Assignment:
Answer each question thoroughly.
1. Briefly discuss some basic strategies for circumventing CMOS passwords.
The answer should include the following points:
- Jumping the CMOS password
- Short-circuiting the chip
- Pulling the battery
- Recovering passwords
- Default passwords
- Social engineering/brute force
- Key disks
2. Which are the most common places in a suspect computer where traces of evidence from Internet activity can be found?
The answer should include the following points:
- Internet Protocol (IP) Addresses
- Domain Name System
- MAC Address
- Traceroute
3. Discuss forensic investigation in non-Window operating systems.
The answer should include the following points:
- Macintosh operating system
- Imaging
- Finding evidence
- Forensic toolkits: Black Bag Technologies Mac Forensic Software and MacForensicsLab
- Linux/Unix Operating Systems
- Tools: Maresware: Linux Forensics, the Farmer's Boot CD, and SMART
4. Why is documentation so important for any successful criminal investigation? List the minimum non-computer-specific documentation required for an investigation.
The answer should include the following points:
- Investigative tactics and collection procedures dissected in court
- Inalienable credibility with judicial officials
- Facilitates the chain of custody necessary for evidence validity
- Photographed or videotaped evidence nullifies defense arguments that officers contaminated or corrupted criminal evidence
5. What steps must be taken to protect computer evidence from getting destroyed, contaminated, or corrupted?