Describe the standard steps of computer investigations

Assignment Help Basic Computer Science

Reference no: EM133361567

Assignment:

Answer the following questions:

QUESTION 1

Is a corporate investigator considered an agent of law enforcement? Why?
What is the purpose of maintaining a professional journal?
Describe the standard steps of computer investigations?
Distinguish between Computer Forensics and Traditional Forensic Science
Distinguish between Computer Forensics and Data Recovery.
What is the professional conduct in Computer Forensics? Why is it important?
Describe briefly the essential guidelines in processing a computer crime incident/scene

QUESTION 2

What is a Chain of Custody?
What are the standard steps of computer investigations?
Why are corporate investigations typically easier than law enforcement investigations?
What characteristics should a computer forensics lab have?
If you discover a criminal act while investigating a corporate policy abuse, what do you have to do about it?
List three items which should be in an initial-response field kit.
What are the three common types of digital crime?
Describe the items which should be included in your case report
What are the items which should be included in an evidence custody form?
What are the major steps involved in planning and investigation?
Why should companies appoint an authorised requester for computer investigations?

QUESTION 3

What are the five basic functions of computer forensics tools?
What are the four sub-functions required for reconstructing disk drives?
When you investigate into computer forensic tools, the goal is obviously to find the best value for as many features as possible. Discuss those features you are most interested in.
Why would you use hashing such as MD5 in your forensic investigation?
What are the sub-functions that forensic acquisition tools can provide?
Which function(s) of computer forensics tools are hashing, filtering, and file header analysis related to?

QUESTION 4

When you investigate into a network intrusion, what type(s) of log file should you look into?
What procedures should you follow when you realise that a computer on your network has been compromised?
Distinguish between Honeypot and Honeynet. Can the evidence collected from them be used in court?
In the context of Network Forensics, discuss the nature of Network Sniffer.
What is the primary reason you might not be able to shut down a Linux machine involved in an investigation?
What does the Areal Density refer to?
Is it possible to recover a deleted file in its entirety? Why?
Which skill(s) do you depend upon when you carve an image file?
Describe the procedure in Computer Forensic Analysis.
Discuss the concept of Data-Hiding technique and give three examples of it.
What is volatile data? Give three examples of element of volatile data in a UNIX or Linux system.

QUESTION 5

Where are Emails stored in the Email systems?
What are the typical crimes or policy violations involving Emails when they are committed?
When searching a suspect/victim's computer for a crime committed with a specific Email message, what provides vital information for determining the originator of the offensive Email?
When confronted with an Email server that no longer contains a log with the date information you require for your investigation, and the client has deleted the Email, what could you do?
What is the general guidance in Email Forensics?
How is the DNS server related to Network Forensics?
In Network Forensics, what type(s) of log file should you look into after a network intrusion?
What procedures should you follow when you realise that a computer on your network has been compromised?
Distinguish between Computer Forensics and Network Forensics

QUESTION 6

What expressions are acceptable in a testimony to respond to a question for which you have no answer?
While working for a prosecutor, what do you think you should do if the evidence you found appears to be exculpatory and is not being released to the defence team?
At trial as a technical or scientific witness or as an expert witness, what must you always remember about your testimony?
What is the guideline in testifying by using graphics?
In the context of Expert Witness, explain what the Voir Dire is and what could happen during the Voir Dire.
In the context of Computer Forensics, distinguish between a:-scientific/technical testimony and an expert witness testimony.

Reference no: EM133361567

Questions Cloud

Examine the optimization of financial portfolios : Examine the optimization of financial portfolios subject to the following constraints: Regulation and Taxation, Competition, Cyberthreat.

Introduction to the fundamentals of web development : We had an introduction to the fundamentals of web development. We learned about the web industry, and ecosystem, and had an introduction to HTML and CSS.

Why the salesforce solution was well suited for the cloud : Discuss the features Salesforce.com provides that are well suited for companies large and small and why the Salesforce solution was well suited for the cloud.

How a cloud deployment would affect an organizations : Describe how a cloud deployment would affect an organization's Business Continuity and Disaster Recovery plan.

Describe the standard steps of computer investigations : What is the purpose of maintaining a professional journal? Describe the standard steps of computer investigations?

What is the general purpose of indexing in a database : Discuss the different types of indexes used and the related impact of each on the performance of the database system.

Discuss a case could be made to use denormalization : Discuss how a case could be made to use denormalization and under what circumstances this would serve the goals and objectives for a database system.

Define cloud computing : Explain how you plan to better support your company for two or more challenges to succeed in Cloud Computing migration.

User Account

All Pages