Fbi Computer Analysis And Response Team ( Cart )

Good Essays

Course Name
Instructor’s Name
Date of Submission

Review Questions
1) Organizations mentioned in the chapter that provide computer forensics training i) The FBI Computer Analysis and Response Team (CART) ii) The Department of Defense Computer Forensics Laboratory (DCFL)
3) Fourth Amendment
4) The triad of computing security includes: vulnerability assessment, intrusion response, and investigation.
5) Three common types of digital crime
i) Financial fraud: This involves using credit cards belonging to third parties to undertake online financial transactions. ii) Hacking: Remotely gaining unauthorized access to a computer system belonging to a third party. iii) On-line stalking is the …show more content…

Depending on the operational, business or legal requirements, the actions taken in this phase tend to vary (Carrier, 2005). For instance, an investigator may be obliged by law to make a full copy of the crime data. ii) Evidence Searching Phase: Once the data has been preserved, it is imperative to locate the evidence. This step embodies searching for data that either refutes or supports the hypothesis pertaining to the incident. Depending on the nature of the incident, some known locations will be surveyed. For example, a case pertaining to Linux intrusion may prompt the investigators to search for possibilities of a newly-created user account or a rootkit. Most importantly, investigators should focus on evidence that refutes rather than supporting the hypothesis. iii) Event Reconstruction Phase: This is the final phase of the investigation. In this phase, the investigators assemble the evidence acquired to ascertain the events that took place in the system (Carrier, 2005).
2) Carrier 's 4 Phases of Analyzing a Hard Disk

The first phase of analyzing a hard disk is locating the partition tables and their data structures. In the second phase, these partitions are processed in order to identify their layout and how they are merged. Third, the layout information is extracted and fed into a data analysis tool or a file system that maps the offset of the partition. Alternatively, this information can be printed to help the user

Get Access