Computer Forensics - Mod 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following techniques might be used in covert surveillance (Choose All That Apply)?

Keylogging Data sniffing

List two hashing algorithms commonly used for forensic purposes.

MD5 and SHA-1

Private-sector investigations are typically easier than law enforcement investigations for which of the following reasons?

Most companies keep inventory databases of all hardware and software used.

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

To minimize how much you have to keep track of at the scene

Commingling evidence means that sensitive or confidential information being mixed with data collected as evidence.

True

Computer peripherals or attachments can contain DNA evidence.

True

If a company doesn't distribute a computing use policy stating an employer's right to inspect employees' computers freely, including e-mail and Web use, employees have an expectation of privacy.

True

If you discover a criminal act while investigating a company policy abuse, the case becomes a criminal investigation and should be referred to law enforcement.

True

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens?

You begin to take orders from a police detective without a warrant or subpoena.

The plain view doctrine in computer searches is well-established law.

False

You should always answer questions from onlookers at a crime scene.

False

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Initial-response kit

What are the three rules for a forensic hash?

It can't be predicted, no two files can have the same hash value, and if the file changes, the hash value changes

In forensic hashes, a collision occur when two different files have the same hash value.

True

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause.

True

You should videotape or sketch anything at a digital crime scene that might be of interest to the investigation.

True

If a suspect's computer is found in an area that might have toxic chemicals, you must do which of the following?

Coordinate with the HAZMAT team.

An initial-response field kit does not contain evidence bags.

False

Small companies rarely need investigators.

False


Conjuntos de estudio relacionados

Ch 11 - Technology, Production, & Costs

View Set

High Modernism in Asia and National Capitals

View Set

Chapter 6 - Cell Communication & Cell Cycle

View Set

Lowdermilk 11th Ed. Chapter 31: Mental Health Disorders and Substance Abuse

View Set

unknown chapter - most likely chapter 17

View Set