WGU C702 Final Exam Questions With Answers (Latest Graded A+ 2023/2024)

WGU C702 Final Exam Questions With Answers (Latest Graded A+ 2023/2024)Best Evidence Rule - ANSWER ==states that secondary evidence, or a copy, is inadmissible in court when the original exists. Duplicate evidence will suffice under the following conditions: -Original evidence is destroyed due to fire or flood -Original evidence is destroyed in the normal course of business -Original evidence is in possession of a third party Forensic Readiness - ANSWER ==An organization's ability to make optimal use of digital evidence in a limited period and with minimal investigation costs. Fourth Amendment - ANSWER ==Protects against unreasonable search and seizure. Government agents may not search or seize areas or things in which a person has reasonable expectation of privacy, without a search warrant. Chain of Custody - ANSWER ==a written record of all people who have had possession of an item of evidence Rule 101: Scope - ANSWER ==These rules govern proceedings in the courts of the United States and before United States bankruptcy judges and United States magistrate judges, to the extent and with the exceptions stated in rule 1101. Rule 102: Purpose and Construction - ANSWER ==These rules shall be construed to secure fairness in administration, elimination of unjustifiable expense and delay, and promotion of growth and development of the law of evidence to the end that the truth may be ascertained and proceedings justly determined. Rule 105: Limited Admissibility - ANSWER ==When evidence that is admissible as to one party or for one purpose but not admissible as to another party or for another purpose is admitted, the court, upon ITProTV Video Notes for CHFI v9 request, shall restrict the evidence to its proper scope and instruct the jury accordingly Rule 801: Hearsay - ANSWER =="Hearsay" means a statement that: (1) the declarant does not make while testifying at the current trial or hearing; and (2) a party offers in evidence to prove the truth of the matter asserted in the statement. Rule 1002. Requirement of the Original - ANSWER ==An original writing, recording, or photograph is required in order to prove its content unless these rules or a federal statute provides otherwise. Rule 1003. Admissibility of Duplicates - ANSWER ==A duplicate is admissible to the same extent as the original unless a genuine question is raised about the original's authenticity or the circumstances make it unfair to admit the duplicate. Rule 1004. Admissibility of Other Evidence of Content - ANSWER ==Admissibility of Other Evidence of Content Scientific Working Group on Digital Evidence (SWGDE) - ANSWER ==brings together organizations actively engaged in the field of digital and multimedia evidence to foster communication and cooperation as well as to ensure quality and consistency within the forensic community. Computer Forensics Investigation Process - ANSWER ==1. Pre-Investigation 2. Investigation 3. Post-Investigation Pre-Investigation - ANSWER ==Tasks performed prior to investigation Setting up a computer forensics lab, toolkit, and workstation Investiagtion - ANSWER ==Main phase in computer forensics investigation Acquisition, preservation, and analysis of the data Post-Investigation - ANSWER ==Reporting and documentation of all the actions undertaken and the findings Ensure that the target audience can easily understand the report Ensure report provides adequate and acceptable evidence Computer Forensics Laboratory - ANSWER ==Work area considerations (50-63 sq. ft per station) no windows ASCLD/Lab Accreditation ISO/IEC 17025 Forensic Hardware Tools - ANSWER ==FRED, Paraben's StrongHold, PC-3000 Data Extractor, Paraben's Chat Stick, RAPID IMAGE 7020 X2, RoadMASSter-3 X2, ZXTower, Data Recovery Stick, Tableau T8-R2 Forensic USB Bridge FRED - ANSWER ==Acquires data directly from hard drives and storage devices Paraben's StrongHold - ANSWER ==blocks out wireless signals PC-3000 Data Extractor - ANSWER ==Diagnoses and fixes file system issues, so data can be obtained Paraben's Chat Stick - ANSWER ==Thumb drive devices; searches the entire computer and scan for chat logs RAPID IMAGE 7020 X2 - ANSWER ==Copy one "Master" hard drive to up to 19 "Target" hard drives RoadMASSter-3 X2 - ANSWER ==Ruggedized portable lab for HDD data acquisition and analysis. ZX-Tower - ANSWER ==Secure sanitization of hard disk Data Recovery Stick - ANSWER ==Recovers deleted files Tableau T8-R2 Forensic USB Bridge - ANSWER ==Write blocking of USB storage devices Cain & Abel - ANSWER ==Password recovery for Windows OS Sniffs the network, cracks encrypted passwords using dictionary, brute-force, and cryptanalysis attacks Recuva - ANSWER ==Recover lost pictures, music, docs, video, email. Recover all types of lost files from disk or removable media Capsa - ANSWER ==Sniffer R-Drive Image - ANSWER ==Creation of disk image files for backup FileMerlin - ANSWER ==Converts word processing to a wide range of file formats AccessData FTK - ANSWER ==Court-cited digital investigations platform provides processing and indexing up front EnCase - ANSWER ==Rapidly acquire data and unearth potential evidence with disklevel forensic analysis The Sleuth Kit - ANSWER ==Command line tools to analyze disk images and recover files L0phtCrack - ANSWER ==Password auditing and recovery software. Recover lost Microsoft Windows passwords using a dictionary, hybrid, rainbow, and brute-force attacks Ophcrack - ANSWER ==Windows Password cracker based on rainbow tables Computer Forensic Tool Testing Project (CFTT) - ANSWER ==NIST, establishes a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. Image Integrity Tools - ANSWER ==HashCalc, MDF Calculator, HashMyFiles HashCalc - ANSWER ==Create MD5 has for files, text and hex string (13 different algorithms) MDF Calculator - ANSWER ==View MD5 hash to compare to provided hash value HashMyFiles - ANSWER ==Calculate MD5 hash on one or more files File Fingerprinting Recover My Files - ANSWER ==recover deleted files emptied from the windows recycle bin and files lost due to the format or corruption of a hard drive, virus, or trojan infection, and unexpected system shutdown or software failure Advanced Disk Recovery - ANSWER ==Quick or deep scan for lost or deleted files UndeletePlus - ANSWER ==Quick or deep scan for lost or deleted files. same as Advanced Disk Recovery Data Analysis Tools - ANSWER ==FTK Imager, EnCase Forensic, The Sleuth Kit (TSK)