Chapter 4: Review Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause. True or False?

True

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens? 1. You begin to take orders from a police detective without a warrant or subpoena. 2. Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement. 3. Your internal investigation begins. 4. None of the above.

1

If a suspect computer is running Windows 10, which of the following can you safely perform? 1. Browsing open applications 2. Disconnecting power 3. Either of the above 4. None of the above

1

Private-sector investigations are typically easier than law enforcement investigations for which of the following reasons? 1. Most companies keep inventory databases of all hardware and software used. 2. The investigator doesn't have to get a warrant. 3. The investigator has to get a warrant. 4. Users can load whatever they want on their machines.

1, 2

Describe what should be videotaped or sketched at a computer crime scene

Computers, cable connections, overview of the scene—anything that might be of interest to the investigation.

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

Doing so protects your equipment and minimizes how many items you have to keep track of at the scene.

Small companies rarely need investigators. True or False?

False

The plain view doctrine in computer searches is well-established law. True or False?

False

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Initial-response field kit

Which of the following techniques might be used in covert surveillance? 1. Keylogging 2. Data sniffing 3. Network logs 4. None of the above

1, 2, 3

If a suspect's computer is found in an area that might have toxic chemicals, you must do which of the following? 1. Coordinate with the HAZMAT team. 2. Determine a way to obtain the suspect's computer. 3. Assume the suspect's computer is contaminated. 4. Do not enter alone.

1, 3

List two hashing algorithms commonly used for forensic purposes.

SHA-1 (and its variants), MD5

Commingling evidence means what in a private-sector setting?

Sensitive business information is mixed with the data that is collected as evidence.

Computer peripherals or attachments can contain DNA evidence. True or False?

True

If a company doesn't distribute a computing use policy stating an employer's rights to inspect employee's computers freely, including e-mail and web use, employees have an expectation of privacy. True or False?

True

If you discover a criminal act while investigating a company police abuse, the case becomes a criminal investigation and should be referred to law enforcement. True or False?

True

In forensic hashes, when does a collision occur?

When the hash value is equivalent to another hash value generated from a different data set. These collisions are rare and have really only been detected on supercomputers.

You should always answer questions from onlookers at a crime scene. True or False?

False

What are the three rules for a forensic hash?

1. It can't be predicted. 2. No two files can have the same hash value 3. If the file changes, the hash value changes.

List three items that should be in an initial-response field kit.

1. Laptop 2. Camera 3. Flash light 4. Digital forensics kit Note - The list given here is not extensive. Ref Loc 5293 for a full list


Kaugnay na mga set ng pag-aaral

AEF1 - U6A - Complete the sentences with a subject pronouns (I, he, etc) or object pronoun (me, him, etc)

View Set

CHAPTER 40 Immune Problems and Infectious Diseases

View Set

STA 215 Section 3.1-3.6 (Part 1)Descriptive Statistics: The five number summary and percentiles

View Set

Chapter 9 Installing and Configuring Security Appliances

View Set