Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Forensic Science

here

advertisement 
BACS 371
Test #2 Study Hints Sheet
Test 2 will be held on Thursday April 2nd in the normal classroom. The test is over textbook reading, supplemental
reading, handouts, lecture, homework, and lab assignments. You will have the full 75 minutes to complete the exam.
Bring two pencils and an eraser for the test. You may also bring a single 3 ½ by 5 inch index card with handwritten notes.
You may not use any technology to miniaturize your notes onto this card. Cards are subject to inspection and will be
confiscated if they do not meet these criteria. You will not be allowed to use your books or any notes in any format other
than this single index card. Technical information needed to answer the questions will be provided by the instructor as part
of the test. I assume that you have attended class, read the textbook and supplemental readings, and done the homework /
labs. What is given below is for extra study emphasis. In other words, you may be asked questions not specifically
mentioned below. Good Luck!
General:
Know the terms covered in the chapters
Know the key principles covered in the chapters. Don’t just memorize lists of items
Review the lecture slides used in class
Textbook / Supplemental Reading / Lecture Material:
Review chain of custody procedures & evidentiary process procedures (prior slides & lecture)
Live acquisition procedures (textbook)
“Order of volatility” in digital evidence (textbook)
Characteristics of MAC timestamps (modify, access, create) (textbook pages 159-161)
Drive imaging procedures, processes, and concepts (lab and textbook)
Basic understanding of alternate data streams and their forensic importance
Basic understanding of steganography and its importance to forensics
Places and ways to hide evidence (unallocated space, drive slack, RAM slack, …), encryption, HPAs… (lecture & slides)
Basic data recovery terms and concepts (textbook)
Basic data carving terms and concepts (textbook)
Basic SleuthKit knowledge
Lab and Technical Material:*
5 file system layers, purpose and description of each (lecture and textbook)
Basic file system characteristics (FAT, FAT32, NTFS) (lecture slides and textbooks)
NTFS file system characteristics (attributes, resident vs. non-resident, $MFT, $DATA cluster runs, …) (textbook &
lecture)
Partition Analysis (Partition boot record, BIOS Parameter Block, basic structure FAT & FAT32, NTFS) (labs)
Given a hex representation of a FAT Partition Boot Record, be able to decode the key information (which could include
bytes per sector, sectors per cluster, sectors per track, & total sectors, etc.)
Given a hex representation of a FAT32 directory, be able to decode a long and short filename from then entry. Also, be
able to recognize if the file is deleted or not.
Be able to interpret the delete status and other key characteristics of a file in a WinHex Directory Browser listing
Be able to manually convert between decimal to binary to hex
Miscellaneous:
Purpose of write blockers
Use of basic Linux commands (e.g., pwd, ls, rm, cp, mv, cd) (lecture)
Advantages of Linux (lecture)
* Note: A forensic “cheat sheet” will be provided that gives all the byte offset information needed to answer the technical
hex dump questions.
BACS 371 - Test #2 Study Hints
1
Spring 2015
Related documents
Acrostic Poem Directions
Acrostic Poem Directions
Lesson 1: Square Numbers and Area Models
Lesson 1: Square Numbers and Area Models
Textbooks Selection Form
Textbooks Selection Form
handout 1(goals module) activities (2)
handout 1(goals module) activities (2)
Teaching and Learning : Teacher
Teaching and Learning : Teacher
My Math
My Math
Download
advertisement