Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
79 Cards in this Set
- Front
- Back
a branch of Forensic Science that uses investigation and analysis techniques to find and determine legal evidence found in computer and digital storage mediums. |
Computer forensic |
|
referred to as computer forensics analysis, electronic and data discovery. |
Computer forensics |
|
is the process of methodically examining electronic media (Hard disks, Disk tapes, Floppy disks, etc.) for evidence. |
Computer Analysis and Computer Examination |
|
an FBI program was created. For a time it was known as magnet media program. |
1984 |
|
the father of Computer Forensics, began to work on it.
|
Michael anderson |
|
CART |
Computer Analysis and Response Team |
|
International Organization on Computer Evidence (IOCE) was formed. |
1995 |
|
The G8 countries declared that “Law Enforcement personnel must be trained and equipped to address hi-tech crimes”. |
1997 |
|
INTERPOL Forensic Science symposium was held. |
1998 |
|
FBI CART case load exceeds 2000 cases examining, 17 terabytes of data. |
1999 |
|
First FBI Regional Computer Forensic Laboratory established. |
2000 |
|
FBI CART case load exceeds 6500 cases, examining 782 terabytes of data. |
2003 |
|
stands for that the evidence must be usable. If the evidence is not usable, then it is considered not present. |
Admissible |
|
The expert must be able to explain that the evidence is related to the incident in a relevant manner. |
Aunthentic |
|
: The evidence collected must show every perspective of the evidence. If it shows the possible attacker’s involvement, it must be able prove his/her innocence. |
Complete |
|
The evidence collection must be authentic and it must not cast doubt on it’s reliability. |
Reliable |
|
The evidence presented must be understandable and believable to the jury.
|
Believable |
|
are the software and hardware used for gathering data from the media storage devices of the computer that is believed to be used to commit any crime. |
forensic tools |
|
It extracts registry information from a piece of evidence (disk image etc.) whether that information was active, backed up to deleted and rebuild all the registries represented by the extracted information. |
Registry recon |
|
It extracts registry information from a piece of evidence (disk image etc.) whether that information was active, backed up to deleted and rebuild all the registries represented by the extracted information. |
Registry recon |
|
It is pre configured with all the tools to perform a detailed forensic examination. The new Ubuntu base with additional tools like replaying of entire computer activity in detail. |
SANS Investigative Tool kit |
|
is a self-contained memory analysis tool that analyses Windows OS memory and extracts information about running processes.
|
Compile Memory Analysis Tool(CMAT) |
|
is a self-contained memory analysis tool that analyses Windows OS memory and extracts information about running processes.
|
Compile Memory Analysis Tool(CMAT) |
|
This tool can acquire live memory images and analyze memory dumps. It is inclusive of Microsoft Windows. |
Memoryze |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It captures and analyzes packets. In short, it’s a protocol analyzer. |
Wire Shark |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It captures and analyzes packets. In short, it’s a protocol analyzer. |
Wire Shark |
|
It is a TCP/IP session reassembles. It records the TCP flow and stores the data such that it is convenient for protocol analysis. |
TCP flow |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It captures and analyzes packets. In short, it’s a protocol analyzer. |
Wire Shark |
|
It is a TCP/IP session reassembles. It records the TCP flow and stores the data such that it is convenient for protocol analysis. |
TCP flow |
|
is related to the investigations applied on database and metadata. |
Database forensic |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It captures and analyzes packets. In short, it’s a protocol analyzer. |
Wire Shark |
|
It is a TCP/IP session reassembles. It records the TCP flow and stores the data such that it is convenient for protocol analysis. |
TCP flow |
|
is related to the investigations applied on database and metadata. |
Database forensic |
|
It uses an algorithm to establish unique numeric identifiers (hash values) for files known to be good or bad. It was developed to reduce the amount of time required to examine files on digital media.
|
Hashkeeper |
|
It is a Universal Forensic extraction device which is both hardware and software. It is used to gather evidence from mobile devices and mobile media cards, Sims and GPS devices.
|
Cellebrite Mobile Forensics |
|
digital forensic product by MicroSystemation used to recover information from mobile phones, smart phones, GPS, navigation tools and Tablets computers. |
MicroSystemation XRY |
|
used to acquire and analyze a computers volatile memory. |
Memory forensic tool |
|
tend to have hardware and software components. |
Mobile forensic tool |
|
are designed to capture and analyze network packets either from LAN or Internet. |
Network forensic tool |
|
It captures and analyzes packets. In short, it’s a protocol analyzer. |
Wire Shark |
|
It is a TCP/IP session reassembles. It records the TCP flow and stores the data such that it is convenient for protocol analysis. |
TCP flow |
|
is related to the investigations applied on database and metadata. |
Database forensic |
|
It uses an algorithm to establish unique numeric identifiers (hash values) for files known to be good or bad. It was developed to reduce the amount of time required to examine files on digital media.
|
Hashkeeper |
|
is a window based analysis and conversion tool that fraud investigators use to analyze server or mainframe data. |
Arbutus data tool |