Digital Forensics Midterm

Tools

Legal

Fundamentals

Acronyms

Mix

100

This product can be used to image Apple Macintosh computer, iPhones, and iPads.

Blacklight

100

This type of witness testifies about personal experience and knowledge and may not express an opinion

Lay witness

100

This is helpful in the case of a power outage in keeping systems up and running.

UPS

100

This can be used to use multiple disks in one configuration, increasing redundancy and/or storage options.

RAID

100

This file system is the most common file system in Windows operating systems today.

NTFS

200

This can be used to encrypt flash drives and is available for free in modern Windows operating systems.

BitLocker 2 Go

200

This type of witness creates an investigative report or reviews the findings of an investigative report and provides an interpretation of those findings based on specialized education, training, and knowledge

Expert witness

200

This registry key contains information about file extensions.

HKEY_Classes_Root

200

This evidence is considered very volatile, and stores information that is actively in use and running processes.

RAM

200

This type of data is considered data about other data

metadata

300

This tool is free for download and use, and can be used to create comprehensive investigations and report.

Autopsy

300

This amendment addresses the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.

4th amendment

300

This can be used to identify files by unique information in the header that identifies a file type.

File signature analysis

300

This is an extremely important crime database utilized by law enforcement nationwide to apprehend fugitives, recover stolen goods, identify terrorists, and locate missing persons

National Crime Information Center (NCIC)

300

Creating this will create an exact copy of one drive and place it on another.

Disk clone

400

This can be used to generate an ad hoc identity.

Fake Name Generator

400

This type of evidence may exonerate a defendant.

Exculpatory

400

This time standard is helpful in coordinating evidence times across multiple time zones.

UTC

400

This is an older type of partitioning that can only use approximately 2 TB of disk space.

MBR

400

In digital forensics, it is very common to create this, which acquires evidence from a disk and stores it in a single file.

Disk image

500

Employees can use this to encrypt their network traffic and provide a secure connection for remote work.

VPN

500

This form is critical in ensuring who handled evidence, why, and when is accounted for.

Chain of custody

500

Adding a directory to this will allow you to run a script or application from the command line without concern for being in the current working directory.

PATH

500

This is a committee dedicated to sharing research and setting standards for investigators working with digital and multimedia evidence.

Scientific Working Group on Digital Evidence (SWGDE)

500

This is the conversion of EA in hexadecimal to decimal.

234