Computer Forensics Test 1 (Chapters 1) Review Guide

¡Supera tus tareas y exámenes ahora con Quizwiz!

List two items that should appear on a warning banner.

Access to this system and network is restricted and use of this system and network is for official business only.

What's the purpose of an affidavit?

Affidavit is often used to justify issuing a warrant or to deal with abuse in a corporation.

What is professional conduct, and why is it important?

Behavior expected of an employee in the workplace or other professional setting. It is important because it determines your credibility.

List three items that should be on an evidence custody form.

Case number, Investigating organization, Investigator

What do you call a list of people who have had physical possession of the evidence?

Chain of Custody

What are some ways to determine the resources needed for an investigation?

Determine the OS of the suspect computer & list the software to use for the examination.

List two types of digital investigations typically conducted in a business environment.

Email Abuse, and Internet Abuse

List three items that should be in your case report.

Explanation of basic computer and network processes, a narrative of what steps you took, and a description of findings.

Digital Forensics and data recovery refer to the same activities. True or False?

False

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True or False?

False

You should always prove the allegations made by the person who hired you. True or False?

False

Why should you critique your case after it's finished?

To determine what improvements you made during each case, what could have been done differently, and how to apply those lessons to future cases.

What's the purpose of maintaining a network of digital forensics specialists?

To have the option of calling on a specialist to help with a case you cannot solve

Why should evidence media be write-protected?

To make sure data can not be altered.

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True or False?

True

For digital evidence, an evidence bag is typically made of antistatic material. True or False?

True

Why should you do a standard risk assessment to prepare for an investigation?

You do a standard risk assessment to understand the risks that could halt to investigation.

What are the necessary components of a search warrant?

You need an affidavit of the evidence to conduct an investigation

Police in the United States must use procedures that adhere to which of the following? a. Third Amendment b. Fourth Amendment c. First Amendment d. None of the above

b. Fourth Amendment

The triad of computing security includes which of the following? a. Detection, response, and monitoring b. Vulnerability assessment, detection, and monitoring c. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation d. Vulnerability assessment, intrusion response, and monitoring

c. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

Policies can address rules for which of the following? a. When you can log on to a company network from home b. The Internet sites you can or can't access c. The amount of personal e-mail you can send d. Any of the above

d. Any of the above


Conjuntos de estudio relacionados

CH 22: Complications Occurring During Labor and Delivery

View Set

BUS 220: M13 - Organizational Structure & Change

View Set

Week 12: Social Psychology and the Law

View Set

Anesthesia and physiological monitoring 14

View Set

Principles of Accounting I For Baddies

View Set