seize that computer!
regarding a physical computer system, what is a peripheral device
devices that are plugged in/connected to computer
ex. keyboard, mouse
partitioning is used to separate data into different files, with the use of different file systems. why might this be helpful to have on a computer
prevent overfill which would render the system useless
when defragging, data is organized in order to eliminate _______ which was created due to the way in which a HDD stores files
slack space
HDD
hard disk drive
In a computer, the software refers to a non-physical part. What is the purpose of the software
the software is a set of instructions compiled into a digital program
ex: Microsoft or chrome
evidentiary data that exists in RAM and has not been saved to the ____, will be lost
HDD
In disk formatting process, there are three levels. Name them
low-level formatting
partitioning
high-level formatting
____________ forensics is the process of identifying, acquiring, analyzing, and reporting date from digital devices, often for legal cases
digital/system
CPU
Central Processing Unit
the smallest increment of data on a computer is the binary code. What is an individual binary called
a bit
Regarding the components of a computer, what is the general name for the pieces like the keyboard, RAM, and HDD
hardware
what is RAM slack and how is it different from File slack
RAM slack occupies the space remaining after the data has been placed in the sector
file slack is the remaining space of the cluster
what is visible data on a computer
all info the operating system is aware of
data/work product files
text based docs for correspondence
financial records
SIMM and DIMM
Single/Dual Inline Memory Module
how many clusters does a hard drive typically contain and what is the number dependent on
it can contain as many clusters as drive geometry allows. Dependent on how many sectors are in a cluster
why is removing the HDD from the original system and placing it in a laboratory forensic computer to create a forensic image safer than just booting the system
the HDD can be placed in a faraday box when not in use and then inserted into a computer that has no software that could interfere with the HDD
when a system is low on memory, the swap file system creates temp storage on a hard disk/drive. What does the swap file move around
swaps a section of RAM storage from an unused program and frees up memory for other programs
in order to reconstruct a timeline of digital event, investigators can analyze data in transit. What kind of computer forensics deals with understanding how a breach occurred
network forensics
SDRAM
synchronous dynamic random access memory
what is latent data and how is it viewed
hidden data that uses binary code to read a HDD
what is a forensic copy of a computer
all the software and storage is copied so the forensic copy is a exact replica of the system
Sometimes a forensic copy can not be made due to the BIOS, so the entire physical computer must be seized. why
the basic input-output system interprets the geometry of the HDD differently than the forensic computer
Data forensics deals with determining how an incident occurred, who was involved, and what system was affected. What do investigators look for
anomalies and patterns in data software like messages, web history, unauthorized access.
what is Internet Protocol (IP)
a protocol for sending data across the Internet that assigns unique numbers (IP addresses) to each connected device
when performing a system shut down, the plug should be pulled from the back of the computer, not the wall. why?
When the plug is pulled from the wall the computer will go to generator and will trigger the operating system to stay powered up. The data will also be encrypted and be rendered unreadable without a password