Digital Forensics Chapter 1

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Susan is a hacker. After breaking into a computer system and running some hacking tools, she deleted several files she created to cover her tracks. What general term describes Susan's actions? A. Anti-forensics B. Data transformation C. Live system forensics D. Disk forensics

A. Anti-forensics

A suspect stores data where an investigator is unlikely to find it. What is this technique called? A. Data hiding B. Data destruction C. Data transformation D. File system alteration

A. Data hiding

The __________ was passed to improve the security and privacy of sensitive information in federal computer systems. The law requires the establishment of minimum acceptable security practices, creation of computer security plans, and training of system users or owners of facilities that house sensitive information. A. Federal Privacy Act of 1974 B. Computer Security Act of 1987 C. Telecommunications Act of 1996 D. USA Patriot Act

A. Federal Privacy Act of 1974

What is NOT true of random access memory (RAM)? A. It cannot be changed. B. It is volatile memory. C. It stores programs and data that are currently open. D. It retains items in memory for as long as the computer has power supplied to it.

A. It cannot be changed

What is the process of searching memory in real time, typically for working with compromised hosts or to identify system abuse? A. Live system forensics B. Internet forensics C. Network forensics D. Disk forensics

A. Live system forensics

__________ is data stored as written matter, on paper or in electronic files. A. Demonstrative evidence B. Real evidence C. Documentary evidence D. Testimonial Evidence

A. Real evidence

What term describes data about information, such as disk partition structures and file tables? A. Store data B. Volatile memory C. Potential storage D. Metadata

A. Store data

__________ is the concept that any scientific evidence presented in a trial has to have been reviewed and tested by the relevant scientific community. A. The Daubert Standard B. Demonstrative evidence C. Consistent scientific manner D. Documentary evidence

A. The Daubert Standard

The __________ is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered. A. chain of custody B. documentary evidence C. demonstrative evidence D. consistent scientific manner

A. chain of custody

The __________ protects journalists from being required to turn over to law enforcement any work product and documentary material, including sources, before it is disseminated to the public. A. Federal Privacy Act of 1974 B. Communications Assistance for Law Enforcement Act of 1994 C. Privacy Protection Act of 1980 D. Electronic Communications Privacy Act of 1986

B. Communications Assistance for Law Enforcement Act of 1994

One must be able to show the whereabouts and custody of evidence, how it was handled, stored and by whom, from the time the evidence is first seized by a law enforcement officer or civilian investigator until the moment it is shown in court. This is referred to as ________. A. consistent scientific manner B. chain of custody C. demonstrative evidence D. real evidence

B. chain of custody

Ed is an expert witness providing testimony in court. He uses a high-tech computer animation to explain a technical concept to the judge and jury. What type of evidence is Ed using? A. Real B. Documentary C. Demonstrative D. Testimonial

C. Demonstrative

__________ is information that has been processed and assembled to be relevant to an investigation, and that supports a specific finding or determination. A. Anti-forensics B. Expert testimony C. Digital evidence D. The Daubert Standard

C. Digital evidence

The __________ contains many provisions about record keeping and destruction of electronic records relating to the management and operation of publicly held companies. A. Computer Security Act of 1987 B. Sarbanes-Oxley Act of 2002 C. Privacy Protection Act of 1980 D. Federal Privacy Act of 1974

C. Privacy Protection Act of 1980

Generally, __________ is considered to be the use of analytical and investigative techniques to identify, collect, examine, and preserve evidence or information that is magnetically stored or encoded. A. anti-forensics B. digital evidence C. computer forensics D. testimonial evidence

C. computer forensics

The __________ command is used to send a test network packet, or echo packet, to a machine to determine if the machine is reachable and how long the packet takes to reach the machine. A. tracert B. ipconfig C. ping D. traceroute

C. ping

The number 22 for SSH (Secure Shell) and 80 for Hypertext Transfer Protocol (HTTP) are examples of ________. A. Logical port numbers B. IP addresses C. MAC addresses D. Physical ports

D. Physical ports

The __________ is a federal wiretap law for traditional wired telephony that was expanded to include wireless, voice over internet protocol (VoIP), and other forms of electronic communications. A. Communications Assistance for Law Enforcement Act of 1994 B. Federal Privacy Act of 1974 C. Wireless Communications and Public Safety Act of 1999 D. Telecommunications Act of 1996

D. Telecommunications Act of 1996

What term describes information that forensic specialists use to support or interpret real or documentary evidence ? For example, a specialist might demonstrate that the finger prints found on a keyboard are those of a specific individual. A. The Daubert Standard B. Documentary evidence C. Digital evidence D. Testimonial evidence

D. Testimonial evidence

The term ______ refers to testimony taken from a witness or party to a case before a trial. A. expert report B. documentary evidence C. real evidence D. deposition

D. deposition

Computer forensics is the exclusive domain of law enforcement?

False

Disk forensics refers to the process of examining malicious computer code?

False

If you change the extension of a file so it looks like some other type of file, you also change the file structure itself?

False

Internet forensics is the study of the source and content of email as evidence?

False

Malware forensics is also known as Internet forensics?

False

The process of acquiring and analyzing information stored on physical storage media, such as computer hard drives or smartphones is the definition of anti-forensics?

False

The underlying operating system of Mac OS X is based on Windows.

False

A sector is the basic unit of data storage on a hard disk, which is usually 64 KB?

False, its 512 bytes

The Electronic Communications Privacy Act of 1986 protects children 13 years of age and younger from the collection and use of their personal information by websites?

False, its the COPPA (Children's Online Privacy Protection Act ) 1998

The Federal Bureau of Investigation (FBI) is the premier federal agency tasked with combating cybercrime?

False, since 9/11 its been the secret service

A warrant is not needed when evidence is in plain sight?

True

Demonstrative evidence means information that helps explain other evidence. An example of demonstrative evidence is a chart that explains a technical concept to the judge and jury?

True

Investigators must authenticate documentary evidence?

True

One way to obscure information is to scramble it by encryption?

True

Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect's fingerprints on it?

True

The Windows Registry is essentially a repository of all settings, software, and parameters for Windows?

True

The objective in computer forensics is to recover, analyze, and present computer-based material in such a way that it can be used as evidence in a legal proceeding?

True

To avoid changing a computer system while examining it, make a forensic copy and work with that copy?

True

Volatile memory is computer memory that requires power to maintain the data it holds?

True


Kaugnay na mga set ng pag-aaral

HDF 315 Wortham Chapter 10 Communicating with Families: Assessment Systems

View Set

Tuesdays with Morrie Vocabulary List

View Set

Geri NCLEX Questions from Presentations

View Set

Mod 9 Week 32 Quiz Review (Bible)

View Set