Digital forensics chapters 1 and 4 review questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

If a suspect computer is running windows 7, which of the following can you perform safely? A. Browsing open applications B. Disconnecting power C. Either of the above D. None of the above

A. Browsing open applications

if a suspect computer is found in an area that might have toxic chemicals, you must do which of the following? A. Coordinate with the HAZMAT team B. Determine a way to obtain the suspect's computer C. Assume the suspect computer is contaminated D. Do not enter alone

A. Coordinate with the hazmat team C. Assume the suspect computer is contaminated

As a corporate investigator, you can become an agent of law enforcement when which of the following happens A. You begin to take orders from a police detective without a warrant or subpoena. B.your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement. C. Your internal investigation begins D. None of the above

A. You begin to take orders from a police detective without a warrant or subpoena

Why should evidence media be write-protected?

Because it maintains the quality and integrity of the evidence you're trying to preserve.

Describe what should be videotaped or sketched at a digital crime scene

Computers, cable connections, overview of scene—anything that might be of interest to the investigation

5. Policies can address rules for which of the following? A. when you can log on to a company network from home. B. the internet sites you can or can't access C. The amount of personal email you can send. D. Any of the above

D. Any of the above

Small companies rarely need investigators. True or False?

False

List three items that should be in your case report.

1. What you did 2. What you found 3. Answer: Who, What, When, Where, How 4. Know your target reader and write for them 5. Provide an explanation for processes and how systems and their components work

Which of the following techniques might be used in covert surveillance A. Keylogging B. Data Sniffing C. Network Logs

A. Keylogging B. Data Sniffing

The triad of computing security includes which of the following? a. Detection, response, and monitoring b. Vulnerability assessment, detection, and monitoring c. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation d. Vulnerability assessment, intrusion response, and monitoring

C.Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

the plain view doctrine in computer searches is well-established law. T or F?

F

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True or false?

False

You should always answer questions from onlookers at a crime scene. True or false?

False

You should always prove the allegations made by the person who hired you. True or False?

False

Why should you do a standard risk assessment to prepare for an investigation

Identifying the risks can help mitigate or minimize any foreseeable issues with the investigation.

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Initial-response field kit

what are the three rules for a forensic hash?

It can't be predicted, no two files can have the same hash value, and if the file changes, the hash value changes.

List three items that should be on an evidence custody form

Name of person taking custody Description of evidence Time evidence was checked out

what is professional conduct, and why is it important

Professional conduct is the ethics, morals, and standards by which you conduct yourself and your business. It is important because it determines your credibility.

List two hashing algorithms commonly used for forensic purposes

SHA-1 MD5

Commingling evidence means what in a corporate setting?

Sensitive corporate information being mixed with data collected as evidence.

List three items that should be in an initial-response field kit.

Small computer toolkit, large-capacity drive, IDE ribbon cables

What's the purpose of maintaining a network of digital forensics specialists?

To supplement your knowledge and be able to get referrals and information when needed

whats the purpose of an affidavit

To support facts about or evidence of a crime, in order to secure a warrant for seizure

For digital evidence, an evidence bag is typically made of antistatic material. True or False?

True

If a company doesn't distribute a computing use policy stating an employer's rights to inspect employee's computers freely, including e-mail and web use, employees have an expectation of privacy. True or False?

True

List two types of digital investigations typically conducted in a business environment

1. Employee termination cases 2. Internet abuse investigations 3. E-mail abuse investigations 4. Attorney-Client privilege investigations 5. Industrial espionage investigations

what are the necessary components of a search warrant?

1. It must be filled in good faith by a law enforcement officer 2. It must be based on reliable information showing probable cause to search 3. It must be issued by a neutral and detached magistrate 4. It must state specifically the place to be searched and the items to be seized

List two items that should appear on a warning banner

1. That the connection is restricted to authorized users 2. That the organization has a right to inspect and monitor computer and network usage

Police in the united states must use procedures that adhere to which of the following? A. Third Amendment B. Fourth Amendment C. First Amendment D. None of the above

B. Fourth Amendment

What are some ways to determine the resources needed for an investigation

Bases on the OS of the computer you're investigating, list the software you plan to use for the investigation, noting other software, tools, or expert assistance you might need.

Why should you critique your case after it's finished?

Because self-evaluation and peer review are essential parts of professional growth. When a case is complete, review it to identify successful decisions and actions and determine how you could have improved your performance.

What do you call a list of people who have had physical possession of the evidence?

Chain of custody

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product work. True or False?

False. Any information discovered before the memo is issued can be used in discovery by the opposition.

Computer peripherals or attachments can contain DNA evidence. T or F?

T

if you discover a criminal act, such as murder or child pornography, while investigating a corporate policy abuse, the case becomes a criminal investigation and should be referred to law enforcement. T or F?

T

in the united states, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a corporate investigator can conduct covert surveillance on an employee with little cause. T or F?

T

When you arrive at the scene, why should you extract only those items you need to acquire evidence

To minimize how much you have to keep track of at the scene.

corporate investigations are typically easier than law enforcement investigations for which of the following reasons? A. most companies keep inventory databases of all hardware and software used B. the investigator doesn't have to get a warrant C. the investigator has to get a warrant D. users can load whatever they want on their machines

b. the investigator doesnt have to get a warrant

Digital forensics and data recovery refer to the same activities. True or False?

false

In forensic hashes, a collision occurs when ____

two files have the same hash value.


Conjuntos de estudio relacionados

Money and Banking Exam 1 Practice Test

View Set

Chapter 16: Care of Patients Experiencing Urgent Alterations in Health

View Set

MTH 115 - Review for Test 3 - Szalankiewicz

View Set

Computing - Data representation (binary and hexadecimal)

View Set

Most Commonly Missed Multiplication Facts... if you almost have them all... practice here. :)

View Set

Evropa in slovenske dežele v 17. in 18. stoletju

View Set

Chapter 26 Upper Respiratory Problems

View Set