DIGITAL FORENSICS PRACTICE

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

ruled by the IEEE 1394B standard

Fire Wire

You should have at least one copy of your backups on site and a duplicate copy or a previous copy of your backups stored in a safe ____ facility.

Off Site

_______ would not be found in an initial-response field kit.

​Leather gloves and disposable latex gloves

A ____ is where you conduct your investigations, store evidence, and do most of your work.

Digital Forensics Lab

____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.

Disaster Recovery

The law of search and seizure protects the rights of all people, excluding people suspected of crimes.

False

A _______ is not ​a private sector organization.

Hospital

____ was created by police officers who wanted to formalize credentials in computing investigations.

IACIS

a type of evidence custody form

Multi Evidence Form

Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Windows File System.

NTFS

an older computer forensics tool

Norton DiskEdit

tool for directly restoring files

Norton Ghost

The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest.

Person of interest

Forensics tools such as ____ can retrieve deleted files for use as evidence.

ProDiscover Basic

A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks.

True

sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence

Affidavit

Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed

Allegation

In the ____, you justify acquiring newer and better resources to investigate computer forensics cases.

Business Case

The EMR from a computer monitor can be picked up as far away as ____ mile.

1/2

Computing components are designed to last 18 to ____ months in normal business operations.

36

The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis.

Chain of Custody

In addition to performing routine backups, record all the updates you make to your workstation by using a process called ____ when planning for disaster recovery.

Configuration Management

What type of media has a 30-year lifespan?​

DLT Magnetic Tape

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.

Data Recovery

is the more well-known and lucrative side of the computer forensics business

Data Recovery

addresses how to restore a workstation you reconfigured for a specific investigation

Disaster Recovery Plan

____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats.

Email

a high-end RAID server from Digital Intelligence

FREDC

A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.

False

Computer investigations and forensics fall into the same category: public investigations.

False

The Fourth Amendment states that only warrants "particularly describing the place to be searched and the persons ​or things to be seized" can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for ​anything.

False

What does FRE stand for?

Federal Rules of Evidence

involves selling sensitive or confidential company information to a competitor

Industrial Espionage

stands for Metropolitan Area Network

MAN

By using ____ to attract new customers or clients, you can justify future budgets for the lab's operation and staff.

Marketing

___ from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems.

ProDiscover Basic

The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.​

Probable Cause

Lab costs can be broken down into daily, ____, and annual expenses.

Quarterly

For labs using high-end ____ servers (such as Digital Intelligence F.R.E.D.C. or F.R.E.D.M.), you must consider methods for restoring large data sets.

RAID

Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses.

Right of Privacy

Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer.

Silver Platter

_______ does not recover data in free or slack space.

Sparse Acquisition

A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.

Steel

Defense contractors during the Cold War were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____.

TEMPEST

Chain of custody is also known as chain of evidence.

True

Computing systems in a forensics lab should be able to process typical cases in a timely manner.

True

State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies.​

True

To be a successful computer forensics investigator, you must be familiar with more than one computing platform.

True

To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.​

True

A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.

Warning Banner


Kaugnay na mga set ng pag-aaral

A Streetcar Named Desire Scene 1

View Set

Chapter 5 - Multiplying and Dividing Fractions

View Set

Chapter 6 Advanced Shielded Metal Arc Welding

View Set

MTA OS (PC) Lesson 4 Study Guide

View Set