CCJ/CS 346, Computer Forensics – Lynn Ackler

Review – First Exam, Fall 2008

1.  Discuss

1.  The ethical and legal aspects of computer forensics.

2.  Personal information

3.  Dual use technology especially as it relates to computer forensics

2.  Aspects of digital evidence

1.  What is digital evidence?

2.  How is it different from other types of evidence

3.  Fragility?

4.  Care and handling of digital evidence

5.  MD5 and the integrity of evidence

6.  How is WinHex of use?

3.  Evidence

1.  Types of evidence

2.  Five rules of evidence and discuss

4.  Definition of Computer Forensics

1.  What is it?

2.  Types of forensics exams

3.  Areas of forensics

5.  What is meant by Web Browsing profile or Internet Profile?

1.  What sort of info is included?

2.  What is user behavior?

3.  What are some tools that can be used?

4.  Describe index.dat spy.

6.  Describe some digital devices.

1.  What info do they contain?

2.  How about some new social networking stuff

1.  What do they show?

2.  How do you get it?

3.  What can you conclude from this info?

7.  Discuss some of the aspects of computers, e.g.

1.  Components, Peripherals

2.  Connections, Networks

3.  Applications

4.  Other digital devices

8.  How is the hard drive organized

1.  Sectors, clusters, track and head

2.  Slack space

3.  Free/unallocated space

4.  How does WinHex help?

9.  How are computers and such involved in crimes

1.  What kind of crimes?

10.  Evidence: what is it in the computer/digital world?

1.  What are some of the characteristics of it in computers?

2.  Discuss reliability with regard to digital evidence.

3.  How do you prove that digital evidence has not been changed since seizure?

4.  How do you use WinHex to do this?

11.  Preserving evidence

1.  What tool do you use?

2.  How does this tool accomplish the “Preservation” of evidence?

3.  What is a write blocker?

4.  Why use it?

12.  What is meant by imaging a drive?

1.  How do you use WinHex to accomplish this?

2.  Why make an image?

3.  What can you see from the image?

13.  How is criminal computer forensics different from industrial forensics

1.  What is meant by actus reus and mens rea?

2.  What are some of the federal statutes?

3.  How does the legal process impact computer forensics?

14.  Discuss levels of culpability