1. A(n) _ is where you conduct investigations, store evidence, and do most of
your forensics work.
2. The _ identifies the number of hard disk types, such as IDE or SCSI, and the
OS used to commit crimes.
3. True or False: Your lab fac
Project ECHELON: The Truth Reveled about the Secret Network
Visualize a spying network that can eavesdrop on anyone in the world. A network so
powerful that it has information on every single phone call, fax, or e-mail that has ever been sent.
This may so
Guide to Computer Forensics
List digital evidence storage formats
Explain ways to determine the best acquisition
Describe contingency planning for data acquisitions
Guide to Computer Forensics
The Investigators Office and
Describe certification requirements for computer
List physical requirements for a computer forensics
1. Most Code Division Multiple Access (CDMA) networks conform to IS-95,
created by the _.
2. Global System for Mobile Communications (GSM) uses the _ technique, so
multiple phones take turns sharing a channel.
3. The 3G standard was d
1. A(n) _ architecture comprises one central server and several connected client
2. The _ of an e-mail message contains unique identifying numbers, such as the
IP address of the server that sent the message.
3. E-mail crime
1. _ is the process of collecting and analyzing raw network data and
systematically tracking network traffic to ascertain how an attack was carried out
or how an event occurred on a network.
2. Testing networks is not as important as
1. The term _ means that an investigation expands beyond the original
description because of unexpected evidence you find, prompting the attorney to
ask you to examine other areas to recover more evidence.
2. True or False: One of the
1. Macintosh computers use _ instead of BIOS firmware commonly found on
2. UNIX/Linux block sizes range from _ bytes and up.
3. _ provide a mechanism for linking data stored in data blocks.
4. The UNIX/Linux _ command
1. _, the first task in computer forensics investigations, involves making a copy
of the original drive.
2. The _ function is the recovery task in a computing investigation and is the
most demanding of all tasks to master.
3. Many pass
1. _ refers to a disks structure of platters, tracks, and sectors.
2. In Microsoft file structures, sectors are grouped to form _, which are storage
allocation units of one or more sectors.
3. Of particular interest when youre examinin
1. _ can be any information stored or transmitted in digital form.
2. Most federal courts have interpreted computer records as _ evidence.
3. _ records are data the system maintains, such as system log files and proxy
1. There are two types of acquisitions: static acquisitions and _.
2. Popular archiving tools, such as PKZip and WinZip, use an algorithm referred to as _.
3. Available on all UNIX and Linux distributions is the _ command, which means
1. The process of placing evidence in evidence bags and then labeling it with tags is
2. _ helps a computer forensics investigator to read password
3. During the _ step for problem solving you review the deci
How to Bake a Cake
11/2 cups of water
a box of cake mix
1/3 cup of cooking oil
11 by 9 baking pan
1 mixing bowl
Mixer (or by hand)
Cake toppings (any kind)
Measuring spoons and cups
Take your mixing bowl, open the box of cak
1. _ involves obtaining and analyzing digital information for use as evidence in
civil, criminal, or administrative cases.
2. The term _ refers to large corporate computing systems that might include
disparate or formerly independent s
Today we live in a constantly developing society that is taking great strides in the field of security.
Starting relatively recently, we are beginning to see the use of biometrics taking a greater role in our
nationwide security. This rising field of tech