Basic Vocabulary
common cause evidence is lost or corrupted. It involves the presence of police officers and other professionals who aren’t part of the crime scene–processing team
professional curiosity
corporate cases that require less effort than a major criminal case
low level investigations
someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest
person of interest
a computerized system for identifying fingerprints that’s connected to a central database; used to identify criminal suspects and review thousands of fingerprint samples at high speed
AFIS
when conducting a search and seizure, objects in plain view of a law enforcement officer, who has the right to be in position to have that view, are subject to seizure without a warrant and can be introduced as evidence
plain view doctrine
standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest
probable cause
a portable kit containing only the minimum tools needed to perform disk acquisitions and preliminary forensic analysis in the field
initial-response field kit
data that doesn’t contribute to evidence of a crime or violation
innocent information
a mathematical algorithm that determines whether a file’s contents have changed
CRC
data the system maintains, such as system log files and proxy server logs
computer-generated records
evidence consisting of information stored or transmitted in electronic form
digital evidence
observing people or places without being detected, often using electronic equipment, such as video cameras or keystroke/screen capture programs
covert surveillance
a response kit with all the tools you can afford to take to the field
extensive-response field kit
chemical, biological, or radiological substances that can cause harm to people
HAZMAT
electronic data that a person creates and saves on a computer or digital device, such as a spreadsheet or word processing document
computer stored records
detecting data transmissions to and from a suspect’s computer and a network server to determine the type of data being transmitted over a network
sniffing
True or False? ISPs can investigate computer abuse committed by their customers.
False
True or False? If you follow police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.
True
one of the governing bodies responsible for setting standards for various U.S. industries
NIST
wording in a search warrant that limits the scope of a search for evidence. It allows the police to separate innocent information from evidence
limiting phrase
a unique hash number generated by a software tool and used to identify files
non-keyed hash set
True or False? Corporate investigators ALWAYS have the authority to seize ALL computer equipment during a corporate investigation.
False
True or False? The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene’s immediate location.
True
a group that sets standards for recovering, preserving, and examining digital evidence
SWGDE
a forensic hashing algorithm created by NIST to determine whether data in a file or on storage media has been altered
SHA-1