What is the difference between hardware and software?
Hardware: The physical components of a computer: case, keyboard, monitor, motherboard, RAM, HDD, mouse, and so on
Software: A set of instructions compiled into a program that performs a particular task
What are CDs, DVDs, and other containers for programs that are loaded into the memory of a computer referred to as?
External Computer Media
What is a computer's motherboard?
The main system board of a computer (and many other electronic devices) that delivers power, data, and instructions to the computer's components.
What carries data from one hardware device to another?
A system bus
What part of a computer actually does the computing?
The central processing unit (CPU)
What type of memory stores software programs and instructions while the computer is turned on?
Random Access Memory (RAM)
Because RAM is not permanent, and its contents are for- ever lost once power is taken away from the computer, what is it also referred to as?
Volatile memory
What is firmware?
Programs stored on ROM chips used to start the boot process and configure a computer's components
What is another name for firmware?
BIOS/basic input-output system
Why is firmware important to forensic computer investigation?
Because it allows investigators to control the boot process to some degree
What is the role of the computer's operating system (OS)?
It provides the user with a working environment and facilitates interaction with the system's components.
What is the primary storage device on most computers?
Hard Disk Drive
What is formatting?
The process of preparing a hard disk drive to store and retrieve data in its current form
Why must a hard disk drive be formatted?
To accept the data in it's current form
What are sectors and clusters?
Sectors: The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes.
Clusters: A group of sectors in multiples of two; typically the minimum space allocated to a file.
How are clusters and sectors related to one another?
Clusters are groups of sectors
What is the smallest unit of information on a computer?
A bit
What do eight bits constitute?
A byte
What is a FAT and what purpose does it serve?
A file allocation table. It tracks the location of files and folders on the hard disk drive
What aspects of a computer should be photographed close up at an electronic crime scene?
Any running computer monitor, all the connections to the main system unit, such as peripheral devices (keyboard, monitor, speakers, mouse, and so on), equipment serial numbers
Name two situations in which an investigator would not immediately unplug a computer at an electronic crime scene.
1.) if encryption is being used and pulling the plug will encrypt the data, rendering it unreadable without a password or key
2.) if data exists in RAM that has not been saved to the HDD, and will thus be lost if power to the system is discontinued.
What is the primary goal in obtaining data from a HDD?
To do so without altering even one bit of data
What is the purpose of a Message Digest 5 (MD5)/Secure Hash Algorithm (SHA)?
Used to verify the integrity of data
Why would a forensic computer examiner run such an algorithm?
Typically used to verify that an acquired image of suspect data was not altered during the process of imaging
Why would investigators want to copy blank or unused portions of the HDD?
To preserve latent data
List the two main types of evidentiary computer data.
Visible and latent data
What is swap space?
A file or defined space on the HDD to which data is written, or swapped, to free RAM for applications that are in use
What is slack space?
Empty space on a hard disk drive created be- cause of the way the HDD stores files
What effect does fragmentation have on a hard disk
drive (HDD)?
Degrade the perfor- mance of a HDD, causing the read/write heads to have to traverse the plat- ters to locate the data
What does BTK stand for?
Bind-Torture-Kill
Where were the BTK killer murders located?
Wichita, Kansas
Who was the BTK killer's first kill?
The Otara Family
In what condition were the corpses of the Otara family found?
Strangled and face down in bed
Joesphine was hung
What year did the first BTK killer murder occur?
1974
Who was the head of the BTK killer case?
Lieutenant Landwer
Who did the BTK killer target?
Women who lived alone in neighborhoods
What two things did the BTK killer send to a TV station?
A poem and a letter
Was the BTK killer a secreter or non-secreter?
Non-secreter
What did the BTK killer do to fulfill his desires when he wasn't committing a murder?
He hung himself, took photos, and then masturbated to those photos
What vehicle did the BTK killer drive?
Black Jeep Cherokee
What was the BTK killer's daily job?
Installing locks and security in homes
What slip up caused the police to reveal the name of the BTK killer?
He sent a floppy disk to the police, which revealed the name of the person and location where the floppy disk was used.
What is the BTK killer's full name?
Dennis Radar
What was the sentence for the BTK killer?
Consecutive life sentences/ 105 years
What does ransomware allow?
For hackers to access everything on your electronic devices
What machine takes a picture of the hard drive?
A duplicator
What is malware?
software that is used for malicious intent
Why are hackers techniques different?
It differs because of their location