Chapter 18 - Computer Forensics

Question 1

Computer forensics involves the

Answer 1

Preserving; acquiring; extracting; analyzing; interpreting

Question 2

True or False: Hardware comprises the physical components of the computer.

Answer 2

True

Question 3

_____ is a set of instructions compiled into a program that performs a particular task.

Answer 3

Software

Question 4

(ROM, RAM) chips store programs used to start the boot process.

Answer 4

ROM

Question 5

The term used to describe the chassis, including the motherboard and any other internal components of a personal computer, is

Answer 5

System unit

Question 6

True or False: The motherboard is a complex network of wires that carry data from one hardware device to another.

Answer 6

True

Question 7

True or False: The first thing you should do when you encounter a computer system in a forensic investigation is to connect the power supply and boot the system.

Answer 7

False

Question 8

RAM is referred to as “volatile memory” because it is not

Answer 8

Permanent

Question 9

The “brain” of the computer is referred to as the

Answer 9

Central processing unit (CPU)

Question 10

The _____ is the primary component of storage in a personal computer.

Answer 10

Hard disk drive (HDD)

Question 11

Personal computers typically communicate with each other through a(n)

Answer 11

Network interface card

Question 12

The computer’s _____ permits the user to manage files and applications.

Answer 12

Operating system

Question 13

A hard drive’s partitions are typically divided into

Answer 13

Sectors; clusters; tracks; cylinders

Question 14

A(n) _____ is a single one or zero in the binary system and the smallest term in the language of computers.

Answer 14

Bit

Question 15

A(n) _____ is a group of eight bits.

Answer 15

Byte

Question 16

A group of sectors, always units in multiples of two, is called a(n)

Answer 16

Cluster

Question 17

An exact duplicate of the entire contents of a hard disk drive is known as a(n)

Answer 17

Forensic image

Question 18

All data readily available to a computer user is known as

Answer 18

Visable data

Question 19

A(n) _____ file is created when data is moved from RAM to the hard disk drive to conserve space.

Answer 19

Swap

Question 20

Most programs automatically save a copy of a file being worked on into a(n)

Answer 20

Temporary file

Question 21

The existence of _____ data is why a forensic image of the media is created.

Answer 21

Latent

Question 22

The smallest unit of addressable space on a hard disk drive is the

Answer 22

Sector

Question 23

The two types of slack space are

Answer 23

RAM; file

Question 24

_____ slack is the area from the end of the data portion of the file to the end of the sector.

Answer 24

RAM

Question 25

The portion of a disk that does not contain stored data is called

Answer 25

Unallocated space

Question 26

True or False: Defragmenting a hard disk drive involves moving noncontiguous data back together.

Answer 26

True

Question 27

True or False: A portion of a “deleted” file may be found in a computer’s unallocated space.

Answer 27

True

Question 28

A(n) _____ takes the form of a series of numbers to route data to an appropriate location on the Internet.

Answer 28

IP address

Question 29

A user’s hard disk drive will _____ portions of Web pages that have been visited.

Answer 29

Cache

Question 30

A(n) _____ is placed on a hard disk drive by a website to track certain information about its visitors.

Answer 30

Cookie

Question 31

E-mails have the _____ address of the sender in the header portion of the e-mail.

Answer 31

IP

Question 32

True or False: Chat and instant messages conducted over the Internet are typically stored in RAM storage.

Answer 32

True

Question 33

When investigating a hacking incident, investigators concentrate their efforts on three locations:

Answer 33

Logfiles; volatile memory; network traffic

Question 34

Devices that permit only requested traffic to enter a computer system are known as

Answer 34

Firewalls

Question 35

A(n) _____ is a device that can prevent a mobile phone from communicating with a service provider.

Answer 35

Faraday shield

Question 36

True or False: Extracting and analyzing data from mobile devices is complicated because manufacturers of these devices store and manage data in a variety of ways.

Answer 36

True

Question 37

Define hardware:

Answer 37

The physical components of a computer (what you can touch)

Question 38

Define software:

Answer 38

A set of instructions compiled into a program that performs a particular task

Question 39

List the 4 operating systems:

Answer 39

Windows, Mac OS, Linux, Unix

Question 40

Define chassis:

Answer 40

The full upright tower, box, or backbone for the fixed computer components.

Question 41

Define power supply:

Answer 41

converted power from the wall outlet to a usable format for the computer and its components.

Question 42

Motherboard:

Answer 42

The main circuit board where all the different components are connected too.

Question 43

Define System Bus:

Answer 43

A vast complex network of wires that carry data from one hardware device to another.

Question 44

Define firmware:

Answer 44

program used to start the boot process and configure a computer's components.

Question 45

what is BIOS:

Answer 45

basic input-output system

Question 46

What is the central processing unit or CPU?

Answer 46

The main chip, processor, or brain of the computer.

Question 47

What is random-access memory or RAM?

Answer 47

The volatile memory of a computer, where in use programs are stored.

Question 48

What are input devices and provide three examples.

Answer 48

Used to get data or instructions into the computer. i.e. keyboard, mouse, scanner.

Question 49

What are output devices and provide three examples.

Answer 49

equipment through which data is obtained from the computer, i.e. monitor, printer, speakers.

Question 50

What is the hard disk drive or HDD?

Answer 50

the primary component of storage in the personal computer, storing the operating system, programs, and data files.

Question 51

Define operating system or OS

Answer 51

The software that provides the bridge between the system hardware and the user

Question 52

Define partition:

Answer 52

A contiguous set of blocks that are defined and treated as an independent disk on a HDD. (If the HDD is the kitchen, the partitions are the cabinets, the kitchenware is the data)

Question 53

Define file system:

Answer 53

the system for storing, locating, retrieving, and allocating data on a storage device.

Question 54

What are the three ways the HDD is prepared?

Answer 54

low-level formatting (manufacturer settings) partitioning (prepped by fdisk/disk-manager) formatting (creating the file system structure)

Question 55

What is a sector?

Answer 55

The smallest addressable unit of data by a HDD holding 512 bytes. (The element in the cyberspace)

Question 56

What is a byte?

Answer 56

A group of eight bits (The atom in cyberspace)

Question 57

What is a bit?

Answer 57

A "binary digit" taking the form of either a one or a zero. (The subatomic particle in cyberspace).

Question 58

What is a cluster?

Answer 58

A group of sectors in multiples of two. (compounds in the cyberspace)

Question 59

What is a MD5/SHA?

Answer 59

a software algorithm used to "fingerprint" a file or contents of a disk. (message digest 5 / Secure Hash Algorithm)

Question 60

Define visible data:

Answer 60

All data that the OS is presently aware of and thus is readily accessible to the user.

Question 61

What is a swap file?

Answer 61

A place on the HDD to store "idling" data that's on the RAM to free up space until the user gives it attention again.

Question 62

What is a temporary file?

Answer 62

A temporary "back up" copy of a file being worked on that is periodically saving the data.

Question 63

What is a print spool file?

Answer 63

A type of temporary file that delays the sending of data to the printer so that the application can continue while the printing takes place in the background.

Question 64

Define latent data:

Answer 64

areas of files and disks that are typically not apparent to the computer user but contain data nonetheless.

Question 65

What is slack space?

Answer 65

Empty space on a HDD created because of the way HDD stores files.

Question 66

What is file slack?

Answer 66

area that begins at the end of the last sector that contains logical data and terminates at the end of the cluster.

Question 67

What is the minimum amount of space the HDD can address?

Answer 67

512-byte sector

Question 68

Define unallocated space:

Answer 68

The unused area of the HDD that the OS file system table sees as empty.

Question 69

Define Internet cashe:

Answer 69

Portions of visited web pages placed on the local HDD to facilitate quicker retrieval when the Web page is revisited.

Question 70

Define cookies:

Answer 70

Files placed on a computer from a visited website that are used to track visits to and usage of that site.

Question 71

What is internet history?

Answer 71

an accounting of websites visited

Question 72

What are bookmarks?

Answer 72

A feature that enables the user to designate favorite sites for fast and easy access.

Question 73

What is an IP address?

Answer 73

Internet Protocol address (a computers social security number)

Question 74

What is hacking?

Answer 74

performing an unauthorized computer or network intrusion.

Question 75

Define firewall:

Answer 75

Hardware or software designed to protect intrusions into an internet network.

Question 77

What is the first thing a crime-scene investigator should do when encountering computer forensic evidence?

Answer 77

Procure a warrant to search

Question 78

What is the ultimate goal of obtaining an image of a hard disk drive?

Answer 78

To obtain information without altering the drive in any way

Question 79

What is one of the most common places to begin searching for evidential data?

Answer 79

Word-processing or text-based document files

Question 80

Which of the following is the best definition of latent data?

Answer 80

Those data that are hidden from view

Question 81

One gigabyte equals what?

Answer 81

1,000 megabytes (MB)

Question 82

what software algorithm is used to create a "fingerprint" of a file or an entire hard disk drive (HDD)?

Answer 82

MD5

Question 83

What keeps track of the location of files and folders on the HDD?

Answer 83

The FAT (file allocation table)

Question 84

When is it necessary to make a "fingerprint" of an HDD?

Answer 84

Before and after imaging its contents

Question 85

What does URL stand for?

Answer 85

Uniform resource locator

Question 86

What do most web browsers use to expedite and streamline browsing?

Answer 86

Caching system

Question 87

What three things are potential sources for forensic evidence from a suspect's personal computer?

Answer 87

Cache, Internet history, Internet "cookies"

Question 88

Unauthorized intrusion into a computer is called what?

Answer 88

Hacking