Computer Forensics Quiz 1: Chapter 1
warning banner
A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
False
A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.
multi-evidence form
A type of evidence custody form.
Norton DiskEdit
An older computer forensics tool.
allegation
Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed.
True
Chain of custody is also known as chain of evidence.
False
Computer investigations and forensics fall into the same category: public investigations.
silver-platter
Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer.
ProDiscover Basic
Forensics tools such as ____ can retrieve deleted files for use as evidence.
industrial espionage
Involves selling sensitive or confidential company information to a competitor.
data recovery
Is the more well-known and lucrative side of the computer forensics business.
affidavit
Sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence.
chain of custody
The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis.
False
The law of search and seizure protects the rights of all people, excluding people suspected of crimes.
True
To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
right of privacy
Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses.
ProDiscover Basic
____ from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems.
____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats.
disaster recovery
____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.
data recovery
____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.