1. What is electronic discovery?
Answer: Electronic discovery is the process whereby electronic documents are collected, prepared, reviewed, and distributed in the pursuit of legal or governmental proceedings.
2. Name some examples of electronic discovery items.
Answer: Examples of electronic discovery items include e-mail, system and devices logs, word-processing documents, plaintext files, database files, spreadsheets, digital art, photos, and presentations.
3. The recovery of data focuses on what four factors?
Answer: When recovering data, forensic investigators focus on these four factors: identifying meaningful evidence; determining how to preserve that evidence; extracting, processing, and interpreting that evidence; and ensuring that such evidence is acceptable in a court of law.
4. Who works under more restrictive rules, law enforcement officials or corporate employees?
Answer: Law enforcement officials work under more restrictive rules than corporate employees. Often, law enforcement must obtain a court order to seize evidence.
5. What is incident response?
Answer: Incident response is an action or series of actions undertaken to respond to a situation to promote speedy and safe recovery of systems, data, and services.
6. Why is social engineering hard to prevent and detect?
Answer: Social engineering plays on human weaknesses and thus is difficult to prevent. It’s also hard to detect because organizations can exercise so little influence over employees’ lack of common sense or ignorance, although training can be provided to reduce such ignorance.
7. Why aren’t incidents reported in many corporate environments?
Answer: Corporations are often unsure which law enforcement agency (state or local, FBI, and so forth) to contact regarding incidents. Many organizations also believe that damage to reputation and customer confidence from disclosure of an incident may outweigh the benefits of (or indeed, the legal requirements for) such disclosure.
8. What law was passed to avoid future accounting scandals such as those involving Enron and WorldCom?
Answer: The Sarbanes-Oxley Act is intended to prevent accounting scandals such as those involving Enron and WorldCom.
9. Name some factors that help to determine which criminal cases get priority.
Answer: In determining criminal case priority, law enforcement considers such factors as the amount of harm inflicted, crime jurisdiction, success of investigation, availability and training of personnel, and frequency of the crime.
10. Name a good resource for computer forensic training for law enforcement.
Answer: In addition to training received at the police academy, law enforcement officers interested in a career in computer forensics should consider additional computer forensic training courses such as those offered by Guidance Software, the SANS Institute, AccessData, and the International Association for Computer Investigative Specialists (IACIS).