1B Unit 7 Critical Thinking Questions
docx
keyboard_arrow_up
School
University of North Carolina, Asheville *
*We aren’t endorsed by this school
Course
1
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
2
Uploaded by HighnessRatPerson356
Noah Campbell 1/4/24
Critical Thinking Questions
1.
Why is it so important to document the process by which evidence passes through investigative units and adhere to standard operating procedures and/or national standards? Is this equally important for those who are innocent as well as those who are guilty? How? Explain.
It is so important to document the process by which evidence passes through investigative units to avoid any conspiracies or issues that may arise in the future. Evidence collecting isn't meant to
pin anything on anybody, but it's good practice to make sure that no evidence is manipulated or sabotaged for the wrong reasons. For that reason, this is equally important for those who are innocent AND those who are guilty.
2.
What is the main difference between the CIRT model for dealing with incidents and the NIST/SANS model? Compare and contrast how these models deal with incidents. What do you think is the reason for this difference? Explain.
The main difference between the CIRT model for dealing with incidents and the NIST/SANS model is who they work with. CIRT specializes more into enterprise groups while SANS has a lot fewer people who are certified in their program. I think this is so to ensure the quality and training someone receives when getting a degree in these programs.
3.
What threshold, if any, do you think a criminal investigator must establish before they should be allowed to search through a person’s smartphone or computer for evidence of a crime? Similarly,
how far into the public sphere should law enforcement be allowed to search for evidence—and how should that be balanced against the privacy of other users not under investigation?
The threshold honestly depends on the crime. If it was murder or some premeditated crime, I would allow the criminal investigator to find whatever they can on the person's smartphone or computer. Law enforcement should be allowed to go as far as they need to into the public sphere WITHOUT breaking any privacy laws. If they need to search through something specifically, they should need a warrant before doing anything without permission.
4.
What are the various incident categories and correlating incident responses in digital forensics? Explain the general timeline for these incidents and incident responses. Evaluate how important developing an incident response plan is.
In digital forensics, incidents fall into three categories: low, minor, and critical. The overall plan for
handling these occurrences and their reactions is to make sure that things move fast and effectively. In order to mitigate the impact of a breach from both internal and external threats, it is
critical for an organization to define and test a clear incident response plan.
5.
Why should cybercrime investigators always work with problematic data on a non-infected system and use an approved forensic toolkit? How do these things relate to volatile memory? Describe a specific tool that can be helpful when dealing with volatile data and/or memory and explain why this tool is helpful.
Because using an approved forensic toolkit will enable them to see issues with the actual infected machine, cybercrime investigators always work with problematic material on a non-
infected system. These issues are related to volatile memory because they deal with computer memory, which uses electricity to store data. A particular tool that can be useful while handling volatile data is WinAudit, a shareware application that gathers and reports data on Windows computers locally. This is beneficial since it offers comprehensive analytics and statistics that can be used by a researcher.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help