An organization has identified a system breach and has collected volatile data from the system.
Which evidence type should be collected next?
An organization believes that a company-owned mobile phone has been compromised.
Which software should be used to collect an image of the phone as digital evidence?
What are the three basic tasks that a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation?
Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)?
After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a forensics expert is hired to investigate the crime and collect evidence.
Which digital evidence should be collected?
The chief executive officer (CEO) of a small computer company has identified a potential hacking attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify the source of the hack?
A forensic scientist is examining a computer for possible evidence of a cybercrime.
Why should the forensic scientist copy files at the bit level instead of the OS level when copying files from the computer to a forensic computer?
Which term describes the used space between the end of a file and the end of the last cluster assigned to the file?
A police detective investigating a threat traces the source to a house. The couple at the house shows the detective the only computer the family owns, which is in their son's bedroom. The couple states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?
A forensics investigator is investigating a Windows computer which may be collecting data from other computers on the network.
Which Windows command line tool can be used to determine connections between machines?
A forensic specialist is about to collect digital evidence from a suspect's computer hard drive. The computer is off.
What should be the specialist's first step?
Thomas received an email stating he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account.
Which digital evidence should be considered to determine how Thomas' account information was compromised?
Which law or guideline lists the four states a mobile device can be in when data is extracted from it?