Computer forensics - quiz 4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What type of media has a 30-year lifespan? a. DVD-rs b. DLT magnetic tape c. hard drive d. usb thumb drive

b

The fourth amendment state that only warrants "particularly describing the place to be searched and the persons or things to be seized" can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for anything. t/f

false

What does FRE stand for? a. federal rules of evidence b. federal regulations for evidence c. federal rights for everyone d. federal rules for equipment

a

??? are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers. a. hospitals b. ISPs c. law firms d. news networks

b

??? would not be found in an initial-response field kit. a. computer evidence bags (antistatic bags) b. leather gloves and disposable gloves c. a digital camera with extra batteries or 35mm camera with film and flash d. external usb devices or a portable hard drive

b

the term ??? describes rooms filled with extremely large disk systems that are typically used by large business data centers. a. storage room b. server farm c. data well d. storage hub

b

If practical, ??? team(s) should collect and catalog digital evidence at a crime scene or lab a. two b. five c. one d. three

c

Which system below can be used to quickly and accurately match fingerprints in a database? a. fingerprint identification database (FID) b. systemic fingerprint database (SFD) c. automated fingerprint identification system (AFIS) d. dynamic fingerprint matching system (DFMS)

c

??? does not recover data in free or slack space a. raw format acquisition b. live acquisition c. static acquisition d. sparse acquisition

d

??? is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing a. second-party evidence b. rumor c. fiction d. hearsay

d

A ??? is not a private sector organization a. small to medium business b. large corporation c. on-government organization d. hospital

d

As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state? a. the power cable should be pulled b. the system should be shut down gracefully c. the power should be left on d. the decision should be left to the digital evidence first responder (DEFR)

d

Computer-stored records are data the system maintains, such as system log files and proxy server logs. t/f

false

An emergency situation under the PATRIOT Act is defined as the immediate risk of death or personal injury, such as finding a bomb threat in an e-mail. t/f

true

State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies. t/f

true

In cases that involve dangerous setting, what kind of team should be used to recover evidence from the scene? a. B-Team b. HAZMAT c. CDC First Responders d. SWAT

b

The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient ??? a. probable cause b. due diligence c. accusations d. reliability

a

When seizing digital evidence in criminal investigations, whose standards should be followed? a. U.S. DOJ b. ISO/IEC c. IEEE d. ITU

a

You must abide by the ??? while collecting evidence a. fourth amendment b. federal rules of evidence c. state's rules of evidence d. fifth amendment

a

What should you do while copying data on a suspect's computer that is still live? a. open files to view contents b. make notes regarding everything you do c. conduct a google search of unknown extensions using the computer d. check facebook for additional suspects

b

Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records? a. united states v wong b. united states v carey c. united states v salgado d. united states v walser

c

Which of the following is not done when preparing for a case? a. describe the nature of the case b. identify the type of OS c. set up covert surveillance d. determine whether you can seize the computer or digital device

c

The term ??? is used to describe someone who might be a suspect of someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest a. criminal b. potential data source c. person of interest d. witness

c

??? is a common cause for lost or corrupted evidence a. public access b. not having enough people on the processing team c. having an undefined security perimeter d. professional curiosity

d

To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct convert surveillance with little or no cause, and access company computer systems and digital devices without a warrant. t/f

true


Kaugnay na mga set ng pag-aaral

Math Chapter 6 "Relations and functions"

View Set

exploring the entrepreneurial perspective

View Set

ATI fundamentals practice quiz questions pt. 1

View Set

Chapter 2: Collecting Subjective Data: The Interview and Health History

View Set

9th Grade MIDTERM Exam Review Guides

View Set

Conducting Psychology Research in the Real World

View Set