Computer Forensics Chapter 4 Review
17. Small companies rarely need investigators.
False
12. If a suspect computer is running Windows 7, which of the following can you perform safely?
a. Browsing open applications
6. If a suspect computer is found in an area that might have toxic chemicals, you must do which of the following? (Choose all that apply.)
a. Coordinate with the HAZMAT team. c. Assume the suspect computer is contaminated.
14. Which of the following techniques might be used in covert surveillance? (Choose all that apply.)
a. Keylogging b. Data sniffing
4. As a corporate investigator, you can become an agent of law enforcement when which of the following happens? (Choose all that apply.)
a. You begin to take orders from a police detective without a warrant or subpoena. b. Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement. c. Your internal investigation begins. d. None of the above.
9. List three items that should be in an initial-response field kit.
Computer, flashlight, digital camera
19. You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?
Initial response
7. What are the three rules for a forensic hash?
• You can't predict the hash value of a file or device. • No two hash values can be the same. (Note that collisions have occurred in research using supercomputers.) • If anything changes in the file or device, the hash value must change.
13. Describe what should be videotaped or sketched at a digital crime scene.
Everything from the walls, ceiling, desks, chairs, doors, computers, anything on the desks, back of computers, ect.
20. You should always answer questions from onlookers at a crime scene.
False
5. The plain view doctrine in computer searches is well-established law.
False
15. Commingling evidence means what in a corporate setting?
It means potential criminal or contraband data and has been mingled with sensitive design business plans.
16. List two hashing algorithms commonly used for forensic purposes.
Message Digest 5 (MD5) and Secure Hash Algorithm (SHA-1) tools use complex algorithms.
11. Computer peripherals or attachments can contain DNA evidence.
True
18. If a company doesn't distribute a computing use policy stating an employer's right to inspect employees' computers freely, including e-mail and Web use, employees have an expectation of privacy.
True
2. In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a corporate investigator can conduct covert surveillance on an employee with little cause.
True
3. If you discover a criminal act, such as murder or child pornography, while investigating a corporate policy abuse, the case becomes a criminal investigation and should be referred to law enforcement.
True
1. Corporate investigations are typically easier than law enforcement investigations for which of the following reasons?
a. Most companies keep inventory databases of all hardware and software used.
8. In forensic hashes, a collision occurs when _______________________.
2 different files have the same hash
