COMPUTER FORENSICS MIDTERM-DUE IN 9 HRS

hotgirl84
MidtermSummer2018-1.doc
Home>Computer Science homework help>COMPUTER FORENSICS MIDTERM-DUE IN 9 HRS

INFA 650

MID-TERM

NAME:________ __________________________________

Use your required readings. It is okay to research Internet sources, however be certain to cite your sources using APA style, however, no credit will be provided for uncited sources, or sources that do not resolve to reflect the correct answer.

1. (10 points). Discuss how the field of digital forensics has grown over the years and how digital forensics might differ when used in support of law enforcement versus incident response.

2. (10 points). Explain the significance of the Daubert and Frye Standards and address the impact on the case of using tools that are not vetted by the community.

3. (10 points). In your labs, you “hashed” files that you added as evidence. Explain the use of hashes in authenticating evidence. Address how collisions might negatively impact a case. What solution to reduce the likelihood of a collision would you recommend?

4. (10 points). Discuss the importance of timestamping server and network log files that might be used as evidence to a court case. How would digitally signing log files support their use as evidence?

5. (5 points). How do attackers use anti-forensic tools to misdirect an investigation?

6. (5 points) What is the significance of the 4th Amendment to a forensic investigation? If you are a corporation, what is the best way to ensure that users waive any expectation of privacy when using their computers?

7. (10 points). Discuss why a live analysis is preferred over a “dead” analysis and the issue of “volatility”. In an investigation, what information would need to be captured first?

8. (10 points) As a forensic investigator, provide two examples, one of a corporate investigation and one of a criminal investigation, in which you would be asked to investigate. Where would the evidence supporting each of the cases in your example be likely to reside?

9. (10 points) Discuss how capturing a bit-stream image differs from simply copying the contents of a suspect’s hard drive to an evidence drive. What information would be present in a bit-stream image that would not be present if you just copied the drive?

10. (5 points) Identify at least 1 challenge to acquiring network data over computer data.

11. (10 points) Describe 4 different ways that a criminal can hide data (think anti-forensics, too). How would you find each of these in your investigation?

12. (5 points). You attempt to acquire a PC, but the data on the PC has been encrypted. What steps can you take to recover the password or data?