CSCI 511: Final Liberty University
CSCI 511 Final Liberty University
The file allocation table is really a list of entries that map to each on the disk partition.
The unused space between the logical end of file and the physical end of file is known as .
What is meant by home location register (HLR)?
is the process whereby the file system keeps a record of what file transactions take place so that in the event of a hard drive crash, the files can be recovered.
The standard of proof in a civil trial is:
The following are characteristics of the certification: Only lawenforcement personnel and government employees working as system forensics examiners may join. Students learn to interpret and trace e-mail, acquire evidence properly, identify operating systems, recover data, and understand encryption theory and other topics. Students must pass a written exam before continuing to the next level. There are multiple levels.
One of the first steps in any forensic examination should be to check the logs. If you need to know what documents have been printed from the Macintosh, the
folder can give you that information.
The , which is imprinted on the SIM card, can be used by the service provider operator to trace the SIM card back to the number that it was assigned to.
What name is given to analysis involving using the native operating system, on the evidence disk or a forensic duplicate, to peruse the data?
Digital cameras contain a wealth of metadata in:
Certain exceptions may justify the search of a computer without a warrant, including .
There are five ways to document the crime scene:
The attack hijacks a TCP connection between a client and a server.
There are four layers to iOS. The layer is how applications interact with the iOS.
Which of the following common e-mail header fields is commonly used with values “bulk,” “junk,” or “list”; or used to indicate that automated “vacation” or “out of office” responses should not be returned for the mail?
is essentially data about the data. In the case of files, it can include creation time/date, size, last modified date, and even file header information.
What is meant by steganalysis?
The required states to implement a sex offender registry.involve written questions that are provided to a witness.
When filing a , the attorney seeks a pretrial ruling on the admissibility of evidence.
To establish the competency of a technical or expert witness to participate in a trial, a thorough examination of that person’s background and credentials is required. This occurs through a process known as .
In which DoS attack does the attacker send fragments of packets with bad values
The states that forensic tools, techniques, procedures and evidence are admissible in court only if they have a “general acceptance” within the scientific community.
Because the requires that scientific evidence presented in court be generally accepted in the relevant scientific field, new techniques need to be verified before being used in court.
Maintaining is a problem with live system forensics in which data is not acquired at a unified moment.
The TCP header has synchronization bits that are used to establish and terminate communications between both communicating parties. The bit acknowledges the attempt to synchronize communications.
occurs when a SIM card’s identifying information is copied to a different SIM card. That card can then be used in a new phone but will operate as if it were the original phone.
The National Institute of Standards and Technology (NIST) guidelines list four different states a mobile device can be in when you extract data. Devices are in the state when received from the manufacturer.
The standard for wireless communication of high-speed data for mobile devices is what is commonly called 4G.
The subscriber identity module (SIM) is a memory chip that stores the .
is the process by which investigators preserve the crime scene and evidence throughout the life cycle of a case.
The is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered.
The is a federal wiretap law for traditional wired telephony that was expanded to include wireless, voice over packet, and other forms of electronic communications, including signaling traffic and metadata.
Which Linux shell command lists all currently running processes that the user has started (any program or daemon is a process)?has a source and destination port number, but it lacks a sequence number and synchronization bits.
What term is used to describe statements that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury?
Eyewitness testimony is an example of:
A port is a number that identifies a channel in which communication can occur. There are certain ports a forensic analyst should know on sight. Which port uses DNS to translate uniform resource locators into Web addresses and possibly retrieve other information about the system that matches the URL?
provide a narrative of what happened at the crime scene and how the investigation of the scene was conducted.
is a type of scam in which the offender creates a Web site that looks identical to an authentic Web site. However, the mirror Web site carries a malicious payload.
Electronic evidence must be extracted first from a CD before the investigator dusts it for fingerprints so as not to damage it.
A common portscan is the FIN scan, wherein a packet is sent with the FIN flag turned on. If the port is open, this generates an error message. Because there was no prior communication, an error is generated telling the hacker that this port is open and in use.
When a file is deleted on the iPhone, iPad, or iPod, it is actually moved to the
.Trashes\501 folder so the data is still there until it is overwritten, which means recently deleted files can be retrieved.
Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect’s fingerprints on it, or a handwritten note.
The Fourth Amendment applies to searches conducted by private individuals, businesses, and nongovernmental agencies.
A victim of a criminal act can sue the perpetrator for damages in civil court.
An individual cannot be compelled by authorities to reveal passwords to
Spaces can be left in bound notebooks to go back and make any additions to previous entries.
What is the first thing a forensic investigator should do in mobile phone investigations?
Also Check Out: CSCI 511: Midterm Liberty University
What are the advantages to using external computer forensics investigators in corporate cases?
ADDITIONAL INSTRUCTIONS FOR THE CLASS
Discussion Questions (DQ)
Initial responses to the DQ should address all components of the questions asked, include a minimum of one scholarly source, and be at least 250 words.
Successful responses are substantive (i.e., add something new to the discussion, engage others in the discussion, well-developed idea) and include at least one scholarly source.
One or two sentence responses, simple statements of agreement or “good post,” and responses that are off-topic will not count as substantive. Substantive responses should be at least 150 words.
I encourage you to incorporate the readings from the week (as applicable) into your responses.
Weekly Participation
Your initial responses to the mandatory DQ do not count toward participation and are graded separately.
In addition to the DQ responses, you must post at least one reply to peers (or me) on three separate days, for a total of three replies.
Participation posts do not require a scholarly source/citation (unless you cite someone else’s work).
Part of your weekly participation includes viewing the weekly announcement and attesting to watching it in the comments. These announcements are made to ensure you understand everything that is due during the week.
APA Format and Writing Quality
Familiarize yourself with APA format and practice using it correctly. It is used for most writing assignments for your degree. Visit the Writing Center in the Student Success Center, under the Resources tab in LoudCloud for APA paper templates, citation examples, tips, etc. Points will be deducted for poor use of APA format or absence of APA format (if required).
Cite all sources of information! When in doubt, cite the source. Paraphrasing also requires a citation.
I highly recommend using the APA Publication Manual, 6th edition.
Use of Direct Quotes
I discourage overutilization of direct quotes in DQs and assignments at the Masters’ level and deduct points accordingly.
As Masters’ level students, it is important that you be able to critically analyze and interpret information from journal articles and other resources. Simply restating someone else’s words does not demonstrate an understanding of the content or critical analysis of the content.
It is best to paraphrase content and cite your source.
LopesWrite Policy
For assignments that need to be submitted to LopesWrite, please be sure you have received your report and Similarity Index (SI) percentage BEFORE you do a “final submit” to me.
Once you have received your report, please review it. This report will show you grammatical, punctuation, and spelling errors that can easily be fixed. Take the extra few minutes to review instead of getting counted off for these mistakes.
Review your similarities. Did you forget to cite something? Did you not paraphrase well enough? Is your paper made up of someone else’s thoughts more than your own?
Visit the Writing Center in the Student Success Center, under the Resources tab in LoudCloud for tips on improving your paper and SI score.
Late Policy
The university’s policy on late assignments is 10% penalty PER DAY LATE. This also applies to late DQ replies.
Please communicate with me if you anticipate having to submit an assignment late. I am happy to be flexible, with advance notice. We may be able to work out an extension based on extenuating circumstances.
If you do not communicate with me before submitting an assignment late, the GCU late policy will be in effect.
I do not accept assignments that are two or more weeks late unless we have worked out an extension.
As per policy, no assignments are accepted after the last day of class. Any assignment submitted after midnight on the last day of class will not be accepted for grading.
Communication
Communication is so very important. There are multiple ways to communicate with me:
Questions to Instructor Forum: This is a great place to ask course content or assignment questions. If you have a question, there is a good chance one of your peers does as well. This is a public forum for the class.
Individual Forum: This is a private forum to ask me questions or send me messages. This will be checked at least once every 24 hours.