What is the purpose of the reconstruction function in a forensics investigation? 1.
Re-create a suspect’s drive to show what happened during a crime or incident.
What is the main goal of any forensic investigation?
Function. Regardless of their scientific specialty, all forensic scientists have the same goal:
examining evidence from a crime scene using strictly scientific knowledge and principles in order to find facts about a criminal case
.
What is the goal of the Nsrl project?
The data published by the NSRL is
used to rapidly identify files on computer systems
, based solely on the content of the files. In most cases, NSRL file data is used to eliminate known files, such as operating system and application files, during criminal forensic investigations.
What program serves as the GUI front end for accessing Sleuth Kit tool?
Autopsy®
is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones.
What algorithm is used to decompress Windows files *?
The file compression algorithm used by the NTFS file system is
Lempel-Ziv compression
.
What is Nsrl file?
The
National Software Reference Library
(NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information. … The RDS is a collection of digital signatures of known, traceable software applications.
What is Nsrl scrubbing?
Attack: NSRL scrubbing.
Modify all your system and program files
. Modify a string or other part of the file. For EXEs and DLLs, recalculate and update the embedded CRCs. Turn off Data Execution Prevention (DEP) in Windows continues to run.
What are examples of forensic evidence?
Fingerprints, footprints, hair, fibers, blood and other bodily fluids, knives, bullets, guns, paint
, and many other objects and substances, even soil, can link a suspect to the scene.
What does forensic investigation involve?
A forensic investigation is the
practice of lawfully establishing evidence and facts that are to be presented in a court of law
. … There are other forms of forensic investigation, however, such as computer forensics and sub-fields that focus on dentistry or insects and crime scenes.
What is the role of investigator?
As an investigator, you might
conduct interviews, take statements, prepare case files, write reports, recommend criminal and/or disciplinary action
or take part in criminal, misconduct and inquest proceedings.
What is the general term for software or hardware that is used to protect evidence?
Question Answer | ____ can be software or hardware and are used to protect evidence disks by preventing you from writing any data to the evidence disk. Write-blockers | Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0,and SCSI controllers. USB |
---|
What term is used to describe a disk’s logical structure of platters tracks and sectors?
Terms in this set (29)
What term below describes a column of tracks on two or more disk platters? … What term is used to describe a disk’s logical structure of platters, tracks, and sectors?
Geomerty
. A Master Boot Record (MBR) partition table marks the first partition starting at what offset?
What information below is not included within an inode?
The only pieces of metadata not in an inode are
the filename and path
. Capitalization, or lack thereof, makes no difference with UNIX and Linux commands. In UNIX and Linux, everything except monitors are considered files.
What is file decompression?
Uncompressing (or decompressing) is
the act of expanding a compression file back into its original form
. Software that you download from the Internet often comes in a compressed package that can uncompress itself when you click on it.
What is the most significant legal issue in computer forensics?
Failure to behave in an ethical manner will erode public confidence in law enforcement, making its job more difficult and less effective. This paper will provide an introduction to the most significant legal issue in computer forensics:
admissibility of evidence in criminal cases
.
What is write blocking software?
Software write blocker—The software blocker is
an application that is run on the operating system that implements a software control to turn off the write capability of the operating system
.