Computer
Network
Cellphone
Video
Legal
100

When a suspect computer is powered on, what type of collection should you do? 

Live Box

100

A unique address that identifies a device on the internet or a local network.

IP address 

100

Trying every possible combination of characters (like letters, numbers, and symbols) to guess a password

Brute force attack

100

Preparation for video forensics? 

Understand location of incident. 

100

Interpol: The main goal of digital forensics is to extract data from the electronic evidence, process it into actionable intelligence and present the findings for prosecution. All processes utilize sound forensic techniques to ensure the findings are ________ in court.

admissible

200

When a hard drive is removed from a computer and imaged, what type of forensics is it?

Dead Box

200

How many steps are in the TCP handshake? 

3

  • Step 1 (SYN)
  • Step 2 (SYN + ACK)
  • Step 3 (ACK)
200

Use a list of common passwords or words that people often use as passwords.

Or a list created through intelligence gathering

Dictionary attack

200

What should be the focus for the collection stage?

Focus on preservation.

200

Name an organization that create standards in the DF field. 

  • NIST (National Institute of Standards and Technology) 

  • ISO (International Organization for Standardization).

300

Evidence authentication: ______ _______s are extremely unique, making them equivalent to a digital “fingerprint” to represent the electronic file.

Hash Value 
300

Arrangement of connections in a network.

Network topology

300

Which extraction will get you the deleted data from a phone?

Physical. 

300

How can you save the integrity of collected video?

Hash value. 

300
What is the federal rule for testifying as an expert witness?

Federal Rule of Evidence  702

400

What is the image that captures the entire contents of a storage device, including active data, unused or unallocated space, and deleted data that might still reside on the storage unit?

Physical Image

400

What is the first step that happens with someone types www.google.com

DNS server lookup. 

400

How do you protect a phone from wiping. 

Airplane mode, turn off Wi-fi and Bluetooth. Or a Faraday bag. 

400

Name a tool used in video forensics.

Amped FIVE 

Photoshop - Adobe 

Premiere Pro - Adobe

400

Name two standards for expert witness testimony. 

Frye and Daubert. 

500
How do you conduct a dead box preservation. 

Write block, image, hash, verify, process.

500

What is the main type of network collection. 

Hint: there are 2

Capture Network Traffic

Log Collection

500

Three types of phone extractions.

Physical, Logical and File system

500

Name the certification or association to become a certified video forensic examiner.

Certified Forensic Video Analyst (CFVA) - Law Enforcement and Emergency Services Video Association (LEVA)

500

NIST: The process used to acquire, preserve, analyze, and report on evidence using scientific methods that are demonstrably ____, _____, and ______ such that it may be used in judicial proceedings

reliable, accurate, and repeatable

M
e
n
u