CSF 3403 - WKs 1,2
39 Questions
7 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What are digital forensics? (detailed)

The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.

What ISO digital forensics standard was ratified in October 2012?

ISO 27037 Information technology - Security techniques

What does computer forensics, which involves investigating digital devices, include?

  • Securely collecting data
  • Examining suspect data to determine details such as origin and content
  • Presenting digital information to courts
  • Applying laws to digital device practices

What does the network forensics field attempt to do? What does it use? and what does it determine?

<ul> <li>attempts to get info about how someone accessed the network.</li> <li>uses log files to determine when users logged on, which URLs they accessed, how they logged on to the network, and from where.</li> <li>determines what tracks or new files were left behind on a victims' computers and what changes were made.</li> </ul> Signup and view all the answers

What are digital forensics? (brief).

<p>the task of recovering data that users have hidden or deleted and using it as evidence. This evidence can be Inculpatory (“incriminating”) or exculpatory.</p> Signup and view all the answers

What does data recovery involve?

<p>retrieving information that was deleted by mistake or lost during a power surge or server crash</p> Signup and view all the answers

What is evidence?

<p>the collection of facts or information indicating whether a belief or proposition is true</p> Signup and view all the answers

What is inculpatory evidence? Provide an example.

<p>evidence that proves the suspect isn't innocent. example: When it is proven that the e-mail sent containing verbal abuse was by the suspect.</p> Signup and view all the answers

What is exculpatory evidence? Provide an example.

<p>evidence that could prove the innocence of the suspect. example: we might discover that the email was sent by another user on that computer.</p> Signup and view all the answers

What does the investigations triad consist of in an enterprise network environment?

<ul> <li>risk management and vulnerability assessment</li> <li>network intrusion detection and incident response</li> <li>digital investigations</li> </ul> Signup and view all the answers

What is the purpose of digital forensics and what tools can be used?

<p>Purpose: manages investigations and conducts forensics analysis of systems suspected of containing evidence related to an incident or a crime. Tools: FTK, ProDiscover, EnCase, Oxygen Forensics.</p> Signup and view all the answers

What is the purpose of vulnerability/threat assessments and risk management, and what tools can be used?

<p>Purpose: tests and verifies the integrity of stand-along workstations and network servers. Tools: Nessus.</p> Signup and view all the answers

What is the purpose of network intrusion detection and incident response, and what tools can be used?

<p>Purpose: detects intruder attacks by using automated tools and monitoring network firewall logs. Tools: Firewall.</p> Signup and view all the answers

When is case law used and why?

<p>case law is used when statutes don't exist, because existing laws can't keep up with the rate of technological change.</p> Signup and view all the answers

What is the purpose of case law?

<p>It allows legal counsel to apply previous similar cases to current one in an effort to address ambiguity in laws.</p> Signup and view all the answers

How can one supplement their knowledge when developing digital forensics resources?

<ul> <li>by developing and maintaining contact with computing, network, and investigative professionals.</li> <li>by joining computer groups in both public and private sectors (eg: CTIN meets to discuss problems encountered by digital forensics examiners).</li> <li>by consulting outside experts.</li> </ul> Signup and view all the answers

What are the two categories of digital investigations?

<p>Public and private sector investigations.</p> Signup and view all the answers

What do public sector investigations involve?

<p>government agencies responsible for criminal investigations and prosecution.</p> Signup and view all the answers

What do private sector investigations deal with and what do they involve?

<ul> <li>deal with private companies, non-law-enforcement government agencies, and lawyers.</li> <li>not directly governed by criminal law/fourth amendment issues.</li> <li>governed by internal policies that define expected employee behavior and conduct in the workplace.</li> <li>involve litigation disputes.</li> <li>usually conducted in civil cases.</li> </ul> Signup and view all the answers

What kinds of computer related crime laws should you understand when conducting public sector investigations?

<ul> <li>Standard legal processes</li> <li>Guidelines on search and seizure</li> <li>How to build a criminal case</li> </ul> Signup and view all the answers

What do legal processes depend on?

<p>local custom, legislative standards, and rules of evidence.</p> Signup and view all the answers

What are the three stages of a criminal case?

<ul> <li>complaint</li> <li>investigation</li> <li>prosecution</li> </ul> Signup and view all the answers

Who is involved in private sector investigations?

<p>private companies and lawyers who address company policy violations and litigation disputes.</p> Signup and view all the answers

What can corporate computer crimes include?

<ul> <li>E-mail harassment</li> <li>Falsification of data</li> <li>Gender and age discrimination</li> <li>Embezzlement</li> <li>Sabotage</li> <li>Industrial espionage</li> </ul> Signup and view all the answers

How can private organizations avoid litigation?

<ul> <li>Publish and maintain policies that employees find easy to read and follow.</li> <li>Published company policies provide a “line of authority” for a business to conduct internal investigations</li> <li>well-defined policies give computer investigators and forensic examiners the authority to conduct an investigation.</li> <li>by displaying a warning banner on computer screens (informs end users that the organization reserves the right to inspect computer systems and network traffic at will).</li> </ul> Signup and view all the answers

What does a line of authority state?

<p>who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence</p> Signup and view all the answers

What are some examples of text that can be used in internal warning banners?

<ul> <li>Use of this system and network is for official business only</li> <li>Systems and networks are subject to monitoring at any time by the owner</li> <li>Using this system implies consent to monitoring by the owner</li> <li>Unauthorized or illegal users of this system or network will be subject to discipline or prosecution</li> </ul> Signup and view all the answers

Businesses are advised to specify an authorized requester who ___________________

<p>has the power to initiate investigations.</p> Signup and view all the answers

What are some examples of groups with authority?

<ul> <li>Corporate security investigations</li> <li>Corporate ethics office</li> <li>Corporate equal employment opportunity office</li> <li>Internal auditing</li> <li>The general counsel or legal department</li> </ul> Signup and view all the answers

What do you search for during private investigations?

<p>evidence to support allegations of violations of a company’s rules or an attack on its assets</p> Signup and view all the answers

What are the three common types of situations in private sector investigations?

<ul> <li>Abuse or misuse of computing assets</li> <li>E-mail abuse</li> <li>Internet abuse</li> </ul> Signup and view all the answers

What is it a private-sector investigator's job to do?

<p>minimize risk to the company</p> Signup and view all the answers

Why can the distinction between personal and company computer property be difficult in private sector investigations.

<ul> <li>Due to the BYOD environment.</li> <li>Some companies state that if you connect a personal device to the business network, it falls under the same rules as company property</li> </ul> Signup and view all the answers

Why is professional conduct critical as digital investigations and forensics analysts?

<p>because it determines your credibility. It includes ethics, morals, and standards of behavior</p> Signup and view all the answers

What does maintaining objectivity mean?

<p>you must form and sustain unbiased opinions of your cases.</p> Signup and view all the answers

What does it mean to maintain credibility?

<p>to keep the case confidential</p> Signup and view all the answers

how can a digital investigator maintain professional conduct?

<p>by maintaining objectivity and credibility</p> Signup and view all the answers

How can you enhance your professional conduct?

<ul> <li>Continuing your training.</li> <li>Attending workshops, conferences, and vendor courses.</li> <li>Membership in professional organizations.</li> </ul> Signup and view all the answers

Why are digital investigators expected to achieve a high public and private standing and maintain honesty and integrity?

<p>because their corporate cases might turn into criminal cases as serious as murder.</p> Signup and view all the answers

Study Notes

Digital Forensics

  • Digital forensics involves the collection, preservation, analysis, and presentation of digital evidence to investigate cybercrimes and other digital incidents.
  • In October 2012, the ISO 27037 digital forensics standard was ratified, providing guidelines for the handling and analysis of digital evidence.

Computer Forensics

  • Computer forensics involves investigating digital devices, such as computers, laptops, and mobile phones, to gather digital evidence.
  • It includes the analysis of data storage devices, network traffic, and system logs.

Network Forensics

  • Network forensics attempts to capture, record, and analyze network traffic and communication patterns to identify potential security threats.
  • It uses network traffic capture tools, such as tcpdump and Wireshark, to determine the source and destination of malicious traffic.

Digital Forensics (Brief)

  • Digital forensics involves the analysis of digital evidence to investigate cybercrimes and other digital incidents.

Data Recovery

  • Data recovery involves restoring deleted, corrupted, or damaged data from digital devices.

Evidence and Types of Evidence

  • Evidence is any digital data that can be used to support or refute a claim or allegation.
  • Inculpatory evidence is digital evidence that implicates an individual or organization in a crime or wrongdoing.
    • Example: A log file showing unauthorized access to a system.
  • Exculpatory evidence is digital evidence that clears an individual or organization of wrongdoing.
    • Example: A log file showing authorized access to a system.

Investigations Triad

  • The investigations triad in an enterprise network environment consists of people, process, and technology.

Purpose of Digital Forensics and Tools

  • The purpose of digital forensics is to investigate cybercrimes and other digital incidents, and to gather digital evidence for legal proceedings.
  • Tools used in digital forensics include disk imaging software, such as FTK Imager, and analysis software, such as EnCase.

Purpose of Vulnerability/Threat Assessments and Risk Management

  • The purpose of vulnerability/threat assessments and risk management is to identify and mitigate potential security risks in an organization.
  • Tools used in vulnerability/threat assessments and risk management include Nessus and OpenVAS.

Purpose of Network Intrusion Detection and Incident Response

  • The purpose of network intrusion detection and incident response is to detect and respond to security incidents in real-time.
  • Tools used in network intrusion detection and incident response include Snort and Splunk.

Case Law

  • Case law is used to establish legal precedents and guidelines for digital investigations and forensics.
  • The purpose of case law is to provide a framework for legal proceedings involving digital evidence.

Developing Digital Forensics Resources

  • To supplement their knowledge, digital forensics professionals can attend training and conferences, and participate in online forums and communities.

Categories of Digital Investigations

  • Digital investigations can be categorized into two types: public sector investigations and private sector investigations.
  • Public sector investigations involve government agencies and law enforcement, and typically involve criminal investigations.
  • Private sector investigations involve private organizations and companies, and typically involve internal investigations and incident response.

Public Sector Investigations

  • Public sector investigations involve government agencies and law enforcement, and typically involve criminal investigations.
  • Computer-related crime laws that should be understood when conducting public sector investigations include the Computer Fraud and Abuse Act (CFAA).

Private Sector Investigations

  • Private sector investigations involve private organizations and companies, and typically involve internal investigations and incident response.
  • Private sector investigations may involve employee misconduct, intellectual property theft, and data breaches.

Corporate Computer Crimes

  • Corporate computer crimes can include insider threats, data breaches, and intellectual property theft.

Avoiding Litigation

  • Private organizations can avoid litigation by establishing clear policies and procedures for digital investigations and incident response.

Line of Authority

  • A line of authority states that an individual or organization has the authority to access and investigate digital evidence.

Warning Banners

  • Examples of text that can be used in internal warning banners include: "This system is for authorized use only" and "All activities on this system are monitored and recorded."

Authorized Requester

  • Businesses are advised to specify an authorized requester who can request access to digital evidence.

Groups with Authority

  • Examples of groups with authority include law enforcement, government agencies, and internal security teams.

Private Investigations

  • During private investigations, digital investigators search for digital evidence, such as log files, email messages, and system logs.

Types of Situations in Private Sector Investigations

  • The three common types of situations in private sector investigations are: employee misconduct, intellectual property theft, and data breaches.

Job of a Private-Sector Investigator

  • A private-sector investigator's job is to gather and analyze digital evidence to support internal investigations and incident response.

Distinction between Personal and Company Computer Property

  • The distinction between personal and company computer property can be difficult in private sector investigations, as employees may use company devices for personal activities.

Professional Conduct

  • Maintaining objectivity means remaining impartial and unbiased during digital investigations.
  • Maintaining credibility means ensuring that digital evidence is handled and analyzed in a professional and reliable manner.
  • Digital investigators can maintain professional conduct by adhering to established guidelines and protocols, and by continuously updating their knowledge and skills.
  • Enhancing professional conduct can be achieved by participating in training and certification programs, and by engaging in peer review and quality assurance activities.
  • Digital investigators are expected to achieve a high public and private standing and maintain honesty and integrity, as they play a critical role in ensuring that digital evidence is handled and analyzed in a professional and reliable manner.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team
Use Quizgecko on...
Browser
Browser