Computer Forensics - Coursework Example

Comments (1) Cite this document
In a criminal investigation, the prosecutor is required to provide a copy of all evidence in discovery. In these investigations, what is the minimum number of copies that should be made of each digital media device? _
2. True or False: Of the three phases of an…
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER94.6% of users find it useful
Computer Forensics
Read TextPreview

Extract of sample "Computer Forensics"

45 questions, worth 2 points each question worth 10 points In a criminal investigation, the prosecutor is required to provide a copy of all evidence in discovery. In these investigations, what is the minimum number of copies that should be made of each digital media device? ________
2. True or False: Of the three phases of an investigation: Acquisition, Authentication, and Analysis, Acquisition is the process of retrieving digital evidence and verifying that it is authentic. ________ FALSE
3. “A specialty field in which companies retrieve files that were deleted accidentally or purposefully” is the definition for which of the following terms? ________
a. Private Investigation
b. Computer Forensics
c. Data Recovery
d. Continuity of Operations
4. Evidence that indicates a suspect is innocent of a crime with which they are charged is known as:
a. Exculpatory Evidence
b. Hearsay Evidence
c. Physical Evidence
d. Inculpatory Evidence
5. True or False: Corporate investigators in the U.S. must use procedures that adhere to the 4th amendment to the constitution? _________ FALSE
6. The following are examples of what type of digital crime: Child Pornography, Embezzlement, Fraud, Software Piracy? ________
a. Crimes committed with a computer
b. Crimes committed against a computer
c. Crimes committed against a computer user
d. None of the Above
7. The triad of computing security includes which of the following? ________
a. Detection, response, and monitoring
b. Vulnerability assessment, detection, and monitoring
c. Vulnerability assessment, intrusion response, and investigation
d. Vulnerability assessment, intrusion response, and monitoring.
8. FAT-32 is the default file system for what operating system? ________
a. Windows XP
c. Windows 98
9. Windows 2000 came standard with which default file system?
FAT-16, FAT-32
10. True or False: It is absolutely necessary to use a write-blocker when connecting to a digital media device containing a raw image (DD file) for the purposes of copying it. ___________ FALSE
11. List three items that should be on an evidence custody form:
a. Case number
b. name of the investigator assigned to the case
c. nature of the case
d. location where evidence was obtained
12. What section of law in Texas do you think could be used to prosecute a person who hacks into a business server and damages files? Section 1030(a)(3) 
13. True or False: As an expert, you are always obligated to prove the position taken by the person that hired you. FALSE
14. Which of the following best describes tools essential for a cyber crime investigator’s toolkit? ________
a. Flashlight, toothbrush, digital camera
b. Digital Camera, flashlight, faraday bag
c. Sketchpad, IDE to USB interface, permanent marker
d. All of the above
15. Which of the following is not a valid file system? _________
a. Reiser FS
b. FAT-32
d. EXT-32
16. CFCE is a certification provided by completing training, as well as written and practical examinations conducted by which of the following? _______
b. NW3C
17. ENCE is a certification provided by what vendor of forensics software? _______
a. Encase
b. Guidance Software
c. Access Data
d. Paraben
18. When imaging a hard drive, the largest file segment allowed in a proprietary format image is typically 650 MB, but it can be adjusted in some applications up to 2 GB. This 2 GB limit is caused by which of the following? ________
a. Legal requirement to have image files no larger than 2 GB.
b. Target drives formatted as FAT, where 2GB is the upper limit on file size.
c. All of the above
d. None of the above
19. The Expert Witness Image format is a proprietary format of which software vendor? ______
a. Access Data
b. Digital Intelligence
c. Guidance Software
d. Paraben
20. True or False: Password protected data can only be preserved using live acquisitions._______ TRUE
21. Handheld imaging devices are very useful in the acquisition of digital images in the field. Which of the following is not an available handheld imager? _______
a. Logicube Dossier
b. ImageMasster Forensic III
c. ExactImager II
d. None of the Above
22. MD5 and SHA-1 are both defacto standard authentication algorithms. They are both derived from what previous message digest algorithm? Hashing algorithm
23. What does RAID stand for?
redundant array of independent disks
24. When conducting remote acquisitions, what problems should you be aware of? _______
a. Data transfer speeds
b. Access permissions over the network
c. Antivirus, antispyware, and firewall programs
d. All of the above
25. True or False: FTK Imager can acquire data from a drive’s host protected area. _______
26. True or False: Computer stored records are records such as server proxy logs and system log files generated by the computer. FALSE
27. A physical architectural description of a hard drive would include the following: _______
a. Cylinders
b. Clusters
c. Partitions
d. None of the Above
28. True or False: A computer system running Windows XP cannot have a File Allocation Table indicating where the files are stored on the disk. FALSE
29. True or False: Anime pictures of children appearing nude is considered child pornography in the U.S. _______
30. FAT-16 supports disk partitions with a maximum storage capacity of: ________
a. 1 GB
b. 2 GB
c. 4 GB
d. 8 GB
31. File slack on a hard disk is composed of which of the following (Select all that apply): _______
a. RAM Slack
b. Swap space
c. Disk Slack
d. ROM slack
32. If a person creates a file that contains 4097 bytes of information, and the file is saved to a hard disk that has clusters of 4 sectors each, how much file slack is associated with that file? 4916.4 bytes
33. True or False: When a file is deleted on a Windows system, the operating system inserts a Hex D5 in the place of the first character of the filename, indicating to the OS that the file has been deleted. TRUE
34. All of the following are reserved metadata records in a Master File Table, except which? _______
a. $Volume
b. $Bitmap
c. $Owner
d. $Secure
35. True or False: A registry in a windows operating system is a database that contains information about the system and the users of the system. _______
36. List three items contained in the FAT database:
a. File and Directory names
b. Starting cluster numbers
c. File attributes & Date and time stamps
37. True or False: Encase and Sleuthkit are both open-source forensics toolkits. ________
38. When considering new forensics software tools, you should do which of the following? _______
a. Uninstall other forensics software
b. Reinstall the OS
c. Test and validate the software
d. All of the above
39. When two different inputs result in the same output from a hashing algorithm, this is called a: _______
a. Conflict
b. Collision
c. Error
d. None of the above
40. The following four functions are used in the MD-5 hashing algorithm. True or False: They are used in random order during the execution of the algorithm. __________
41. True or False: Using multiple hashing algorithms will decrease the chances of a collision between two different inputs. TRUE
42. True or False: FTK 1.8X has the capability to analyze MacIntosh file systems. _______
43. Access Data’s FTK software will always work in the demo mode on which of the following: _______
a. An image of a disk of size less than 1 GB.
b. An image no bigger than a floppy disk.
c. An image no bigger than a CD.
d. None of the above.
44. How many bytes on a disk with 15 Heads, 40,000 cylinders and 64 sectors per cylinder?
19660800000 BYTES
45. The property of the popular message digest algorithms that makes sure that a very small change in the input results in a very large change in the output is called:
a. Avalon Effect
b. Tornado Effect
c. Hurricane Effect
d. None of the above.
46. (10 point question) Read the following scenario and respond to the questions below:
As a digital forensics examiner, you have been called to the scene of a Kidnapping. Several witnesses have told the investigator that the victim was very excited about a new person they met online. Your job at the scene as a digital forensics examiner is to recommend to the investigating officer a course of action as to what digital evidence may or may not be needed to investigate this crime.
a. Provide a list of potential digital evidence that the investigator is going to want to seize for possible forensic examination. Be thorough, as the lead investigator in this case is not computer savvy.
The following would be the required digital evidence:-
Digital photo of the scene of crime – the photo should cover the areas from which the abduction occurred. If should clearly cover the area, for ease of identification of the area during crime analysis and investigation. In case the abductors or the victim left any belonging behind at the scene of crime, a digital photo should be taken.
Evidence of the online communication – the investigator should collect information of the conversations done by the two parties online. The investigator should focus on getting information leading to the identification of the abductor. The collected information should include; the name used by the abductor in the online platform, photos and any other biographic information. The investigator should record snapshots of the conversations between the parties.
Collection of information on the people likely to offer information leading to arrest of the kidnapper(s). The investigator should look at the friends of the kidnapper in the online platform if possible.
Digital evidence from witness – if there are witnesses, the investigator should digitally record their evidence. For instance, the investigator can record audio evidence from the witnesses.
b. Once the evidence is gathered, and transported back to the laboratory, describe in detail the steps you will go through to process this digital evidence and perform an examination. Discuss the tools that you will use, the scientific process that you will follow, and the mechanism for reporting evidence back to the investigator. Be sure to follow the three A’s!
The first thing to do would be transferring the digitally collected evidence to the computer. To investigate the identity of the abductor, I would start by looking at any photos obtained from the media in which the victim and the abductor where exchanging messages. Using the available digital intelligence software, the photos are examined against the databases kept by the crime records department. To analyze the evidence given by the eye witnesses, I would play the recorded audios, and identify consistency in their evidence, as compared to the evidence collected from other techniques. To ensure that the evidence is not manipulated, I would use encryption techniques such as a password.
After observing consistency in the evidence, I then prepare a report to the relevant authorities, reporting on the findings and recommendations on the course of action.
c. What additional sources of evidence might there be besides the digital equipment and media that would have been seized? How would you gain access to this evidence?
Another source of evidence would be the databases of the service providers. For instance, if the abductors made a phone call at the time they were going to meet the victim, the information can be obtained from the service provider. To gain access to the information, the investigator should follow the legal procedures, which may involve seeking permission from the relevant authorities. Read More
Cite this document
  • APA
  • MLA
(“Computer Forensics Coursework Example | Topics and Well Written Essays - 500 words”, n.d.)
Computer Forensics Coursework Example | Topics and Well Written Essays - 500 words. Retrieved from
(Computer Forensics Coursework Example | Topics and Well Written Essays - 500 Words)
Computer Forensics Coursework Example | Topics and Well Written Essays - 500 Words.
“Computer Forensics Coursework Example | Topics and Well Written Essays - 500 Words”, n.d.
  • Cited: 0 times
Comments (1)
Click to create a comment or rate a document
antwan66 added comment 4 months ago
Student rated this paper as
Great paper! Used it to complete an assignment for a information technology course. It was easy as ABC, for the first time in my life.


Computer Forensics

...? Table of Contents Table of Contents 2 Introduction 2 The business problems 3 Online frauds 3 Hacking 3 Virus 4 The process of computer forensics 4 Search and seizure 5 Analysis 5 Preservation 6 Value of computer forensics 6 Protection 7 Prosecution 7 Increased earnings 8 Minimizing computer crimes 9 Systems backups and off-site storage 9 Passwords and Encryption 10 Intrusion detection system 10 Recommendation 11 Conclusion 11 References 12 Abstract This article takes a critical analysis of computer forensics as a way of presenting evidence in courts on matters pertaining to computer crimes. It analyses...
11 Pages(2750 words)Research Paper

Computer forensics laboratory

...?Running Head: COMPUTER FORENSICS LABORATORY COMPUTER FORENSICS LABORATORY By Processes Involved in Computer Forensics Laboratory Computer forensics is a discipline that integrates aspects of law and computer in the process of data collection and assessment from “computer systems, networks, wireless communications, and storage devices” in a manner that does not violate procedural laws on admissibility (US-CERT 2008). It involves the processes of preservation, identification, extraction and documentation. Computer forensics are conducted either offline or online. An offline analysis necessarily means conducting examination of a computer system while it is powered down and an online analysis while it is powered on. The first one... is...
3 Pages(750 words)Essay

Computer Forensics in Biology

... Computer Forensics in the Organization Introduction Computer forensics or cyber forensics is a very crucial topic in information systems and network management. Forensics is a controlled procedure of gathering, examining and presenting facts and evidence to the court of law, and thus, forensic computing is defined as “the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law” (US-CERT, para.4). This...
5 Pages(1250 words)Research Paper

Computer Forensics

...?Part Computer forensics has always interested me and though I have considered myself close to being an expert in computer science, I must admit I have had to concede that I have learned that one can do many illicit things with a computer; situations that I did not know existed. Yet on the same token the forensic investigators, “the good guys”, can counter these illegal operations with many sophisticated tricks of their own. Sometimes it is not as instantaneous or glamorous as the fancy gadgets they show on CSI NY but they have many tools available to recreate crimes that can eventually hold up in court. But the TV shows have it right in at least one...
4 Pages(1000 words)Essay

Computer Forensics

...Fighting Cybercrime: The Latest from Computer Forensics With the rise of Internet usage in this Information Age, there corresponded a proportional increase in its misuse. These are called cybercrimes, or those crimes done via the Internet. This paper begins by identifying the scope of cybercrimes and famous examples. Then, it proceeds to introduce the field of computer forensics, and the tools and technology that are used in this field for fighting Internet crimes. The paper finishes the discussion by enumerating applicable laws and notable contributions of computer forensics. Introduction We live in borderless world. Although people our bounded by geographic terrain, the World Wide Web has made it possible for people to connect... that...
9 Pages(2250 words)Essay

From Jam: Data Mining

12 Pages(3000 words)Essay

Computer Forensics

...Running Head: Forensic Biology Forensic Biology [Institute’s Forensic Biology Introduction In specific, the paper will discussand analyze one of the significant techniques in forensic biology: Forensic Toxicology. The legend of the pop industry, Michael Jackson, died on June 25, 2009. That was one of biggest shocks to the music industry and he left millions of his fans with tears and his unforgettable memories. Immediately after his death, every one had questions regarding the causes of the death of Michael. This is one of departments, which a forensic scientist is responsible for dealing with. The initial reports regarding the deal of...
5 Pages(1250 words)Research Paper

Computer Forensics

...Computer Forensics Computer Forensics Even though, computers and internet have helped human to bring revolutionary changes in life styles, it is alsocreating worries because of the misuse. In fact cyber crimes are growing day by day everywhere. The antisocial elements are capable of destroying or breaking the highly secure and strong firewalls in order to steal sensitive information from the computers and internet. In short, the security of computers and internet is highly important in the present day computer dominated world. Computer forensics is relatively a new area...
5 Pages(1250 words)Essay

Computer Forensics - Case Portfolio

...Computer Forensics - Case Portfolio 0 Case Summary The case is based on a criminal incident against child pornography. One of the employee in Widget Corporation namely Mr. Didit has been alleged for developing child pornography during the office premises. As a result, forensic investigation agency has been summoned in order to collect and examine digital evidences from the crime scene. Throughout the investigation process the legality and fairness has been maintained by engaging in best practices for evidence treatment. Various evidences have been gathered from the crime scene in order to judge that the employee is guilty of such a cyber-crime during office work time. 2.0...
10 Pages(2500 words)Case Study

Managing and leading people

12 Pages(3000 words)Essay
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Coursework on topic Computer Forensics for FREE!

Contact Us