WGU Digital Forensics in Cyber security - C840 Questions and Answers Latest Update

Document Content and Description Below

WGU Digital Forensics in Cyber security - C840 Questions and Answers Latest Update FAT ✔✔Stores file locations by sector in a file called the file allocation table. This table contains informa ... tion about which clusters are being used by which particular files and which clusters are free to be used. NTFS (New Technology File System) ✔✔File system used by Windows NT 4, 2000, XP, Vista, 7, Server 2003, and Server 2008. One major improvement of this system was the increased volume sizes. Extended file system ✔✔System created specifically for Linux. There have been many versions; the current version is 4. ReiserFS ✔✔Popular journaling file system, used primarily with Linux. It was the first file system to be included with the standard Linux kernel, and first appeared in kernel version 2.4.1. The Berkeley Fast File System ✔✔This is also known as the UNIX file system. Uses a bitmap to track free clusters, indicating which clusters are available and which are not. Data hiding ✔✔Storage of data where an investigator is unlikely to find it. Data transformation ✔✔Disguising the meaning of information. Data contraception ✔✔Storage of data where a forensic specialist cannot analyze it. Data fabrication ✔✔Uses false positives and false leads extensively. File system alteration ✔✔Corruption of data structures and files that organize data. Daubert standard ✔✔Any scientific evidence presented in a trial has to have been reviewed and tested by the relevant scientific community. For a computer forensics investigator, that means that any tools, techniques, or processes you utilize in your investigation should be ones that are widely accepted in the computer forensics community. You cannot simply make up new tests or procedures. (1) whether the theory or technique in question can be and has been tested; (2) whether it has been subjected to peer review and publication; (3) its known or potential error rate; (4) the existence and maintenance of standards controlling its operation; and (5) whether it has attracted widespread acceptance within a relevant scientific community. The Federal Privacy Act of 1974 ✔✔Prohibits unauthorized disclosures of records( about people, citizens, individuals) maintained by Federal Agencies. Also allows individuals the ability to request to review their record. The Privacy Protection Act of 1980 ✔✔(PPA) of 1980 protects journalists from being required to turn over to law enforcement any work product and documentary materials, including sources, before it is disseminated to the public. Journalists who most need the protection of the PPA are those who are working on stories that are highly controversial or about criminal acts because the information gathered may also be useful to law enforcement. The Communications Assistance to Law Enforcement Act of 1994 ✔✔a federal wiretap law for traditional wired telephony to allow cops to wiretap with a warrant. It was expanded to include wireless, voice over packet, and other forms of electronic communications, including signaling traffic and metadata. The Electronic Communications Privacy Act of 1986 ✔✔Prevents unauthorized government access to individuals' private electronic communications (things done on the computer or saved on the computer) The Computer Security Act of 1987 ✔✔was passed to improve the security and privacy of sensitive information in federal computer systems. The law requires the establishment of minimum acceptable security practices, creation of computer security plans, and training of system users or owners of facilities that house sensitive information. The Foreign Intelligence Surveillance Act of 1978 ✔✔(FISA) is a law that allows for collection of "foreign intelligence information" between foreign powers and agents of foreign powers using physical and electronic surveillance. A warrant is issued by the FISA court for actions under FISA. The Child Protection and Sexual Predator Punishment Act of 1998 ✔✔requires service providers that become aware of the storage or transmission of child pornography to report it to law enforcement. The Children's Online Privacy Protection Act of 1998 ✔✔(COPPA) protects children 13 years of age and under from the collection and use of their personal information by Web sites. It is noteworthy that COPPA replaces the Child Online Protection Act of 1988 (COPA), which was determined to be unconstitutional. The Communications Decency Act of 1996 ✔✔was designed to protect persons 18 years of age and under from downloading or viewing material considered indecent. This act has been subject to court cases that subsequently changed some definitions and penalties. The Telecommunications Act of 1996 ✔✔Allows anyone to enter the communication business and compete against other businesses. Prevents one business from dominating. (for example: Cox Cable, Charter Cable, Verizon Fios, etc..) The Wireless Communications and Public Safety Act of 1999 ✔✔allows for collection and use of "empty" communications, which means nonverbal and nontext communications, such as GPS information. The USA Patriot Act ✔✔Allows the use of certain tools to intercept and obstruct terrorism (such as money laundering and financing of terrorism through internet and telecommunication) The Sarbanes-Oxley Act of 2002 ✔✔contains many provisions about recordkeeping and destruction of electronic records relating to the management and operation of publicly held companies. Real evidence ✔✔a physical object that someone can touch, hold, or directly observe. Examples of real evidence are a laptop with a suspect's fingerprints on the keyboard, a hard drive, a universal serial bus (USB) drive, or a handwritten note. Documentary evidence ✔✔data stored as written matter, on paper or in electronic files. THIS includes memory-resident data and computer files. Examples are e-mail messages, logs, databases, photographs, and telephone call-detail records. Investigators must authenticate documentary evidence. Testimonial evidence ✔✔information that forensic specialists use to support or interpret real or documentary evidence. For example, they may employ THIS to demonstrate that the fingerprints found on a keyboard are those of a speci [Show More]

Last updated: 3 years ago

Preview 1 out of 56 pages