1. What set of rules and conventions governs how computers exchange information over the network medium?
Answer: Protocols. A protocol describes the syntax, semantics, and synchronization of communication and may be implemented in hardware, software, or both.
2. Name some factors that motivate criminal activity.
Answer: Financial gain, anger or revenge, power, addiction, boredom, thrill-seeking, intellectual gain, recognition, sexual impulses, curiosity, and psychiatric illness.
3. As a Word document is written and changed, these changes are tracked and produce a type of evidence that is called what?
Answer: Metadata. Metadata includes hidden information that Microsoft Office programs add to a file to help people collaborate on writing and editing a document. It can also include information that a person deliberately designates as hidden.
4. What types of files should arouse your suspicion when you are examining data?
Answer: Files with strange locations, strange names, or dots; files that start with a period (.) and contain spaces; and files that have changed recently.
5. Why should you look at the header of an e-mail?
Answer: The e-mail header shows the path the message took from the very first communication point until it reached the recipient.
6. What is steganography?
Answer: Steganography literally means “covered writing.” It’s a type of cryptology that makes the presence of secret data undetectable.
7. What method can you use to determine if the extension of a file has been changed to avoid suspicion?
Answer: A technique that you can use to determine if the extension of a file has been changed is signature analysis. Signature analysis is a technique that uses a filter to analyze both the header and the contents of the datagram, usually referred to as the package payload.
8. If you are investigating a case that involves the Internet and pictures, name three areas that could reveal the Internet habits of the suspect?
Answer: Temporary Internet Files folder, History folder, Cookies folder, and Local Shared Objects (LSOs) or Adobe Flash cookies.
9. What is a multiboot system?
Answer: It is a system that can boot to more than one operating system. In essence, one operating system is hidden from the other.
10. Name three types of trace evidence.
Answer: Three main types of trace evidence include slack space (unallocated file space on a hard disk between where a file ends and the disk storage cluster ends), swap file (space on the hard disk used as virtual memory extension of a computer’s actual memory), and metadata (data component that describes other data).