Cybercrime Midterm
In Linux most system configuration files are stored in the ____ directory.
/etc
Ext4f can support disk partitions as large as ____ TB.
16
Image files can be reduced by as much as ____% of the original when using lossless compression.
50
Older Microsoft disk compression tools, such as DoubleSpace or ____, eliminate only slack disk space between files.
DriveSpace
Computer investigations and forensics fall into the same category: public investigations. True or False?
False
ISPs can investigate computer abuse committed by their customers.
False
If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available.
False
Private-sector organizations include small to medium businesses, large corporations, and non-government organizations (NGO's), which always get funding from the government or other agencies (T or F)
False
The law of search and seizure protects the rights of all people, excluding people suspected of crimes. True or False
False
When you work in the enterprise digital group, you test and verify the integrity of standalone workstations and network servers. True or False?
False
Windows OS does not have a kernel . True or False
False
macOS is built with the new Apple File System (APFS). The current version offers better security, encryption, and performance speeds, but users can't mount HFS+ drives. True or False
False
often work as part of a team to secure an organization's computers and networks.
Forensic Investigators
Published company policies provide a(n) ____ for a business to conduct internal investigations
Line of authority
Linux ISO images that can be burned to a CD or DVD are referred to as ____.
Linux live cds
If the computer has an encrypted drive, a ____ acquisition is done if the password or passphrase is available.
Live
Autopsy uses ____ to validate an image.
MD5
On older Mac OSs all information about the volume is stored in the ____.
Master Directory Block (MDB)
Most digital investigations in the private sector involve ______
Misuse of digital assets
The affidavit must be _____ under sworn oath to verify that the information in the affidavit is true
Notarized
With ____, Macintosh moved to the Intel processor and became UNIX based.
OS X
is the standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest.
Probable Cause
Acquisition of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized.
True
After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant. True or False
True
By the 1970s, electronic crimes were increasing, especially in the financial sector True or False?
True
Ext3 is a journaling version of Ext2 that has a built-in file recovery mechanism used after a crash. True or False?
True
If a file contains information, it always occupies at least one allocation block. True or False
True
The definition of digital forensics has evolved over the years from simply involving securing and analyzing digital information stored on a computer for use as evidence in civil, criminal, or administrative cases.
True
The pipe (|) character redirects the output of the command preceding it. True or False?
True
The police blotter provides a record of clues to crimes that have been committed previously. True or False?
True
When seizing computer evidence in criminal investigations, follow the ____ standards for seizing digital data
U.S. DOJ
During an investigation involving a live computer, do not cut electrical power to the running system unless it's older ____ or MS-DOS system
Windows
Confidential business data included with the criminal evidence are referred to as ____ data.
commingled
involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
data recovery
The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.
dcfldd
The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions.
dd
The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.
digital investigations
It's the investigator's responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant.
exhibits
A(n) ____ should include all the tools you can afford to take to the field.
extensive-response field kit
With a(n) _____ you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible
initial-response field kit
Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility.
professional conduct
n macOS, when you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.
resource
Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer
silver platter
If your time is limited, consider using a logical acquisition or ____ acquisition data copy method.
sparse
A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
warning banner
Law enforcement investigators need a(n) ___ to remove computers from a crime scene and transport them to a lab
warrant
