Chapter 9

  1. What set of rules states the General Provisions Governing Discovery and Duty of Disclosure?

    Answer: Federal Rule of Civil Procedure 26

  2. What are some of the items of information that a forensic examiner might be requested to provide under Rule 30(b)(6)?

    Answer: Quantity, types, and locations of computers in use; operating systems and application software and dates of use; file-naming conventions and location saving directories; backup disk or tape inventories and schedules; corporate computer use policies; identities of current and former employees responsible for systems operations

  3. Why is a template recommended for reports ?

    Answer: A template can provide uniformity in all your work.

  4. Where can you find out how to properly document and sample log sheets?

    Answer: Use the National Institute of Justice document titled 'Forensic Examination of Digital Evidence: A Guide for Law Enforcement,' Appendix C.

  5. When should you consider using diagrams as a method of documentation?

    Answer: A jury might not understand the workings of computers and networks; therefore, you might want to use pictures or drawings to get your point across.

  6. Why should you videotape the entry of all persons into the crime scene?

    Answer: Taping the actual entrance of a forensics team into a crime scene area helps to refute claims that evidence was planted at the scene.

  7. Why is it important to be cautious when you are transporting evidence from the crime scene to the lab for analysis?

    Answer: Electrostatic discharge (ESD) can kill your computer components . Electromagnetic fields created by magnets and radio transmitters can alter or destroy data during transport.

  8. When formulating a concise report, what are some items you should consider?

    Answer: Understand the importance of the reports. Limit the report to specifics. Design the layout and presentation in an easy-to-understand format. Understand the difference between litigation support reports and technical reports. Write clearly, provide supporting material, explain the methods used in data collection, and explain the results.

  9. Why are timelines of computer usage and file accesses important when processing computer evidence?

    Answer: It is important to document the accuracy of these settings on the seized computer to validate the accuracy of the times and dates associated with any relevant computer files. The current time and date should be compared with the date and time stored in the computer.

  10. What are some items that your report should contain?

    Answer: Name of the reporting agency and case investigator , case number, date of the report, list of the items examined, description of the examination process, and results and/or conclusion.

Computer Forensics JumpStart
Computer Forensics JumpStart
ISBN: 0470931663
EAN: 2147483647
Year: 2004
Pages: 153

Similar book on Amazon © 2008-2017.
If you may any questions please contact us: