Course Security Services. Unit VIII Risk Management Technologies

Similar documents
and the Forensic Science CC Spring 2007 Prof. Nehru

Operate a Personal Computer

1. All of the following are examples of real security and privacy risks EXCEPT: A. hackers. B. spam. C. viruses. D. identity theft. 2.

Certified Cyber Security Analyst VS-1160

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

8. A is approximately one billion bytes a. Kilobyte b. Bit c. Gigabyte d. Megabyte 9. SMPT, FTP and DNS are applications of the layer a. Data link b.

J. A. Drew Hamilton, Jr., Ph.D. Director, Center for Cyber Innovation Professor, Computer Science & Engineering

Birdville ISD_Third Grade Technology TEKS Checklist Teacher School

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 6 Working with Windows and DOS Systems

Windows Forensics Advanced

ICAU1128B: Operate a Personal Computer Student Handbook

Computer Basics. Hardware. This class is designed to cover the following basics:

Masters of Computer Application (MCA) Entrance 2012 Computer Knowledge Paper I 1. All of the following are examples of real security and privacy

AccessData Advanced Forensics

Total Mark out of 35

Forensics on the Windows Platform, Part Two by Jamie Morris last updated February 11, 2003

CompTIA A+ Accelerated course for & exams

System Unit Components Chapter2

OPERATING SYSTEMS & UTILITY PROGRAMS

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Chapter 126 TEKS for Technology Applications

Chapter 2. Prepared By: Humeyra Saracoglu

Contents. 1. Hardware Software Networks St Ignatius Girls JL - Form 3

Introduction to Computers. Joslyn A. Smith

A+ Guide to Managing and Maintaining your PC, 6e. Chapter 8 Hard Drives

Condensed Technology Application TEKS K-8. Technology Applications TEKS Foundations 126.2b1A Use appropriate technology terminology

A+ Guide to Hardware, 4e. Chapter 7 Hard Drives

CompTIA: A Exam 2 Lab V2.0. Course Outline. CompTIA: A Exam 2 Lab V Feb

APPENDIX A. Answer: D Reference: Hardware Basics Difficulty: Easy. Answer: A Reference: Hardware Basics Difficulty: Easy

PELLISSIPPI STATE COMMUNITY COLLEGE MASTER SYLLABUS A+ COMPUTER HARDWARE CSIT 1710

Downloaded from various sources on the NET

CompTIA IT Fundamentals V5 (Course & Lab) Course Outline. CompTIA IT Fundamentals V5 (Course & Lab) 24 Jan

COMPUTER HACKING Forensic Investigator

SECTION 2 (Part B) Types And Components Of Computer Systems. Sophia Pratzioti

SYLLABUS DEPARTMENTAL SYLLABUS. Laptops and Mobile Devices CRTE0108 DEPARTMENTAL SYLLABUS DEPARTMENTAL SYLLABUS DEPARTMENTAL SYLLABUS

Getting Started. Explorers Guide. Learning about computer basics. Data file: none Objectives:

Form 4 ICT Literacy Modules Methodist Boys School Kuala Lumpur 1.0 PROCESSING DATA

Computer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers

CSET 3400 Unix System Administration (3 semester credit hours) IT Elective

INFORMATION COMUNICATION TECHNOLOGY SKS Lecture Two

STATE UNIVERSITY OF NEW YORK COLLEGE OF TECHNOLOGY CANTON, NEW YORK COURSE OUTLINE CITA170 - COMPUTER CONCEPTS AND OPERATING SYSTEMS

LO CompTIA A+ : (Exam ) Course Outline. 04 Apr

Cisco IT Essentials v6 Standards Alignment

CompTIA A Exam 2 (Course & Labs) Course Outline. CompTIA A Exam 2 (Course & Labs) 05 Oct

Syllabus. Course Title: Cyber Forensics Course Number: CIT 435. Course Description: Prerequisite Courses: Course Overview

IB Computer Science Topic.2-

After the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning

Vendor: ECCouncil. Exam Code: EC Exam Name: Computer Hacking Forensic Investigator Exam. Version: Demo

Digital Forensics Lecture 01- Disk Forensics

CSE 4482 Computer Security Management: Assessment and Forensics. Computer Forensics: Working with Windows and DOS Systems

Practice Test. Guidance Software GD Guidance Software GD0-110 Certification Exam for EnCE Outside North America. Version 1.6

Data rate - The data rate is the number of bytes per second that the drive can deliver to the CPU.

The Table Privacy Policy Last revised on August 22, 2012

KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer

Parts of Computer hardware Software

Digital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital

Information Communications Technology (CE-ICT) 6 th Class

2016 P C Basics Page 1

Condensed Technology Application TEKS K-8

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE

Windows Core Forensics Forensic Toolkit / Password Recovery Toolkit /

INITIATE COMPUTER SYSTEM

PELLISSIPPI STATE TECHNICAL COMMUNITY COLLEGE MASTER SYLLABUS A+ CERTIFICATION PREPARATION CST 2730

DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING

LO CompTIA A+ : (Exam ) Course Outline Aug 2018

Terminology, Types of Computers & Computer Hardware

COMPUTER FORENSICS (CFRS)

Computers Are Your Future

An Overview of the Computer System. Kafui A. Prebbie 24

Higher National Unit specification: general information

SYLLABUS. Departmental Syllabus CIST0145. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus. Departmental Syllabus

System Unit Components. Chapter2

Vocabulary Bank organized by module

Course Outline. CompTIA A+: A Comprehensive Approach (Exams and )

CompTIA A+ 901 & 902 Labs. Course Outline. CompTIA A+ 901 & 902 Labs. 11 Mar

Identity Theft Prevention Policy

Chapter 6 Network and Internet Security and Privacy

COWLEY COLLEGE & Area Vocational Technical School

Computers Are Your Future

This lesson was made possible with the assistance of the following organisations:

ICT A BRIEF INTRODUCTION

OVERVIEW OF SUBJECT REQUIREMENTS

Undergraduate Course Syllabus

IBPS Practice Exam 1. One megabyte equals approximately 1) 1,000 bits 2) 1,000 bytes 3) 1 million bytes 4) 1 million bits 5) 2,000 bytes 2.

Main Parts of Personal Computer

PC Basics Introduction to PCs

Course overview CompTIA A Official Study Guide

Certified Digital Forensics Examiner

PELLISSIPPI STATE COMMUNITY COLLEGE MASTER SYLLABUS LINUX SYSTEM ADMINISTRATION CSIT 2411

Computer Programming IA

The City School PECHS Junior Boys 1 st Term

SQA Advanced Unit specification: general information for centres

Computer Technology Flash Card 2

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations

Chapter 13: The IT Professional

THINGS TO REMEMBER INTRODUCTION TO COMPUTERS

Chapter 8 Operating Systems and Utility Programs أ.أمل زهران

Information Technology, the Internet, and You. Information Technology, the Internet, and You 1-2

Transcription:

Course Security Services Unit VIII Risk Management Technologies Essential Question How do forensic specialists investigate and analyze computers and computer-related crimes? TEKS 130.298(c) (5)(A)(B) Prior Student Learning -Prevention Analysis -Role of Analysis -Overall Roles of Security Systems Estimated Time 4 to 5 hours Computer Forensics Rationale Computers have permeated society and are used in countless ways with innumerable applications. Similarly, the role of electronic data in investigative work has realized exponential growth in the last decade. The usage of computers and other electronic data storage devices leaves the footprints and data trails of their users. Objectives The students will be able to: 1. Summarize the role of computer applications relating to forensics investigations. 2. Investigate criminal activity in areas such as cybercrime, the Internet, and Internet trafficking. Engage Divide the class into several small groups and have them brainstorm/discuss the following questions: What are the components of a computer? What is your own knowledge of computers? What data might be of evidentiary value? Where it might be found? How would you preserve computer evidence at a crime scene? Why is the Internet referred to as a network of networks or the information superhighway? Key Points I. Computer Forensics Introduction A. Computer forensics 1. The acquisition, extraction, preservation, and interpretation of computer data 2. Includes many devices that are capable of storing data B. Hardware is the physical material that creates a computer C. Software are the programs and applications that carry out a set of instructions on the hardware II. Elements of Hardware A. Computer Case/Chassis the box that typically rests besides the computer monitor and houses the internal components for the computer B. Power Supply converts the power from the wall outlet to a usable form for the computer and its components C. Motherboard the primary board that contains the main circuitry for the computer D. System Bus a vast complex network of wires that carries data from one hardware device to another and is located on the 1

motherboard E. Read Only Memory (ROM) chips that store programs called firmware and are used to start the boot process and configure a computer s components F. Random Access Memory (RAM) the location in a computer where the operating system that is in use can be stored and retrieved for quick reference by the CPU G. Central Processing Unit (CPU) the central component of a computer where all of the data is processed H. Input Devices used to get data into the computer 1. Keyboard 2. Mouse 3. Joy Stick 4. Scanner I. Output Devices used to get data from the computer 1. Monitor 2. Printer 3. Speakers J. Hard Disk Drive (HDD) the location in a computer where data is stored and retrieved III. Data Storage and Retrieval A. Examiners must be familiar with the file system they are examining B. Evidence may be found in various computer locations and formats C. There are two categories for data-related evidence: 1. Visible data 2. Latent data D. The formatting process initializes portions of the hard drive so that it can store data, and it creates the structure of the file system E. Different operating systems map out (partition) HDDs in different manners F. RAM G. Sector the smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes (Saferstein, 2009) H. Cluster a group of sectors in multiples of two, typically the minimum space allocated in a file (Saferstein, 2009) IV. Processing the Computerized Crime Scene A. Similar to processing a traditional crime scene (i.e. warrants, documentation, investigation techniques) B. Documentation is a significant component in the computerized crime scene 1. The scene should be initially documented in as much detail as possible before any evidence is moved and examined 2. Crime scene documentation is accomplished through two actions: a) Sketching the crime scene must be thoroughly diagramed and sketched in a floor plan format b) Photographing from all locations and all possible 2

angles, and include wide and close-up images C. After documentation is complete, a label should be placed on the cord of each peripheral, with a corresponding label placed on the port to which it is connected D. At a computerized crime scene most, if not all of the equipment will be seized, but before the peripherals are disconnected from the computer, a decision must be made about whether or not a live acquisition of the data is necessary (i.e. shutdown or unplug the computer) 1. Example: unplugging the computer is imprudent a) If it will initiate data encryption, rendering it unreadable without a password or key b) If crucial evidentiary data exists in RAM that is not saved to the HDD will be lost with discontinuation of power to the system V. Forensic Image Acquisition A. After the crime scene has been processed, the computer needs to be analyzed B. All electronic devices will be processed in the same manner C. The examination process that the forensic investigator uses on the computer must be intrusive D. All evidence (data) must be obtained without altering or destroying it E. Because booting a HDD to its operating system changes many files and could destroy evidentiary data, the data is generally obtained by removing the HDD from the system and placing it in a laboratory forensic computer so that a forensic image can be created F. Occasionally, in cases with specialized or unique equipment/systems the image of the HDD must be obtained by using the seized computer G. The examiner must be able to extract all forensic data/images and cause no changes to the HDD H. A signature or fingerprint of the drive is taken before and after imaging 1. This fingerprint is created by using a Message Digest 5 (MD5), a Secure Hash Algorithm (SHA) or a similarly validated algorithm 2. Before imaging the drive the algorithm is run and a 32- character alphanumeric string is produced based on the drive s contents 3. The same algorithm is then run against the created forensic image which will result in the same alphanumeric string if none of the original content is changed VI. Visible Data A. Data from a computer that is openly visible and easily available to users B. Can encompass (from an evidentiary standpoint) any type of user- 3

created data like 1. Word processing documents 2. Spreadsheets 3. Accounting records 4. Databases 5. Pictures C. Most criminal cases involving computers relate to financial investigations (or white collar crimes) which require any data related to personal and business finance D. Advances in printer technology have made high quality color printing affordable and common, which creates criminal opportunities 1. Counterfeiting 2. Check Fraud 3. Document Fraud E. Investigators must become familiar with the various computer applications that are used for criminal activities F. The ability to recognize the data produced by these applications and to display the images is essential to identifying the evidence VII. Temporary Files A. Can be valuable as evidence B. Can sometimes be recovered during a forensic examination including some of the data that may have been altered from a previous version C. Can be recovered when created through unsaved means (such as a computer being shut off manually) D. Most programs automatically save a temporary copy of the file in progress E. After working on a file or document, the user can save the changes, which promotes the temporary copy to a saved (or actual) file F. Another type of temporary file valuable to the computer investigator is the printer spool 1. When a print job is sent to the printer a spooling process delays the sending of the data so the application can continue to work while the printing takes place in the background 2. When the print job occurs, a temporary print spool file is created 3. This file contains a copy of all of the data from the printer VIII. Latent Data A. The areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless (Saferstein, 2009); the data which the operating system has hidden B. One of the reasons a forensic image of the media is created is because a standard copy only captures the logical data (that which the operating system is aware) C. Can be evidentiary data 4

D. Includes the data in the 1. Swap space (used to conserve the valuable RAM within the computer system) 2. RAM slack the area from the end of the logical file to the end of the sector 3. File slack the remaining area from the end of the final sector containing data to the end of the cluster 4. Unallocated space the space on a hard drive that contains available space; the space may also contain temporary and deleted files IX. Defragmenting/Swap File/Swap Space A. Defragmenting a HDD involves reconnecting noncontiguous data B. The HDD has minimum space reservation requirements (i.e. a file might require 100 bytes of space, but the operating system allocates much more) C. If a file grows past the allocated amount, another cluster is required D. If a different file occupies the next cluster, the operating system must find another place for the first file on the drive E. The file is said to be fragmented because data for the same file is contained in noncontiguous clusters F. The constant shuffling of data through deletion, defragmentation, swapping, etc., is one of the ways data is orphaned in latent areas G. Fragmentation of numerous files can degrade the performance of a HDD, causing the read/write heads to have to traverse the platters to locate the data H. The constant read and write operations of RAM cause a constant change in the swap file or swap space X. Deleted Files A. Another source of latent data to be examined by forensic investigators B. The actions that occur when a file is deleted vary among file systems C. When a user deletes files, the data typically remains behind 1. The first character in the files directory entry (its name) is replaced with the Greek letter sigma 2. When the sigma replaces the first character, the file is no longer viewable through conventional methods and the operating system views the space previously occupied by the file as available D. Data will remain in the computer even though attempts are made to delete it E. When files in a Recycle Bin are deleted, the data remains there as well, until it is overwritten XI. The Internet A. A computer network that provides information globally (also called the information superhighway ) 5

B. Affects all subjects and professions including law enforcement and security services C. Can be considered a series of networks 1. A single network consists of two or more computers that are connected to share information 2. The Internet connects thousands of these networks so all of the information can be exchanged worldwide D. Includes various methods of connection 1. Wire a) Modem a device that allows computers to exchange and transmit information through telephone lines b) Cable lines or DSL telephone lines provide higher speed broadband connections 2. Wireless (Wi-Fi) E. Each computer that connects to the Internet has a unique numerical Internet Provider (IP) address and usually a name XII. The World Wide Web and E-Mail A. The World Wide Web 1. The most popular area of the Internet 2. Considered a depository of information stored in the computers connected to the Internet across the world 3. Web browsers allow the user to search all the information available on the web and retrieve any web pages the viewer wishes to explore 4. Several directories and indexes on the Internet, known as search engines, are available to assist the user in locating a particular topic from the hundreds of thousands of web sites located on the Internet 5. Keywords or phrases entered into a search engine will locate sites on the Internet that are relevant to that subject 6. Commercial Internet service providers connect computers to the Internet while offering the user an array of options B. Electronic mail (e-mail) 1. The service most commonly used in conjunction with the Internet 2. Carries messages across the world in a matter of seconds XIII. Internet Crimes A. There are more cybercriminals than available law enforcement agents B. Cybercriminals feel safe committing crimes in a comfort zone and often from the privacy of their own homes C. Law enforcement faces new challenges with Internet crimes 1. Most law enforcement officers are not trained in the technologies 2. Internet crimes span multiple jurisdictions 3. There is a need to retrofit new crimes to existing laws D. Computers are used to commit a variety of crimes 6

1. Identity theft 2. Fraud 3. Industrial espionage 4. Child pornography 5. Harassment 6. Gambling 7. Piracy 8. Computer viruses and spam E. There are numerous methods and techniques criminals use to hide their crimes and evidence, which include 1. Deleting files and emails 2. Hiding files with encryption 3. Password protection 4. Embedding information in unrelated files 5. Using WI-FI networks and cyber cafes to cover tracks F. The task of forensic investigators includes 1. Restoring deleted files and emails 2. Finding the hidden files through complex password encryption programs and searching techniques 3. Tracking criminals through the digital trail IP addresses, to ISPs, to the offender Activities 1. Have the students process an electronic crime scene by creating a sketch complete with the appropriate measurements (see the Electronic Crime Scene Sketch Sample). The activity can best be conducted in the school library or computer lab with students taking measurements, obtaining photographs, and illustrating a diagram of the computer room. Students will identify and label all items located, including modems, ports, printers, and connecting wires. This activity can be completed either individually or in small work groups. Use the Individual Work Rubric, the Group Evaluation Rubric and the Peer Evaluation Rubric as needed for assessment. 2. Have the students write a research paper and/or a computer-based presentation regarding a cybercrime of their choice (identity theft, harassment, piracy, etc). Use the Research Rubric and/or the Presentation Rubric for assessment. Assessments Computer Forensics Exam and Key Discussion Rubric Group Evaluation Rubric Individual Work Rubric Peer Evaluation Rubric Presentation Rubric Research Rubric Materials 7

Computer Forensics computer-based presentation Computer Forensics Key Terms Electronic Crime Scene Sketch Sample White board/chalk board Computer with Internet Access Resources 0135158494, Forensic Science: From the Crime Scene to the Crime Lab, Richard Saferstein, Prentice Hall, 2008 0205592406, Introduction to Private Security: Theory Meets Practice, Cliff Roberson and Michael L. Birzer, Prentice Hall, 2009 0750684321, Introduction to Security, Robert J. Fischer and Gion Green, Butterworth-Heinemann, 2008 Investigator/Officer s Personal Experience Accommodations for Learning Differences For reinforcement, the students will research and explain the difference between hardware and software. Use the Individual Work Rubric for assessment. For enrichment, the students will write a research paper about the instruments that cybercriminals use to commit their crimes. Use the Research Rubric for assessment. State Education Standards Texas Essential Knowledge and Skills for Career and Technical Education 130.298. Security Services (One to Two Credits). (5) The student analyzes the role of computer forensics in security operations. The student is expected to: (A) summarize the role of computer applications relating to forensics investigations; and (B) investigate criminal activity in areas such as cyber crime, the Internet, and Internet trafficking. College and Career Readiness Standards Mathematics Standards III. Geometric Reasoning A. Figures and their properties 1. Identify and represent the features of plane and space figures. IV. Measurement Reasoning A. Measurement involving physical and natural attributes 1. Select or use the appropriate type of unit for the attribute being measured. 8

Computer Forensics Key Terms Bit short for binary digit; takes the form of either a one or a zero; the smallest unit of information on a machine (Saferstein, 2009) Byte a group of eight bits (Saferstein, 2009) Central Processing Unit (CPU) the central component of a computer where all of the data is processed Cluster a group of sectors in multiples of two, typically the minimum space allocated in a file (Saferstein, 2009) Computer Case/Chassis the box that typically rests besides the computer monitor and houses the internal components of the computer File Slack the area that begins at the end of the last sector that contains logical data and terminates at the end of the cluster (Saferstein, 2009) Hard Disk Drive (HDD) the location in a computer where data is stored and retrieved Hardware the physical material that comprises a computer Input Devices used to get data into the computer Internet (a.k.a. information superhighway) a computer network that provides information globally Latent Data areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless (Saferstein, 2009) Message Digest 5 (MD5) Secure Hash Algorithm a software algorithm used to fingerprint a file or the contents of a disk; used to verify the integrity of data (Saferstein, 2009) Motherboard the primary board that contains the main circuitry for the computer Operating System (OS) essentially, the software that directs basic functions and operations within a computer Output Devices used to get data from the computer Partition the process of dividing a hard disc drive into different independent sections Power Supply converts the power from the wall outlet to a usable form for the computer and its components RAM Slack the area beginning at the end of the logical file and terminating at the end of that sector; in some older operating systems this area is padded with information in RAM (Saferstein, 2009) Random Access Memory (RAM) the location in a computer where the operating system that is in use can be stored and retrieved for quick reference by the CPU Read Only Memory (ROM) chips that store programs called firmware and are used to start the boot process and configure a computer s components Sector the smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes (Saferstein, 2009) Software programs and operations that are used by a computer System Bus a vast complex network of wires that carries data from one hardware device to another and is located on the motherboard Swap File a file or defined space on the HDD to which data is written or swapped to free RAM for applications that are in use (Saferstein, 2009) Temporary Files files temporarily written by an application to perform a function (Saferstein, 2009) Unallocated Space the space on a hard drive that contains available space; the space may also contain temporary and deleted files Visible Data data from a computer that is openly visible and available to users 9

Name: Date: Computer Forensics Exam Matching a. Bit l. Operating System b. Byte m. Partition c. Central Processing Unit n. RAM Slack d. Cluster o. Random Access Memory e. File Slack p. Sector f. Hard Disk Drive q. Software g. Hardware r. Swap File h. Internet s. Temporary Files i. Latent Data t. Unallocated Space j. Message Digest 5 Secure Hash Algorithm u. Visible Data k. Motherboard 1. The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes 2. The location in a computer where the operating system that is in use can be stored and retrieved for quick reference by the CPU 3. A file or defined space on the HDD to which data is written, or swapped, to free RAM for applications that are in use 4. The software that directs basic functions and operations within a computer 5. The space on a hard drive that contains available space; the space may also contain temporary and deleted files 6. Data from a computer that is openly visible and available to users 7. The area beginning at the end of the logical file and terminating at the end of that sector; in some older operating systems this area is padded with information in RAM 8. Programs and operations that are used by a computer 9. Files temporarily written by an application to perform a function 10. A group of eight bits 11. Short for binary digit; takes the form of either a one or a zero, and is the smallest unit of information on a machine 12. The central component of a computer where all of the data is processed 13. The area that begins at the end of the last sector that contains logical data and terminates at the end of the cluster 10

14. A group of sectors in multiples of two, typically the minimum space allocated in a file 15. A computer network that provides information globally 16. A software algorithm used to fingerprint a file or contents of a disk; used to verify the integrity of data 17. Consists of the physical material that comprises a computer 18. The location in a computer where data is stored and retrieved 19. Areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless 20. The process of dividing a hard disc drive into different independent sections 21. The primary board that contains the circuitry for the computer Answer the following multiple choice questions 22. Which of the following is not considered a hardware device? A. The hard disk drive B. The mouse C. The Random Access Memory D. The monitor E. The operating system 23. Which of the following describes a motherboard? A. Connects to every device used by the system B. Has a socket to accept ram C. Is the main circuit board within a computer D. All of the above E. ne of the above 24. The term bit is short for which of the following? A. Byte B. Tidbit C. Binary digit D. Database E. Beneath image threshold 11

25. The primary form of data storage within a personnel computer is which of the following? A. The hard disk drive B. The CD-ROM C. A thumb drive D. The recycle bin E. A zip drive 26. The first thing a crime scene investigator should do when encountering computer forensic evidence is which of the following? A. Unplug every device from the CPU to preserve the hard disk drive B. Take the system to the laboratory for processing C. Procure a warrant to search D. Tape each cable to its adjoining component in an effort to preserve the integrity of the physical connections E. Document the scene 27. The ultimate goal of obtaining an image of a hard disk drive is to do which of the following? A. Locate as much incriminating information as possible B. Obtain information without altering the drive in any way C. Preserve the photographs and video stored on the drive D. Attempt to determine the owner of the computer in question E. Give priority to the text files on the drive 28. Which of the following is one of the most common places to begin to look for evidential data? A. A CAD package B. The word processing or text based document files C. Any learn to type tutorial D. The spreadsheet files E. A photograph editing program 29. Which of the following is the best definition of latent data? A. Unallocated space B. Anything readily available to the use, also known as visible data C. An automatically saved copy of a file that was recently modified D. Those data which are typically of little use to forensic investigators E. Those data that are hidden from view 30. Which of the following describes what happens once a file is deleted by a user? A. It is obliterated from the system and cannot be recovered B. It is retained until the disk space it occupies is allocated for another use C. It may be identified using forensic image acquisition software D. A and B E. B and C 12

31. Evidentiary data may be recovered from which of the following? A. Unallocated space on the HDD B. Slack space on the HDD C. Ram swap files D. All of the above E. ne of the above 32. A cluster is a group of in multiples of? A. Sectors, two B. Partitions, two C. Disks, four D. Cylinders, three E. Tracks, three 33. Which of the following is not considered software? A. Accounting applications B. Operating systems C. Web browsers D. Word processors E. Floppy discs 34. Sectors are typically bytes in size. A. 1024 B. 126 C. 256 D. 512 E. 2050 35. One should not search for visible data in which of the following? A. Quicken B. Temporary files C. Swab files D. Windows E. Unallocated spaces 13

Computer Forensics Exam Key 1. P 2. O 3. R 4. L 5. T 6. U 7. N 8. Q 9. S 10. B 11. A 12. C 13. E 14. D 15. H 16. J 17. G 18. F 19. I 20. M 21. K 22. E 23. D 24. C 25. A 26. C 27. B 28. B 29. E 30. E 31. D 32. A 33. E 34. D 35. E 14

Name Date Group 1 Group Evaluation Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score Group 2 Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score 15

Group 3 Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score Group 4 Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score 16

Group 5 Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score Group 6 Did the group take the assignment seriously? Could you tell what the group was trying to portray? Was the group portrayal creative? Did the group include the correct elements? Would you like to see this group demonstrate their talent for you in the future? Total Score 17

Your Name Your Group Number Peer Evaluation 1) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 2) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 18

3) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 4) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 19

5) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 6) Name of Student At what level of seriousness did they take this activity? t Very Serious Very Serious Did they make a significant contribution to the brainstorming process? Did they make a significant contribution to preparing for the activity? What was the level of their participation in the activity(s)? ne A Lot Would you want to work with this person in a group again based on their level of productivity? Total Score 20

Name Date Objectives 4 pts. Excellent Discussion Rubric 3 pts. Good 2 pts. Needs Some Improvement 1 pt. Needs Much Improvement N/A Pts. Participates in group discussion Encourages others to join the conversation Keeps the discussion progressing to achieve goals Shares thoughts actively while offering helpful recommendations to others Gives credit to others for their ideas Respects the opinions of others Involves others by asking questions or requesting input Expresses thoughts and ideas clearly and effectively Total Points (32 pts.) Comments: 21

Name Date Objectives Follows directions Student completed the work as directed, following the directions given, in order and to the level of quality indicated 4 pts. Excellent Individual Work Rubric 3 pts. Good 2 pts. Needs Some Improvement 1 pt. Needs Much Improvement N/A Pts. Time management Student used time wisely and remained on task 100% of the time Organization Student kept notes and materials in a neat, legible, and organized manner. Information was readily retrieved Evidence of learning Student documented information in his or her own words and can accurately answer questions related to the information retrieved *Research/Gathering information (if relevant) Student used a variety of methods and sources to gather information. Student took notes while gathering information Total Points (20 pts.) Comments: 22

Name: Date: Presentation Rubric Objectives Topic/Content Topic discussed completely and in-depth Includes properly cited sources (if used) Creativity/Neatness Integrates a variety of multimedia effects to create a professional presentation (transition and graphics) or appropriate visual aid used Title slide, table of contents, bibliography are included, using acceptable format Mechanics Grammar, spelling, punctuation, and capitalization are correct Image and font size are legible to the entire audience Oral Presentation Communicates with enthusiasm and eye contact Voice delivery and projection are dynamic and audible Audience Interaction Presentation holds audience s attention and relates a clear message Clearly and effectively communicates the content throughout the presentation 4 pts. Excellent 3 pts. Good 2 pts. Needs Some Improvement 1 pt. Needs Much Improvement N/A Pts. Total Points (20 pts.) Comments: 23

Name Date Objectives Question/goal Student identified and communicated a question or goal of the research 4 pts. Excellent Research Rubric 3 pts. Good 2 pts. Needs Some Improvement 1 pt. Needs Much Improvement N/A Pts. Research/Gathering information (if relevant) Student used a variety of methods and sources to gather information. Student took notes while gathering information Conclusion/Summary Student drew insightful conclusions and observations from the information gathered. Information is organized in a logical manner Communication Student communicated the information gathered and summary or conclusions persuasively. Student demonstrated skill in the use of media used to communicate the results of research Reflection Student reflected on the importance of the research and its potential application Total Points (20 pts.) Comments: 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback