Certificaton Objectives Exam 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

When was the Freedom of Information Act originally enacted?

1960s

What is the maximum amount of time computing components are designed to last in normal business operations?

36 months

By what percentage can lossless compression reduce image file size?

50%

What is the most common and flexible data-acquisition method?

Disk-to-image file copy

What older Microsoft disk compression tool eliminates only slack disk space between files?

DriveSpace

Which group often works as part of a team to secure an organization's computers and networks?

Forensics investigators

What do published company policies provide for a business that enables them to conduct internal investigations?

Line of authority

What term refers to Linux ISO images that can be burned to a CD or DVD?

Linux Live CDs

What type of acquisition is done if the computer has an encrypted drive and the password or passphrase is available?

Live

What type of acquisition is used for most remote acquisitions?

Live

What does Autopsy use to validate an image?

MD5

What option is used with the dcfldd command to designate a hashing algorithm of md5, sha1, sha256, sha384, or sha512?

hash

What material is recommended for secure storage containers and cabinets?

Steel

ISPs can investigate computer abuse committed by their customers.

False

Which agency introduced training on software for forensics investigations by the early 1990s?

IACIS

Methods for restoring large data sets are important for labs using which type of servers?

RAID

A forensics analysis of a 6-TB disk, for example, can take several days or weeks.

True

Maintaining credibility means you must form and sustain unbiased opinions of your cases.

True

Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

True

The most common computer-related crime is check fraud.

True

What command displays pages from the online help manual for information on Linux commands and their options?

man

What kind of forensic investigation lab best preserves the integrity of evidence?

A secure facility

A judge can exclude evidence obtained from a poorly worded warrant.

True

In Autopsy and many other forensics tools raw format image files don't contain metadata.

True

At what distance can the EMR from a computer monitor be picked up?

1/2 mile

When recovering evidence from a contaminated crime scene, the investigator should take measures to avoid damage to the drive from overheating. At what temperature should the investigator take action?

80 degrees or higher

What do law enforcement investigators need in order to remove computers from a crime scene and transport them to a lab?

A warrant

What will allow the investigator to arrive at a scene, acquire the needed data, and return to the lab as quickly as possible?

An initial-response field kit

Where should your computer backups be kept?

An off-site facility

Power should not be cut during an investigation involving a live computer, unless it is what type of system?

An older Windows or MS-DOS system

How frequently should floors and carpets in the computer forensic lab be cleaned to help minimize dust that can cause static electricity?

At least once a week

What term refers to the individual who has the power to conduct digital forensic investigations?

Authorized requester

In what process is the acquisition of newer and better resources for investigation justified?

Building a business case

Which group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime?

Digital investigations

What type of plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing?

Disaster recovery

What type of files might lose essential network activity records if power is terminated without a proper shutdown?

Event logs

How frequently does IACIS require recertification to demonstrate continuing work in the field of computer forensics?

Every 3 years

When an investigator seeks a search warrant, which of the following must be included in an affidavit to support the allegation of a crime?

Exhibits

Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.

False

When an investigator finds a mix of information, judges often issue a limiting phrase to the warrant, which allows the police to present all evidence together.

False

What type of evidence do courts consider evidence data in a computer to be?

Physical

The lab manager sets up processes for managing cases and reviews them regularly.

True

What usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will?

A warning banner

Which term refers to an accusation or supposition of fact that a crime has been committed and is made by the complainant, based on the incident?

Allegation

When federal courts are evaluating digital evidence from computer-generated records, what exception is applied to hearsay?

Business-records exception

Which Pacific Northwest agency meets to discuss problems that digital forensics examiners encounter?

CTIN

When confidential business data are included with the criminal evidence, what are they referred to as?

Commingled data

Which type of case involves charges such as burglary, murder, or molestation?

Criminal

What term refers to a person using a computer to perform routine tasks other than systems administration?

End user

Which is the most accurate statement about investigating and controlling computer incident scenes in private-sector environments as compared to crime scenes?

Investigating and controlling the scene is much easier in private sector environments.

What must be done, under oath, to verify that the information in the affidavit is true?

It must be notarized.

Which type of format acquisition leaves the investigator unable to share an image between different vendors' computer forensics analysis tools?

Proprietary

What is the third stage of a criminal case, after the complaint and the investigation?

Prosecution

A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the resource-heavy analysis tasks.

True

A separate manual validation is recommended for all raw acquisitions at the time of analysis.

True

By the 1970s, electronic crimes were increasing, especially in the financial sector.

True

By using marketing to attract new customers or clients, you can justify future budgets for the lab's operation and staff.

True

In addition to md5sum, which hashing algorithm utility is included with current distributions of Linux?

sha1sum

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant?

An affidavit

What HTCN certification level requires candidates have three years of experience in computing investigations for law enforcement or corporate cases?

Certified Computer Forensic Technician, Basic

Which entity was formed by the FBI in 1984 to handle the increasing number of cases involving digital evidence?

Computer Analysis and Response Team

What process refers to recording all the updates made to a workstation?

Configuration management

A technician is trying to recover information on a computer that has been hidden or deleted on purpose in order to hide evidence of a crime. Which type of task is the technician performing?

Data recovery

If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately.

False

If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available.

False

Private-sector organizations include small to medium businesses, large corporations, and non-government organizations (NGOs), which always get funding from the government or other agencies.

False

Similar to Linux, Windows also has built-in hashing algorithm tools for digital forensics.

False

The ANSI-ASQ National Accreditation Board (ANAB) is a wholly owned subsidiary of the American Society of Crime Laboratory Directors (ASCLD).

False

The law of search and seizure protects the rights of all people, excluding people suspected of crimes.

False

Unlike RAID 0, RAID 3 stripes tracks across all disks that make up one volume.

False

When you work in the enterprise digital group, you test and verify the integrity of stand-alone workstations and network servers.

False

At what levels should lab costs be broken down?

Monthly, quarterly, and annually

In addition to FAT16, FAT32, and Resilient File System, which file system can Windows hard disks also use?

NTFS

Without a warning banner, what right might employees assume they have when using a company's computer systems and network accesses?

Privacy

What standard is used to determine whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest?

Probable cause

What investigator characteristic, which includes ethics, morals, and standards of behavior, determines the investigator's credibility?

Professional conduct

In which RAID configuration do two or more disk drives become one large volume, so the computer views the disks as a single disk?

RAID 0

Which RAID configuration, also called mirrored striping, is a combination of RAID 1 and RAID 0?

RAID 10

Which RAID configuration offers the greatest access speed and most robust data recovery capability?

RAID 15

At a minimum, what do most company policies require that employers have in order to initiate an investigation?

Reasonable suspicion that a law or policy is being violated.

Which activity involves determining how much risk is acceptable for any process or operation?

Risk management

In addition to environmental issues, what issues are the investigator's primary concerns when working at the scene to gather information about an incident or a crime?

Safety

What is required for real-time surveillance of a suspect's computer activity?

Sniffing data transmissions between a suspect's computer and a network server.

If your time is limited, what type of acquisition data copy method should you consider?

Sparse

Which technique can be used for extracting evidence from large systems?

Sparse acquisition

What type of acquisition is typically done on a computer seized during a police raid?

Static

During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. What did the U.S. Department of Defense call this special computer-emission shielding?

TEMPEST

Chapter 5, Section 3, of the NISPOM describes the characteristics of a safe storage container.

True

Computing systems in a forensics lab should be able to process typical cases in a timely manner.

True

FTK Imager requires that you use a device such as a USB dongle for licensing.

True

If you follow police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.

True

The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.

True

The definition of digital forensics has evolved over the years from simply involving securing and analyzing digital information stored on a computer for use as evidence in civil, criminal, or administrative cases.

True

The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file.

True

The police blotter provides a record of clues to crimes that have been committed previously.

True

The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.

True

There's no simple method for getting an image of a RAID server's disks.

True

To be a successful computer forensics investigator, you must be familiar with more than one computing platform.

True

When seizing computer evidence in criminal investigations, which organization's standards should be followed?

U.S. DOJ

What did Microsoft add to its newer operating systems that makes performing static acquisitions more difficult?

Whole disk encryption


Ensembles d'études connexes

Leading Marines - The Promotion System

View Set

Chapter 9: Customer-Defined Service Standards

View Set

French 2 U3L3 -re Verbs (conjugations)

View Set

Personal Finance Module 3 Review

View Set

ATI Learning System 3.0 - Fundamentals 2

View Set

General Psychology Quiz 1 Ch 1-3

View Set