale departamento es David Arnett associate?

Arizona Department of Public Safety

Ubi se trova le Postal Inspection Service?

Dulles, Virginia

Quale rol es tenite per Don Flynn?

Attorney Advisor

Qual es le nomine del attorney contente in le documento?

Carleton Bryant

Qual es le profession de Walter E. Bruehs?

Forensics Examiner

Quale unitate de le National Institute of Standards and Technology es Rick Ayers membro?

Digital Evidence Unit

Quale es le localitate del office de Menz and Associates?

Folsom, California

Quo es le location de le NSLEC Centre for National High Tech Crime Training?

Wyboston Lakes Business and Leisure Centre

Qual es le responsabile de le Technical Assistance Section?

Dave Heslep

Quale position non es mentionate in le document?

Governor

Quo es le location de le Nebraska State Patrol?

Omaha, Nebraska

Quale section es associate con Dave Ausdenmoore?

Regional Electronics and Computer Investigation Section

Qual es le profession de Chip Johnson?

Lieutenant

Qual es le principale objective de un examination forense digital?

Maintener le integritate del evidentia original

Qual information pote esser revelate per un examination de media electronic?

Le registri de proprietate e information de registratio de software

Qual es un challenge in le analysis de recordings audio obtinente per le polizia?

Le presenza de ruido ambiante

Qual technologia es usate pro mejorar le qualitá de videos in le context de le investigation?

Technologia pro analisar e mejorar le qualitá del imagines

Que type de files pote esser recuperate durante un analysis forense?

Files deletate e ocultate

Qual information de le usuarios pote esser includite in un examination forense de computer?

Emails e log de chat

Qual de le subsequente es un usus forense de examination de datos?

Crear un cronologia de eventos

Le qual es un aspecte negativo de tapes de surveillance durante un investigation?

Le tapes es in formato proprietary e de qualitá pobre

Qual informationes un investigator pote compeler in conformitate con 18 U.S.C.§ 2703(f)?

Informationes de subscriber e datos transaccionales

Qual necessitas pro obtiner informationes de un proveedor de service in relation al VoIP?

Un ordine de wiretap pro interceptar contento

Quo es le contento de communicationes in le contexto de VoIP?

Le real communicationes inter usuarios

Qual es le restrictives che governante le investigatores e societates de telecommunications?

Le Title III

Qual informationes pote un provider de VoIP mantener?

Informationes de subscriber e datos de connection

Quo de le mesme processu legal es usate per obtenir informationes de VoIP e de un ISP?

Le requisito de un ordine legal

Qual es un exemplo de dato transaccional que un provider pote tener?

Data e hora de connexion

Quo es le consequente pro le non-consensual interception de communicationes?

Il require un ordine de wiretap

Qual es le methodo le investigator deberea usar si il es incert si un dispositivo es conectante con altere?

Replace le batterias del dispositivo.

Que debe le investigator facer si illes decide connectar duo dispositivos?

Informa le persona faciente data recovery.

Qual de le sequente non es un tipo de accesso controle?

Chiave

Qual es le triade essential in le authentication de identitate?

Qualcosa que tu have, qualcosa que tu sape, qualcosa que tu es.

Qual tipo de dispositivo evalua “qualcosa que tu es”?

Biometric device

Quo es un potenzial risk si un dispositivo es connectate a un altere dispositivo durante le data transfer?

Transfer de data poterea occurrer.

Qual es le beneficio principal de usar dispositivis de accesso controle per un investigator?

Stabilir le presentz o absentia de un individuo in un location controlate.

Que pote complicar le recuperação de data si un dispositivo es inactive o dormiente?

Activation de passwords.

Which office administers the Interagency Agreement #2003–IJ–R–029?

National Institute of Justice

The National Institute of Justice includes only the Office for Victims of Crime and the Office of Juvenile Justice and Delinquency Prevention.

False

Name one primary role of Phillip Osborn mentioned in the document.

Senior Special Agent

The National Institute of Justice is a component of the Office of ______ Programs.

Justice

Match the following individuals to their respective roles:

James R. Doyle = National Program Manager Joseph Duke = U.S. Special Agent Phillip Osborn = Senior Special Agent Rick Ayers = Member of the National Institute of Standards and Technology

Which of the following is NOT listed as a component of the Office of Justice Programs?

Office of Cyber Security

The Technology Working Group includes members from only local law enforcement agencies.

False

What role does Joseph Duke hold as mentioned in the document?

U.S. Special Agent

What is the screen name of the suspect involved in the investigation?

LittleMS123

Records obtained from Acme Online indicate that the account established in the name of Mike Smith used a credit card associated with himself.

False

What purpose did the undercover activity serve in locating the suspect?

To engage with the suspect online and arrange a meeting.

The suspect, Mike Smith, is the owner of a child talent agency in _______.

Anytown, USA

Match the terms with their descriptions:

Dial-up access number = A method for connecting to the internet Undercover account = An account used to conduct covert operations Chat room = A virtual space for online conversations User account = An online identity for accessing services

Who is the Assistant Director at the National White Collar Crime Center?

Bill Crane

Tom Kolpacki works for the Denver District Attorney's Office.

False

What is the primary role of Al Lewis as mentioned in the content?

Special Agent

The _____ is associated with the CyberScience Lab.

National Law Enforcement and Corrections Technology Center–Northeast

Match the following individuals with their respective organizations:

Al Lewis = USSS Electronic Crimes Task Force Glenn Lewis = SEARCH Group, Inc Richard Salgado = U.S. Department of Justice Chris Stippich = Digital Intelligence, Inc.

What city is the Air Force Office of Special Investigations located in?

Quantico, Virginia

Jim Riccardi, Jr. is a Computer Training Specialist.

True

Who is the Chief of Research and Development at the Air Force Office of Special Investigations?

Larissa O’Brien

Richard Salgado is associated with the _____ Section.

Computer Crime and Intellectual Property

Which of the following individuals works for the Denver District Attorney’s Office?

Henry (Dick) Reeve

What is the focus of techniques discussed in Chapter 1?

Information gathering

Digital evidence can only be found on computers.

False

Name one type of tool used for video surveillance.

Digital security cameras

________ is used to track the location of a vehicle using satellite signals.

Global Positioning System (GPS)

Match the following tools with their primary functions:

Caller ID devices = Identifying incoming calls Encryption tools = Securing data Digital cameras = Capturing images Voice recorders = Recording audio

Which of the following concerns is associated with battery-operated devices?

Power concerns

Steganography is used to conceal information within files.

True

What is one method used for data preservation?

Imaging

The primary purpose of __________ devices is to verify the identity of users.

access-control

Which of the following tools is NOT typically used for audio examination?

Video surveillance systems

What is the primary purpose of this special report?

To serve as a resource for law enforcement dealing with technology-related crimes

The information in the report is considered all-inclusive regarding technology-related investigations.

False

What must investigators consider when implementing the information from the report?

Current technology and practices.

The report recognizes that all investigations are __________.

unique

Match the following terms to their descriptions:

ECPA = Electronic Communications Privacy Act Warrantless Search = Search without a warrant Seizure = Taking possession of evidence Digital Forensics = Analysis of electronic data

Which area of law enforcement does this report primarily serve?

Technology-related crimes

Investigators are discouraged from using their judgment when applying information from the report.

False

What aspect of technology does the report emphasize in law enforcement investigations?

Tools and techniques for investigating technology-related crimes.

The report is intended for law enforcement personnel including investigators, first responders, and ______.

detectives

What should be adjusted in accordance with the information in the report?

Tools for investigating technology crimes

Who holds the position of Assistant U.S. Attorney in the Western District of Wisconsin?

Timothy O’Shea

Susan Ballou is the President & CEO of a forensic science company.

False

Name the location of Thom Quinn's position?

California Department of Justice

Anjali R. Swienton is the President and CEO of ______.

SciLawForensics, Ltd.

Match the following professionals with their roles:

Timothy O’Shea = Assistant U.S. Attorney Susan Ballou = Program Manager for Forensic Sciences Thom Quinn = Program Manager Anjali R. Swienton = President & CEO

Which member is from Madison, Wisconsin?

Timothy O’Shea

All members of the Technology Working Group are from federal agencies.

False

Identify the professional role of Susan Ballou.

Senior Litigation Counsel

What is the primary purpose of authenticating a recording?

To determine the source or origin

Advanced skills are not required to analyze and interpret audio data.

False

What legal consideration should be taken before examining original recordings?

Seek legal guidance

The process of converting _______ to digital formats is a common use of audio examination tools.

analog recordings

Match the following tools with their primary function:

Caller ID devices = Display incoming call numbers Signal-processing equipment = Analyze audio data Audio enhancement software = Improve sound quality Digital conversion tools = Convert analog to digital formats

Which of the following technologies is mentioned as potentially having investigative value?

Digital camera

The physical location of the devices always aligns with the location of the data.

False

What is one factor to consider about the security of a device?

Physical security or data security

The _______ of the user can impact the effectiveness of using technology during investigations.

skill level

Match the following terms with their definitions:

PDA = Personal digital assistant Firewall = Security barrier for networks Remote access = Ability to connect to a system from a distance System administrator = Person responsible for maintaining the system

What information might be revealed if a device is connected to the internet?

All of the above

All user accounts and passwords are always stored securely on devices.

False

If information is transmitted to other recipients, it can happen through _______ methods.

online, telephone, or personal

What can complicate data retrieval if a device is inactive?

It may not be accessible or operational.

Who may have administrative privileges on a system?

System administrator

What should be done with electronic evidence during its seizure and examination?

Ensure it is fully documented and preserved

Specialized training is not necessary for the examination of digital evidence.

False

What should be available for review after the examination of electronic evidence?

Full documentation of the examination process

Actions taken to secure and collect evidence should not ______ that evidence.

change

Match the type of evidence with its documentation requirement:

Digital Evidence = Must be preserved and documented Physical Evidence = Should be stored securely Witness Testimonies = Requires a signed statement Items of Clothing = Documented chain of custody

Which of the following is essential before conducting an examination of electronic evidence?

Consult appropriate personnel

Documentation of the examination process is optional.

False

Name one source where further information on electronic evidence can be found.

Electronic Crime Scene Investigation: A Guide for First Responders

The handling of electronic evidence must adhere to various ______ and laws.

federal, state, and local

Which of the following actions is NOT appropriate when dealing with electronic evidence?

Seize evidence without proper authorization

Which of the following devices can be modified to perform functions beyond their intended purpose?

Microsoft Xbox®

Data can be maintained in devices powered by batteries as long as the power supply is continuous.

True

What should investigators do to prevent data loss in battery-operated devices?

Immediately replace the batteries or place the device in its charger.

Some small electronic devices, such as PDAs, can connect to more ______ devices like computers.

powerful

Match the following devices with their possible modifications:

Cell Phones = Can be modified to be firearms PDAs = Hollowed-out for storage of narcotics Microsoft Xbox® = Altered to store data Watches = Store data

What could complicate the recovery of data from a device?

If the device is inactive or in sleep mode

All cords connected to devices are easily identifiable for power and data transfer.

False

Why should investigators be aware of the surroundings of a device?

To gain clues about the likelihood of the device being altered.

As devices become ______ functional, more data can be stored in everyday objects.

multifunctional

What must receiving personnel be alerted about when custody of a device is transferred?

The power requirements of the device

Which of the following individuals is associated with the USSS Electronic Crimes Task Force?

Al Lewis

Henry (Dick) Reeve is the Deputy District Attorney in Chicago, Illinois.

False

What city is Glenn Lewis associated with?

Sacramento, California

Tom Kolpacki works as a ___________ for the Ann Arbor Police.

Detective

Match the following individuals with their roles:

Al Lewis = Special Agent, USSS Electronic Crimes Task Force Thomas Musheno = Forensic Examiner, FBI Jim Riccardi, Jr. = Computer Training Specialist, CyberScience Lab Chris Stippich = President, Digital Intelligence, Inc.

Which organization's office is located in Fairmont, West Virginia?

National White Collar Crime Center

Richard Salgado is a forensic audio specialist.

False

Who is the Chief of Research and Development at the Air Force Office of Special Investigations?

Larissa O’Brien

Which of the following describes the purpose of the special report?

To serve as a resource for law enforcement personnel dealing with technology-related crimes

The special report includes exhaustive information on all technology-related crimes.

False

What should be considered in the implementation of the special report?

Current technology and practices

The report is a resource for law enforcement personnel, including ______, first responders, and prosecutors.

investigators

Match the following sections of the report with their content:

Appendix A = Glossary Appendix B = Technical Resources List Appendix C = Hacked Devices Appendix D = Disclosure Rules of ECPA

Which of the following is NOT included in the appendices of the report?

Victim’s Rights

The special report suggests that all investigations are identical.

False

What must investigators give deference to when implementing the report?

Judgment of investigators

The section titled 'Statutes that affect the seizure and search of ______ evidence' covers legal guidelines regarding electronic evidence.

electronic

Which of the following is a key focus of the special report?

Framework for using high-tech tools in investigations

What types of information can be acquired through service provider records?

Transaction records

Law enforcement officers should avoid revealing their identity when using the Internet in undercover operations.

True

What is a potential risk associated with visiting a website while conducting undercover operations?

Revealing the identity of the investigator or agency through encoded information.

E-mails and chat activity contain ______ information that can reveal the identity of the sender.

encoded

Which of the following is an example of proactive undercover operations?

Investigation of child exploitation

Investigators do not need to request preservation of records from online services.

False

Match the following law enforcement actions to their purposes:

Proactive undercover operations = Investigation of serious crimes Request record preservation = Maintain evidence Use of chat programs = Identify suspects Internet tracking = Reveal user activity

What specialized assistance is often required for undercover operations?

Specialized training and legal counsel.

Websites often track the user's ______, time, and date of access.

IP address

What kind of information can online chat content provide in a criminal investigation?

Direct evidence of communications

Which of the following items may indicate the existence of a related device?

Computer accessories like cradles

Publicly available information cannot be obtained from Internet searches.

False

What is one type of consumer electronic device mentioned that might be involved in an investigation?

Cell phone

Documents containing access information may include user names and __________.

passwords

Match the following items to their potential purpose:

ThumbDrives = Storage media Webcam = Video recording GPS = Location tracking Caller ID box = Identifying callers

Which of the following is an example of storage media?

Memory cards

Recovering abandoned property is a method that can be used in investigations.

True

Name one type of document that might provide evidence during an investigation.

Bills

The presence of __________ at or near the crime scene may indicate possible criminal activity.

ATMs

Which device is commonly associated with monitoring and controlling physical access?

Alarm system

What items were seized during the execution of the search warrant at Smith's residence?

Several computers, digital cameras, and prints of child pornography images

A covert account should be used for undercover activities to ensure communications are traceable.

False

What type of images did the suspect transmit during the online chats?

Pornographic images of children engaged in sexual activities

The address identified through records obtained from the phone company is located in ______, USA.

Anytown

Match the following items with their descriptions:

Digital Cameras = Used to capture still images Analog Answering Machine = Used for voice messages Computers = Used for data storage and internet access Cellular Phone = Used for mobile communication

Study Notes

Personen in Securitate Cybernetic

• Multe personas de diverse organisationes es mentionate in le textu como expertos in le campo de securitate cybernetic
• Le personas e lor roles es mentionate, per exemplo: Robert Morgester - Deputy Attorney General, State of California Department of Justice, Abigail Abraham - Assistant Attorney General, Illinois Attorney General’s Office, Dave Ausdenmoore - Detective, Regional Electronics and Computer Investigation Section, Hamilton County Sheriff’s Office/ Cincinnati Police Department, Rick Ayers - National Institute of Standards and Technology etc.
• Le personas mentionate representa un varie de sectores, incluente le governamento, le policia, le industria private e le academia

Analyse de Evidentia Digital

• Analyse de evidentia digital debe esser facite per personnel formate in un copia forense pro mantener le integritate del evidentia original
• Le examination de media electronic pote revelar informationes como:
  • Informationes de proprietate e registration de software
  • Diarios, jornales e logarithmos
  • Bases de datos, folios de calculo, imagines e documentos
  • Files eliminate e occulte
  • Activitate del internet
  • Communicationes - input del usator (per exemplo, correos electronic, logarithmos de chat)
  • Communicationes - transferencias de datos (per exemplo, peer to peer (P2P), gruppos de novas)
  • Registros financiar
  • Datos pro esser usate in un analyse de linea de tempore
  • Contraband

Analyse de Audio, Video e Imagines

• Technologie existe pro analisar e ameliorar le qualitate de recordings de audio, video e imagines
• Le analyse de audio pote esser usate pro ameliorar le qualitate de recordings de audio que contine sonos ambiente que interfere con le interpretation
• Le analyse de video pote esser usate pro ameliorar le qualitate de tapes de surveillance, que pote esser multiplexate (multiple o division de ecran), proprie in formato, necessitante un platforma specific pro esser visualisate, o de qualitate basse
• Le analyse de imagines pote esser usate pro ameliorar le qualitate de imagines immobile
• Le technologie pro analizar e ameliorar le qualitate de audio, video e imagines pote esser disponibile ab le fabricante o le usator final del equipaggiamento

Informationes de Servitores de Internet (ISP)

• Investigatores pote obtenir informationes ab ISPs con le processo legal appropriate e sufficiente informationes (per exemplo, nomine de usator o adresse IP e data/hora)
• ISPs pote provider le sequente informationes:
  • Informationes del subscriber (per exemplo, nomine e adresse)
  • Methodo de pagamento e informationes de facturation
  • Datos transactional (logarithmo de connectiones, per exemplo, location, hora, ID del chiamante del location de connection, e duration del connection al internet)
  • Contenito del communicationes
  • Informationes miscellanee (per exemplo, nomines de usator additional in le conto, listas de amicos, transmission de correos electronic)

Protocol de Voce super Protocollo Internet (VoIP)

• VoIP permitte al usatores de ordinatores facer appellos telephonic super le internet o reti de ordinatores
• Provideres de communicationes que ofrece VoIP pote mantener informationes del subscriber e informationes transactional concernente iste connections
• Iste informationes pote esser obtenite per le mesme processo legal usate pro obtener informationes ab un ISP, sed le interception in tempore real non-consensual del contenito de iste communicationes pote requirer un ordine de escuta telefonic

Telecommunicationes

• Retis telephonic public provide services de telecommunication per un varie de dispositivos electronic de ordinatores e consumers, como PDAs, telephonos cellular, e alteres
• Investigatores e compania de telecommunicationes es guidate per le autoritate e constraints de Tito III e le Lege de Assistentia de Communicationes pro le Application de Lege de 1994 (CALEA)
• Ordines specific pro le production del sequente typos de informationes es addressate in le Capitulo 3, Questiones Legal

Dispositivos de Controlo de Accesso

• Dispositivos de controlo de accesso tenta autenticar le identitate de un individuo
• Autentication es basate super un o plus elementos del sequente triada: "Alicun cosa que tu ha, alicun cosa que tu sap, alicun cosa que tu es"
• Claves de fob e cartas inteligente es "alicun cosa que tu ha": un objecto physic que establis le identitate
• Teclados require "alicun cosa que tu sap," generalmente un codice de access
• Dispositivos biometric evalua "alicun cosa que tu es" per mesurar o avaliar un characteristic physic specific al persona
• Dispositivos biometric include scanners de iris o retina, scanners de impressione digital, recognition de facie o voce, detectores de passo, e detectores de geometria de mano

Valor de Dispositivos de Controlo de Accesso

• Investigatores pote usar iste dispositivos pro:
  • Stablir le presentia o absentia de un individuo in un location controlate (como in casos de furto de identitate e espionage)

Investigative Tools an Techniques

• This special report is intended to provide guidance to law enforcement personnel, who may have limited or no experience with technology-related crimes. It is not all inclusive, and focuses on the most common techniques, devices, and tools encountered.
• Technology is constantly evolving so users must consider current technologies and practices, adjusting as necessary.
• The special report notes that all investigations are unique and the judgment of investigators should be considered when implementing the information.
• The report offers a practical example of how technology is used in an investigation.
• The example involves a user named LittleMS123 and his association with an account on Acme Online.
• The account is connected to a credit card of the suspect's mother.
• The report suggests that the dial-up access number used by the account may provide clues as to the suspect's location.
• The special report underlines the importance of being aware that fraudulent identification might be used to create user accounts and that multiple users may access the same account from different locations.
• The example then describes an undercover strategy, using a local ICAC Task Force, to locate the suspect. The undercover agent engages the suspect in an online conversation, eventually gaining his telephone number to arrange a meeting.

Legal Issues concerning technology

• The report moves on to legal issues related to the use of technology in investigations.
• It examines constitutional issues and specifically references searches and seizures.
• The special report discusses warrants and warrantless searches, outlining their legal context within the context of electronic evidence.
• It also touches upon those statutes which influence the seizure and search of electronic evidence.
• The report highlights the importance of understanding legal considerations when utilizing technology in investigations.

Introduction

• This report is about investigative techniques for using high technology
• General principles of forensics and procedures are applicable to the use of technology in investigations
• Special training is needed for examining electronic devices
• Electronic evidence should be fully documented, preserved, and available for review

Techniques

• This chapter discusses techniques and resources that can be used in investigations
• These techniques should be considered:
  • What technologies did the parties involved have access to, use, and knowledge?
  • What is the skill level of the user?
  • What is the security of the device?
  • Who owns the equipment?
  • What accounts, logins, and passwords are on the device?
  • What logs are available?
  • How frequently was the device used?
  • How was the device used?
  • Is there offsite storage?
  • Was information transmitted to others?
  • What services and providers are used?
  • Who is the system administrator?
  • Who has administrative privileges?
  • Is there remote access to the devices or computer systems?
  • Is the system patched and up to date?
• It is important to identify the location of information with investigative value, which may not be the same as the physical location of the devices or subjects
• Investigators should collect all relevant devices and media because devices can be multifunctional
• Devices can be modified to perform functions beyond their original intent
• Investigators should be aware of the environment that a device has been found in, to search for potential modifications

Power Concerns with Battery-Operated Devices

• Some devices contain memory that requires continuous power to maintain information
• To avoid data loss, place devices in their chargers or replace their batteries immediately
• Receiving personnel should be notified about the power requirements of devices
• Some devices connect to computers to synchronize data
• Be sure to determine the use and need for all cables attached to devices

Audio/Video Recordings

• Audio/video recordings can be used in cases where the identity of the speaker or the content of the conversation is in question
• Ensure the recording was lawfully acquired.
• Consider seeking legal guidance prior to the examination of the original recording
• Authenticate a recording by determining the origin and whether it has been altered
• Determine the time, sequence, and direction of the source of sounds on a recording
• Convert recordings to other formats

Caller ID Devices

• Caller ID devices display telephone numbers of incoming calls

Investigative Uses of Technology

• The text describes investigative techniques and tools used in technology-related crimes.
• The text emphasizes the importance of using current technology and adjusting practices as needed.
• Investigators should consider available devices, tools, and techniques when investigating technology-related crimes. The text also provides examples of resources that can be helpful for investigations.
• Investigators can use publicly available information from government records, internet searches, internet registries, transactional information related to the internet connection, or direct evidence of the crime.
• Internet tools can be used to identify users and internet connections; they can be used to collect evidence directly and proactively communicate with suspects.
• The text discusses proactive undercover operations on the internet as a tool for investigation, especially for areas like child exploitation and trafficking of contraband.
• Undercover operations require specialized training and legal counsel.
• Law enforcement should use covert accounts during undercover activities as to not reveal their identity or agency affiliation.
• Documenting undercover and online activities is essential and requires specialized training.
• Agency and legal authorization are required in conducting undercover activity.
• The text highlights the importance of preserving and obtaining records from service providers like telephone companies because the records may only exist for a limited time.
• Web sites often track IP addresses, time, and date of access, which can be used as evidence.
• The text provides a case study of an investigation that involved an undercover operation and the use of a search warrant to seize digital evidence.
• The text also states that several printed images from the suspect's residence appeared to be identical to the images from the station computer.

Description

Este quiz explora le diversos personas e lor roles in le campo de securitate cybernetic. Discurre le contributiones de expertos de diferentes sectores como governamento, policia, industria privada, e academia. Testa tu comprehension de iste figuras e lor importatia in le securitate digital.