Facilitates the chain of custody necessary for evidence validity

Answer each question thoroughly.

1. Briefly discuss some basic strategies for circumventing CMOS passwords.

The answer should include the following points:

• Jumping the CMOS password
• Short-circuiting the chip
• Pulling the battery
• Recovering passwords
• Default passwords
• Social engineering/brute force
• Key disks

2. Which are the most common places in a suspect computer where traces of evidence from Internet activity can be found?

The answer should include the following points:

• Internet Protocol (IP) Addresses
• Domain Name System
• MAC Address
• Traceroute

3. Discuss forensic investigation in non-Window operating systems.

The answer should include the following points:

• Macintosh operating system
• Imaging
• Finding evidence
• Forensic toolkits: Black Bag Technologies Mac Forensic Software and MacForensicsLab
• Linux/Unix Operating Systems
• Tools: Maresware: Linux Forensics, the Farmer’s Boot CD, and SMART

4. Why is documentation so important for any successful criminal investigation? List the minimum non-computer-specific documentation required for an investigation.

The answer should include the following points:

• Investigative tactics and collection procedures dissected in court
• Inalienable credibility with judicial officials
• Facilitates the chain of custody necessary for evidence validity
• Photographed or videotaped evidence nullifies defense arguments that officers contaminated or corrupted criminal evidence

5. What steps must be taken to protect computer evidence from getting destroyed, contaminated, or corrupted?

PreviousNext