What is the term used to refer to files that have been manipulated in order to conceal the contents of the original file quizlet?
Terms in this set (21)Acquisition is the process of obtaining a forensically clean copy of data from a device held as evidence. If the computer system or device is not owned by the organization, there is the question of whether search or seizure is legally valid. This impacts bring-your-own-device (BYOD) policies. For example, if an employee is accused of fraud you must
verify that the employee's equipment and data can be legally seized and searched. Any mistake may make evidence gained from the search inadmissible. System memory is volatile data held in Random Access Memory (RAM) modules. Volatile means that the data is lost when power is removed. A system memory dump creates an image file that can be analyzed to identify the processes that are running, the contents
of temporary file systems, registry data, network connections, cryptographic keys, and more. It can also be a means of accessing data that is encrypted when stored on a mass storage device. There are various methods of collecting the contents of system memory. Disk image acquisition refers to acquiring data from nonvolatile storage. Nonvolatile storage includes hard disk drives (HDDs), solid state drives (SSDs), firmware, other types of flash memory (USB
thumb drives and memory cards), and optical media (CD, DVD, and Blu-Ray). This can also be referred to as device acquisition, meaning the SSD storage in a smartphone or media player. Disk acquisition will also capture the OS installation, if the boot volume is included. It is vital that the evidence collected at the crime scene conform to a valid timeline. Digital information is
susceptible to tampering, so access to the evidence must be tightly controlled. Recording the whole process establishes the provenance of the evidence as deriving directly from the crime scene. Sets found in the same folderOther sets by this creatorVerified questions
ADVANCED MATH Verified answer
ADVANCED MATH Verified answer
ADVANCED MATH Verified answer
ADVANCED MATH Verified answer Recommended textbook solutionsOther Quizlet setsWhat tool does an investigator use to ensure that the integrity of a file has not been compromised during evidence gathering?Hash Values
When an investigator images a machine for analysis, the process generates cryptographic hash values (MD5, SHA-1). The purpose of a hash value is to verify the authenticity and integrity of the image as an exact duplicate of the original media.
What is the term used to refer to the organization of a hard drive into separate storage spaces?What is the term used to refer to the organization of a hard drive into separate storage spaces? partitioning.
Which Windows disk partition utility can be used to hide partitions?Hide Partition Using Disk Management App
The first step in the process of hiding a partition through the disk management app is to launch the disk management utility. You can launch this tool by either searching through the start menu or the command prompt. Search for "computer management" from your start menu.
|