Computer Crime Study Guide 2

¡Supera tus tareas y exámenes ahora con Quizwiz!

You cannot use both multi-evidence and single-evidence forms in your investigation.

False

is the more well-known and lucrative side of the computer forensics business

Data recovery

extracts all related e-mail address information for Web-based e-mail investigations

FTK's Internet Keyword Search

A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.

False

also known as a computer forensics workstation

Forensic workstation

can be used for new files that are saved or files that expand as data is added to them

Free space

process of trying to get a suspect to confess to a specific incident or crime

Interrogation

the least intrusive (in terms of changing data) Microsoft operating system

MS-DOS 6.22

a type of evidence custody form

Multi-evidence form

an older computer forensics tool

Norton DiskEdit

an essential part of professional growth

Self-evaluation

Chain of custody is also known as chain of evidence.

True

Employees surfing the Internet can cost companies millions of dollars.

True

Many attorneys like to have printouts of the data you have recovered, but printouts can present problems when you have log files with several thousand pages of data.

True

Forensics tools such as ____ can retrieve deleted files for use as evidence. a. ProDiscover Basic b. ProDelete c. FDisk d. GainFile

a. ProDiscover Basic

To begin conducting an investigation, you start by ____ the evidence using a variety of methods. a. copying c. opening b. analyzing d. reading

a. copying

After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and ____. a. critique the case c. present the case b. repeat the case d. read the final report

a. critique the case

A(n) ____ helps you document what has and has not been done with both the original evidence and forensic copies of the evidence. a. evidence custody form c. initial investigation form b. risk assessment form d. evidence handling form

a. evidence custody form

When analyzing digital evidence, your job is to ____. a. recover the data c. copy the data b. destroy the data d. load the data

a. recover the data

The list of problems you normally expect in the type of case you are handling is known as the ____. a. standard risk assessment c. standard problems form b. chain of evidence d. problems checklist form

a. standard risk assessment

____ prevents damage to the evidence as you transport it to your secure evidence locker, evidence room, or computer lab. a. An antistatic wrist band c. An antistatic pad b. Padding d. Tape

b. Padding

The ____ is the route the evidence takes from the time you find it until the case is closed or goes to court. a. acquisition plan c. evidence path b. chain of custody d. evidence custody

b. chain of custody

A bit-stream image is also known as a(n) ____. a. backup copy c. custody copy b. forensic copy d. evidence copy

b. forensic copy

To conduct your investigation and analysis, you must have a specially configured personal computer (PC) known as a ____. a. mobile workstation c. forensic lab b. forensic workstation d. recovery workstation

b. forensic workstation

When you write your final report, state what you did and what you ____. a. did not do c. wanted to do b. found d. could not do

b. found

____ can be the most time-consuming task, even when you know exactly what to look for in the evidence. a. Evidence recovery c. Data analysis b. Data recovery d. Evidence recording

c. Data analysis

____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats. a. VPN c. E-mail b. Internet d. Phone

c. E-mail

You can use ____ to boot to Windows without writing any data to the evidence disk. a. a SCSI boot up disk c. a write-blocker b. a Windows boot up disk d. Windows XP

c. a write-blocker

To create an exact image of an evidence disk, copying the ____ to a target work disk that's identical to the evidence disk is preferable. a. removable copy c. bit-stream image b. backup copy d. backup image

c. bit-stream image

The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis. a. risk assessment c. chain of custody b. nature of the case d. location of the evidence

c. chain of custody

When preparing a case, you can apply ____ to problem solving. a. standard programming rules c. standard systems analysis steps b. standard police investigation d. bottom-up analysis

c. standard systems analysis steps

____ from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems. a. Guidance EnCase c. DataArrest SnapCopy b. NTI SafeBack d. ProDiscover Basic

d. ProDiscover Basic

A ____ is a bit-by-bit copy of the original storage medium. a. preventive copy c. backup copy b. recovery copy d. bit-stream copy

d. bit-stream copy

Use ____ to secure and catalog the evidence contained in large computer components. a. Hefty bags c. paper bags b. regular bags d. evidence bags

d. evidence bags

In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as ____. a. checked values c. evidence backup b. verification d. repeatable findings

d. repeatable findings


Conjuntos de estudio relacionados

ch. 3 homework - cycles of the sun and moon

View Set

Chapter 15 Sensory Pathways and the Somatic Nervous System

View Set

Anthem Part D Plans 2022 PARTD22

View Set

Chapter 8Fedeal tax considerations for life insurance and annuties

View Set

U.S Government - Unit One: The History of Civics and Government

View Set