Test 2
As an expert witness, what basic conditions must be met for you to be able to testify to an opinion or a conclusion?
- The opinion, inferences, or conclusions depend on special knowledge, skill, or training not within the ordinary experience of lay witnesses or jurors. - The witness must be shown to be qualified as a true expert in the field (which is why the curriculum vitae is important). - The witness must testify to a reasonable degree of certainty (probability) regarding his or her opinion, inference, or conclusion. - At minimum, expert witnesses must know the relevant data (facts) on which their opinion, inference, or conclusion is based, and they must be prepared to testify in response to a hypothetical question that sets forth the underlying evidence. Bonus points for the mention of Daubert and Frye.
What Unicode value is used to identify the latin alphabet?
0x00
How many words should be in the abstract of a report?
150 to 200 words
When cases go to trial, you as a forensics examiner can play one of ____ roles.
2
FRE ____ describes whether basis for the testimony is adequate.
702
Currently, expert witnesses testify in more than __ percent of trials.
80
The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients.
ABA
____ offers the most comprehensive regulations of any professional organization and devote an entire section to forensics activities.
APA's Ethics Code
For psychologists, the most broadly accepted set of guidelines governing their conduct as experts is the Answer (APA's) Ethical Principles of Psychologists and Code of Conduct.
American Psychological Association's
For forensics specialists, keeping the _______ updated and complete is crucial to supporting your role as an expert and showing that you're constantly enhancing your skills through training, teaching, and experience.
CV
The __________________________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Cloud Security Alliance
are standards that others apply to you or that you are compelled to adhere to by external forces, such as licensing bodies.
Codes of professional conduct or responsibility
The ________________ section of a report starts by referring to the report's purpose, states the main points, draws conclusions, and possibly renders an opinion.
Conclusion
_______________ is the process of opposing attorneys seeking information from each other.
Discovery
The rule that states that testimony is inadmissible unless it is "testimony deduced from a well-recognized scientific principle or discovery; the thing from which the deduction is made must be sufficiently established to have gained general acceptance in the particular field in which it belongs", was established in what court case?
Frye v. United States
Metadata in a prefetch file contains an application's _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created. Select one:
MAC
What rule of the Federal Rules of Civil Procedure requires that parties who anticipate calling an expert witness to testify must provide a copy of the expert's written report that includes all opinions, the basis for the opinions, and the information considered in coming to those opinions?
Rule 26
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?
Salesforce
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?
Seizure Order
A ??? is a contract between a CSP and a customer that describes what services are being provided and at what level.
Service Level Agreement
How can you write a report while maintaining objectivity?
Stick to the facts of the case and see where they take you. Don't form opinions on the case as they may prevent you from finding key evidence. You must communicate calm, detached observations in the report.
The ??? file contains cid (client ID), clientType, clientVersion, device, deviceID, and timeUtc values relevant to OneDrive.
SyncDiagnostics.log
Explain why digital forensics examiners should be most concerned with restrictions applied to customers and security measures.
The CSP components must state who is authorized to access data and what the limitations are in conducting acquisitions for an investigation. The CSP should also address any multi-jurisdictional concerns and define how conflicts between laws of different countries will be resolved.
Briefly describe judicial hearings.
They determine the admissibility of evidence and ensure that the chain of custody was maintained before the trial.
Specially trained system and network administrators are often a CSP's first responders.
True
Describe some of the traps for unwary experts.
What are some differences between the attorney's motives and the investigator's duty that might affect how the investigator acts, or is expected to act, as an expert witness? Is the function of the expert witness in conflict with the investigator's code of professional responsibility? Attorneys look at witnesses' codes of professional responsibility based on organizations they are members of.
As with any research paper, write the ___________________ last.
abstract
Discuss any potential problems with your attorney _______ a deposition.
before
Federal courts, as a matter of rule, require all fact or expert witnesses to provide a report Answer trial in civil cases.
before
The ??? consists of the introduction and discussion sections of a report.
body
At a trial, ??? are statements that organize the evidence and state the applicable law.
closing arguments
Sometimes opposing attorneys ask several questions inside one question; this practice is called a __________ question.
compound
Before allowing an attorney to describe any case details, determine who the parties are to reduce the possibility of a _______________.
conflict
Depending on your attorney's needs, you might provide only your opinion and technical expertise to him or her instead of testifying in court; this role is called a(n)
consulting expert
A ________________ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
court order
A ____ differs from a trial testimony because there is no jury or judge.
deposition
The ____ is the most important part of testimony at a trial.
direct examination
The __________________ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system.
filecache.dbx
People who fear having their ______________ acts revealed feel as though they must protest the ________________ acts of others being revealed.
improper
A _________________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.
management plane
Generally, the best approach your attorney can take in direct examination is to ask you ____ questions and let you give your testimony.
open-ended
With cloud systems running in a virtual environment, _______________ can give you valuable information before, during, and after an incident.
snapshot
If a preliminary report is written, destroying the preliminary report after the final report is complete could be considered ______________.
spoilation
Regarding a trial, the term ____ means rejecting potential jurors.
strikes
The Google drive file _________________ contains a detailed list of a user's cloud transactions.
sync_log.log
When you give ____ testimony, you present this evidence and explain what it is and how it was obtained.
technical/scientific
How you format _____________ is less important than being consistent in applying formatting.
text
An expert's opinion is governed by ________________ and the corresponding rule in many states.
FRE, Rule 705