CHFI | 336 Questions and Answers(A+ Solution guide)

Key steps for Forensic Investigation - 1. Identify the Computer Crime. 2. Collect Primary Evidence. 3. Obtain court warrant for seizure (if required). 4. Perform first responder Procedures. 5. Seize evidence at the crime scene. 6. Transport Evidence to the forensic laboratory. 7. Create 2-bit stream copies of the evidence. 8. Generate MD5 checksum on the images. 9. Chain of Custody. 10. Store the original evidence in a secure location. 11. Analyze the image copy for evidence. 12. Prepare a forensics report. 13. Submit the report to the client. 14. Attend Court and testify as an expert witness. (if necessary) Modes of attack. - Internal External Enterprise Theory of Investigation (ETI) - Individuals commit crime, to further the Criminal Enterprise (sindicate) itself. Law Enforcement targets and dismantles the entire criminal enterprise. What year did the FBI establish the first forensic Laboratory? - 1932 4 reasons for increase of computers in criminal activity? - 1. Expense 2. Speed. 3. Anonymity.4. Fleeting nature of digital evidence. Cybercrime - Deliberate acts, using a computer, to Commit or Facilitate a crime. Steps to Investigating a computer crime - 1, Determine an incident has occurred. 2. Find/ Interpret clues. 3. Preliminary assessment and Search for evidence. 4. Search and Seize computer equipment. 5. Collect Evidence. Forensic rule that allows the admissibility of duplicates. - Rule: 1003 Forensic rule that sets requirements for original evidence. - Rule: 1002 Computer investigation toolkit should contain: - Laptop computer with appropriate software. Operating systems at Patches. Application media. Write protected backup devices. Blank Media. Basic networking equipment and cables. Imaging - Duplicate data (bit-stream) to preserve the original data Exceptions to 4th amendment. Conditions required toSeize without a Warrant. - 1. NO reasonable expectation of privacy. 2. Falls within an established exception to the warrant requirement.Electronic Communications Service (ECS) - Any service which provides the ability to send or receive electronic communications