Digital Forensic Incident Understanding (D.F.I.U)

Physical Crime Scene

Documentation

Forensic Imaging

Identifying Evidence

Digital Forensic Core Concepts

100

Most important step when arriving at a Crime Scene

What is securing a Crime Scene?

100

The document you complete when you arrive at a Crime Scene.

What is Crime Scene Log Sheet?

100

Forensic image format that is most commonly used.

What is Encase (E01) format?

100

A device which you carry with you everyday, and contains your connection to the outside world.

What is your mobile phone?

100

The process of bit for bit copy of a hard drive disk.

What is Forensic Imaging?

200

Important thing to remember when dealing with people and computers.

What is taking fingers off of keyboards?

200

Forever capturing the location of an evidence item in a visual way.

What is crime scene photographing?

200

Method used to verify a forensic image.

What is hashing and hash validation?

200

A device which is portable and used to store data and is not a hard drive.

What is a USB thumb drive?

200

The method we use to make sure that no data is residually left on a disk?

What is media sanitation?

What is forensic wiping?

300

Document used to obtain authorization for searching and seizing

What is a Search Warrant?

300

Documentation which is completed when you identify and evidence item and wish to seize it.

What is Evidence item forms?

300

The process of pulling the plug and make a forensic image of the physical disks.

What is dead box forensic imaging?

300

Portion of a computer which is considered the most volatile piece of information you will deal with.

What is RAM(Memory)?

300

The process which is used to identify, collect, preserve, examine, analyse, and presentation of evidence.

What is the digital forensic process?

400

A physical hazard when dealing with crime scenes?

What is bio-hazardous material?

400

The process of telling the narrative of what took place with regards to the handling of evidence in crime scene management.

What is Chain of Custody documents?

400

The process of introducing small changes to a system to remove evidence from it.

What is live forensic imaging?

400

A device which when removed from its power source will discharge power and switch off.

What is a Desktop Computer?

400

The process to answer questions about digital states and events.

What is a Digital Investigation?

500

Detailed note taking and diary entries needed for processing a crime scene.

What is contemporaneous notes?

500

Golden rule of crime scene management.

What is documenting everything?

500

The biggest challenge faced by a forensicator during the imaging process.

What is full disk encryption?

500

You have been called into a IP theft case that happened four months ago, what evidence won't you seize from the list below:

(1) RAM

(2) Desktop Computer

What is the RAM?

Remember that most likely the least source of evidence will be the RAM as the machine in those four months would have been cycled.

500

Data that supports or refutes a hypothesis that was formulated during the investigation.

What is Digital Evidence?