Chapter 1 Digital Forensic
T or F Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule.
False
T or F Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.
False
T or F You should always prove the allegations made by the person who hired you.
False
A warning banner should never state that the organization has the right to monitor what users do.
False
What's the purpose of an affidavit? To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth. To list problems that might happen when conducting an investigation. To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant. To determine the OS of the suspect computer and list the software needed for the examination.
To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
Police in the United States must use procedures that adhere to which of the following?
Fourth Amendment
T or F Embezzlement is a type of digital investigation typically conducted in a business environment.
True
T or F For digital evidence, an evidence bag is typically made of antistatic material.
True
T or F One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination.
True
The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation.
True
The triad of computing security includes which of the following?
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation
Policies can address rules for which of the following? When you can log on to a company network from home The amount of personal e-mail you can send The Internet sites you can or can't access Any of the above
Any of the above
Digital forensics and data recovery refer to the same activities.
False
What is one of the necessary components of a search warrant?
Signature of an impartial judicial officer
Why should you critique your case after it's finished?
To improve your work
List three items that should be on an evidence custody form.
Case number, name of the investigator and nature of the case
What do you call a list of people who have had physical possession of the evidence? Chain of custody Affidavit Evidence log Evidence record
Chain of custody
Why is professional conduct important?
It includes ethics, morals, and standards of behavior
Why should you do a standard risk assessment to prepare for an investigation?
To list problems that might happen when conducting an investigation
Why should evidence media be write-protected? To make image files smaller in size To make sure data isn't altered To comply with Industry standards To speed up the imaging process
To make sure data isn't altered
T or F You shouldn't include a narrative of what steps you took in your case report
False
