CJ2670 Final Exam
Label the common computer hardware components on the figure 1 using the terms listed below. Write the number next to its corresponding term listed below.
TERMS: CPU Scanner Keyboard Card Reader/Writer Printer Digital Camera Mouse Modem/Router Monitor USB Flash Drive Web Cam Hard Disk Drive CD/DVD Drive Floppy Disk Drive Speakers Microphone
The smallest piece of data is called a: a) Chunk b) Bit c) Byte d) Micron
b) Bit
Which of the following is in the correct order from smallest to largest? a) Bits, bytes, terabytes, megabytes, gigabytes b) Bytes, kilobytes, megabytes, gigabytes, terabytes c) Bytes, bits, kilobits, terabits, megabits d) Kilobits, terabits, megabytes, terabytes, gigabytes
b) Bytes, kilobytes, megabytes, gigabytes, terabytes
The four (4) steps of the OSINT process include: a) Finding, Evaluating, Distillation, Disseminating b) Discovery, Discrimination, Distillation, Dissemination c) Locating, Discriminating, Sorting, Disseminating d) Discovery, Discriminating, Sorting, Disseminating
b) Discovery, Discrimination, Distillation, Dissemination
Crimes are divided into which of the following categories? a) Criminal and civil crimes b) Felonies and misdemeanors c) Crimes against persons and crimes against property d) Insider crimes and intrusion crimes
b) Felonies and misdemeanors
Evidence unlawfully obtain cannot be used against defendants in criminal court proceedings is the: a) Evil fruit doctrine b) Fruit of the poisonous tree doctrine c) Forbidding fruit doctrine d) Excluded from trial doctrine
b) Fruit of the poisonous tree doctrine
The __________ has dramatically increased access to sex offender to the population they seek to victimize. a) Internet Relay Chat (IRC) b) Internet c) Intranet d) Internet Service Providers (ISP's)
b) Internet
Search incident to a lawful arrest grants law enforcement authority to conduct a full search of ones person and area immediately under their control is the: a) Reach-grab-rule b) Lunge-reach-rule c) Arms-width-rule d) Grab-reach-rule
b) Lunge-reach-rule
Databases, message boards, media sources/outlets, photographs, tape/video recordings, satellite images, and government/private sector websites that are searchable for free or for a fee to anybody with an Internet connection are examples of: a) Closed source information b) Open source information c) Online intelligence d) Digital intelligence
b) Open source information
The 4th Amendment does not apply to: a) Agents acting under "color of law" b) Private citizens who might conduct searches on their own and report activity to police c) Private citizens working at the direction of police d) It applies to both public and private investigations
b) Private citizens who might conduct searches on their own and report activity to police
Once computer equipment has been properly seized, it will be examined by a computer forensics specialist. The specialist will use a(n) ____________________ to prevent writing any data to a suspect's hard drive. a) IDE Data cable b) Write Blocker c) Data Transfer Inhibitor d) SATA Hub cable
b) Write Blocker
The use of false email return addresses, stolen web page graphics, misleading or disguised hyperlinks to truck users into revealing personally identifiable information is known as: a. Fishing b. Phishing c. Social engineering d. Scamming
b. Phishing
Hard drives are organized or divided into the following units except: a) Sectors b) Quadrants c) Tracks d) Clusters
b. Quadrants
Voir dire is defined as which of the following? a) An examination of legal counsel involved in a case to determine their competence or suitability b) An examination of prospective judges under oath to determine their competence or suitability c) A preliminary examination of prospective witnesses under oath to determine their competence or suitability d) A preliminary examination of the exhibits to be used in a case to determine relevance
c) A preliminary examination of prospective witnesses under oath to determine their competence or suitability
If you encounter files that have been password protected, what should be your first option? a) Try a number of standard passwords to try to find a match. b) Reconfigure the BIOS to allow access to the file. c) Ask the user to give you the password. d) Consult a hacker site for help with the password.
c) Ask the user to give you the password.
Search techniques, such as the plus (+) or minus (-) symbol, are used to help limit Internet search (return) results, are known as: a) Limiters b) George Boole logic c) Boolean search techniques d) Dogpile results
c) Boolean search techniques
_______________ is defined as information compiled, analyzed, and/or disseminated in an effort to anticipate, prevent, or monitor criminal activity. a) Information b) Intelligence c) Criminal intelligence d) Propaganda
c) Criminal intelligence
A subpoena or a search warrant both have the same minimum requirements. They must be based on: a) Demonstrable reasonable suspicion b) Demonstrable preponderance of evidence c) Demonstrable probable cause d) Demonstrable burden of evidence
c) Demonstrable probable cause
DOS stands for: a) Drawing Oriented Software b) Digital Operational Source-code c) Disk Operating System d) Digital Organizational Systems
c) Disk Operating System
_____________________ is the process of encoding regular data into a seemingly random and unintelligible, scrambled form. a) Decryption b) Deciphering c) Encryption d) Enciphering
c) Encryption
Why is tagging books and magazines at a crime scene considered important? a) You might wish to subscribe to a few yourself. b) It isn't important. c) It allows the investigator to get to know how the person thinks. d) You might find evidence hidden in the articles.
c) It allows the investigator to get to know how the person thinks.
One way to greatly limit Internet search (return) results is to use: a) Plus (+) symbol b) Minus (-) symbol c) Quotes d) Using the (Or) command
c) Quotes
Rank the three classifications of pedophiles from least severe to most severe. a) Child Pornography Collector, Active Pedophile, Secretive Pedophile b) Active Pedophile, Child Pornography Collector, Secretive Pedophile c) Secretive Pedophile, Child Pornography Collector, Active Pedophile d) Secretive Pedophile, Active Pedophile, Child Pornography Collector
c) Secretive Pedophile, Child Pornography Collector, Active Pedophile
Once an investigator has isolated the IP addresses and timestamps in the full header of an email, the next step is to verify who is responsible for that IP address. This is done using a _________________ query. a) IPTrace b) IP Lookup c) WHOIS d) WYSIWG e) PEBCAK
c) WHOIS
Hotmail and YahooMail are examples of: a) Instant messaging service providers b) Internet hosting service providers c) Web based email providers d) Internet relay chat service providers
c) Web based email providers
A primary function of a SIM card is to ______________. a) control a cell phone's memory b) track the power usage of the phone c) identify the subscriber to the phone network d) display user information during a call
c) identify the subscriber to the phone network
An IP address is broken down into 4 sections called _________________. a) quartets b) quarters c) octets d) segments
c) octets
Criminal statutes define crimes in terms of required acts and a required state of mind, typically referred to as the person's _________. a. motivation b. psychological makeup c. intent d. needs at the time
c. intent
What US Constitutional amendment governs a law enforcement officer seizing hardware or computers? a) Fourth Amendment b) Sixth Amendment c) Eighth Amendment d) Tenth Amendment
a) Fourth Amendment
The system Basic Input Output System can tell you which of the following? a) Hard drive geometry settings b) What web sites the user has visited recently c) The computer's operating system d) What applications are installed on the computer
a) Hard drive geometry settings
_____________ is defined as pieces of raw, unanalyzed data that identifies persons, evidence, events, or illustrates processes that indicate the incidence of a criminal act or witnesses or evidence of a criminal event. a) Information b) Intelligence c) Propaganda d) Criminal intelligence
a) Information
Which of the following is not an example of Forensic Software? a) Norton Disk Utilities b) AccessData c) Encase d) Ilook
a) Norton Disk Utilities
Investigators should make note of one thing before beginning to document the physical configuration and setup of the computer and its peripheral devices. Which of the following best describes that preliminary consideration? a) Noting whether or not the computer is on a network or connected to the Internet b) If the computer is protected by an uninterruptible power supply c) The total data capacity of the computer's drives d) The total number of separate computer hardware components
a) Noting whether or not the computer is on a network or connected to the Internet
The level of proof necessary in order to prove somebody guilty in a criminal court of law is: a) Proof Beyond a Reasonable Doubt b) Probable cause c) Clear and convincing evidence d) Mere preponderance of evidence
a) Proof Beyond a Reasonable Doubt
Which of the following is not a guideline for how to respond to counsel? a) Refuse to answer any questions to which you do not know the answer b) Do not allow anyone to rush you c) Direct your replies to the judge and jury d) Do not try to educate the questioner on the topic
a) Refuse to answer any questions to which you do not know the answer
The art of hiding messages within messages is known as: a) Steganography b) Photo phreaking c) Encryption d) Cryptography
a) Steganography
True or False: Even low level computer users such as street gang members are turning toward committing high tech crimes. a) True b) False
a) True
True or False: Hard drives can still contain usable digital evidence after being in a house fire. a) True b) False
a) True
True or False: Hashing using the MD5 Hash or SHA Hash has a standard of certainty even higher than that of DNA evidence. a) True b) False
a) True
True or False: If a file has been deleted and partially overwritten, it is still possible to recover the file fragment that has not been overwritten. a) True b) False
a) True
True or False: Pedophiles have also traditionally tended to look for vocations that allow them the advantages of working with children and having a position of trust and responsibility. a) True b) False
a) True
True or False: Pedophilia is a documented psychological disorder and has been around since the time of the ancient Greeks and Egyptians. a) True b) False
a) True
True or False: When a file is deleted nothing immediately happens to that file's data. a) True b) False
a) True
USB drives appear to most operating systems as ____________. a) a regular drive b) an encrypted drive c) a virtual private drive d) a folder containing files
a) a regular drive
According to Highlights of the Youth Internet Safety Survey conducted by the U.S. Department of Justice in June of 2000, one in ____________ children receives unwanted sexual solicitations online. a) five b) ten c) twenty d) fifty
a) five
IP Routing and timestamps are present in the: a) full headers b) internet headers c) main transfer headers d) brief headers
a) full headers
Evidence may be suppressed if ______________. a) the officer exceeds the limited right or scope b) the police have a warrant c) the officer takes what is on the warrant d) an officer asks for the encryption password
a) the officer exceeds the limited right or scope
A written chronological and detailed recreation of events or facts that tend to establish probable cause for a search warrant is an: a) Affidavit b) Subpoena c) Writ d) Probable cause statement
a) Affidavit
Once an exact copy of a suspects hard drive has been made, the forensic specialist must verify that it is an exact copy. What is used to verify a hard drive clone is exact? a. MD5 Hash Algorithm b. MD4 Hash Algorithm c. DS12 Hash Algorithm d. FAT 16 Hash Algorithm
a. MD5 Hash Algorithm
In Georgia v. Randolph (2006) when police wish to obtain consent to search property jointly controlled and both persons are present: a) Both must consent b) If one consents and the other objects, police can still search c) If one consents and the other objects, police cannot search d) Both "a" and "b" are correct e) None of the above
a) Both must consent
When hackers attack or flood a server with phony authentication methods, preventing people from accessing it and ultimately shutting it down, it is a: a) Denial of Service (DoS) attack b) Virus c) Worm d) Trojan Horse
a) Denial of Service (DoS) attack
The current best approach to powering down a suspect PC is to __________. a) simply power it down using the operating system b) keep it running on a UPS c) Use a bootable CD to power down the PC d) pull the power plug
d) pull the power plug
An IP address can contain numbers between ________ and _________. a) 1, 256 b) 1, 128 c) 0, 32 d) 0, 255
d) 0, 255
The 4th Amendment extends certain protections against unreasonable searches and seizures to: a) All U.S. citizens b) Foreign students attending U.S. schools c) Illegal immigrants d) All of the above
d) All of the above
Which of the following best defines computer forensics? a) Use of specialized techniques, processes, software, and hardware for the recovery, discovery, analysis, verification, and reporting of electronic data b) Copying computer data in such a fashion that the original device is not altered in the copying process c) The verifiable cloning, preservation, and analysis of a suspect's hard drive or other media d) All of the above are integral parts of Computer Forensics
d) All of the above are integral parts of Computer Forensics
In order for a plain view observation and seizure to be valid the police must be: a) Legally present b) The item seized must be "readily apparent" contraband c) Proper evidence protocols must be followed d) Both "a" and "b" are correct e) None of the above
d) Both "a" and "b" are correct
Highly secured and controlled data, such as the National Crime Information Center (NCIC), is classified as: a) Online intelligence b) Digital intelligence c) Open source information d) Closed source information
d) Closed source information
This process of breaking down a victim's barriers or objections is called: a) Barrier Reduction b) Inhibition Removal c) Child Enticement d) Grooming
d) Grooming
Noting the time and date for an IP address associated with a criminal act is vital to prosecuting the crime because: a) An IP address can only exist in one place at a time b) An IP address will be tracked in a computer's Internet history c) IP addresses will be deleted from a computer's Internet history d) IP addresses are rented or can be dynamically assigned to many e) different people throughout a given day
d) IP addresses are rented or can be dynamically assigned to many
Which of the following is not a common defense strategy in high tech crime cases? a) Attacking the credibility of the investigator b) Attacking data or files, stating that they were manipulated or modified by the investigator c) Attacking the chain of custody d) Presenting suspect testimony
d) Presenting suspect testimony
Data formatted in such a way that it is native only to a certain device or program is often called: a) Residual data b) Common format data c) Customized data d) Proprietary data
d) Proprietary data
Which of the following are the two correct types of IP address discussed? a) Transfer IP and Stationary IP b) Motive IP and Permanent IP c) Static IP and Redundant IP d) Static IP and Dynamic IP
d) Static IP and Dynamic IP
As a computer forensic investigator starting a case, when should the process of documenting e-evidence begin? a) Upon receipt of the evidence b) While gathering evidence c) While forensically investigating the evidence d) Upon first receiving the call concerning the case
d) Upon first receiving the call concerning the case
When determining if a person has the authority to grant consent to search a computer, the courts have cited the following factors, except: a) Whether or not the passwords are known b) Whether or not the consenting person had typical access to the computer c) Whether or not other software programs were on the computer d) Whether or not the computer was on
d) Whether or not the computer was on
Most users generally only see lines such as To:, From:, Re:, and the date. This information is commonly referred to as: a) full headers b) internet headers c) main transfer headers d) brief headers
d) brief headers
Which of the following does NOT endanger digital evidence? a) Temperature extremes b) Magnetic fields c) Static electricity d) Moisture e) All are potentially harmful to digital evidence
e) All are potentially harmful to digital evidence
The exigent circumstances exception applies to digital evidence because: a) Digital media can be altered or damaged by extreme temperatures b) Digital media can be altered or damaged by strong magnetic fields c) Basic computer commands can destroy data d) Digital evidence can be fragile e) All of the above
e) All of the above
When evaluating information obtained on the Internet it's important to consider: a) Who published it b) What was published c) When it was published d) Where it was published e) All of the above
e) All of the above
When obtaining consent to search a premises law enforcement must be concerned about: a) Consent being knowingly and voluntary b) The scope of consent c) The authority to grant consent d) The right to revoke consent e) All of the above
e) All of the above
When surfing anonymously from a government (law enforcement) computer it's recommend: a) Use a dedicated Internet connection not associated with the agency b) Turn off cookies c) Clean out history folders d) Routinely remove cache files e) All of the above
e) All of the above
Several factors have combined to create an explosion in the number of child predation cases online. Which of the below is not one of those factors? a) The wider net that can be cast with online communications b) The feeling of anonymity on the part of the pedophile c) The ability to transfer photos and videos almost instantly d) The emboldened pedophile playing whatever role or persona they design e) All of the above are correct factors.
e) All of the above are correct factors.
Which of the following is NOT a step in the online child enticement process? a) Filtering out potential victims for preferred age and gender b) Online communications and possible exchange of pictures c) Grooming of the victim by sending photos or videos of pornography or child pornography d) Setting up a real world meeting with the intended victim e) All of the above are correct steps.
e) All of the above are correct steps.
All of the following are elements necessary to provide a child pornography violation, except: a) Knowingly possesses an undeveloped film, photographic negative, motion picture, video tape, computer image, or other recording; b) Of a child (a person under 18 years old); c) Or person he/she should have reasonably known was a person under 18 years old; d) Engaged in sexually explicit conduct or a sexually explicit sex act e) All of the above are true
e) All of the above are true
Which of the following is not one of the steps used to document the computer's physical configuration and connection to peripheral devices? a) Photographing ports and the cables plugged into them b) Labeling ports and their corresponding cables c) Photographing the overall computer scene and desk area d) Collecting device installation CDs and users manuals e) All of the above steps should be taken to help document the system's setup.
e) All of the above steps should be taken to help document the system's setup.
Which of the following would NOT contain possible digital evidence? a) Ipod b) Cellular phone c) CD d) Personal computer e) All of these items could contain digital evidence.
e) All of these items could contain digital evidence.
Pedophilia can be diagnosed if three criteria are met according to the Diagnostic and Statistic Manual of Mental Disorders, 4th Edition. Which of the following is not one of the criteria? a) Half year of sexual fantasizing, or sexual activities with a preadolescent child b) Fantasizing, or activities have caused problems in the subject's public life, their c) job, or some other important area of their life.. d) The pedophile must be 16 years old or older and the victim (or fantasized victim) has to be a minimum of five years younger e) The pedophile has been arrested for a crime related to sexual activities with a preadolescent child, or for possessing contraband material such as child pornography
e) The pedophile has been arrested for a crime related to sexual activities with a preadolescent child, or for possessing contraband material such as child pornography
