ch 1- understand digital forensics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. True False

true

Policies can address rules for which of the following? The amount of personal e-mail you can send The Internet sites you can or can't access When you can log on to a company network from home Any of the above

Any of the above

List three items that should be on an evidence custody form. Affidavit, search warrant, and description of the evidence Name of the investigator, affidavit and name of the judge assigned to the case Case number, name of the investigator and nature of the case Description of the evidence, location of the evidence and search warrant

Case number, name of the investigator and nature of the case

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True False

F

Why is professional conduct important? It includes ethics, morals, and standards of behavior It helps with an investigation It saves a company from using warning banners All of the above

It includes ethics, morals, and standards of behavior

Why should you do a standard risk assessment to prepare for an investigation? To obtain a search warrant To list problems that might happen when conducting an investigation To obtain an affidavit To discuss the case with the opposing counsel

To list problems that might happen when conducting an investigation

Why should evidence media be write-protected? To make image files smaller in size To make sure data isn't altered To speed up the imaging process To comply with Industry standards

To make sure data isn't altered

Embezzlement is a type of digital investigation typically conducted in a business environment. True False

true

What do you call a list of people who have had physical possession of the evidence? Chain of custody Evidence record Evidence log Affidavit

Chain of custody

Police in the United States must use procedures that adhere to which of the following?

Fourth Amendment

What is one of the necessary components of a search warrant? Professional ethics Standards of behavior Professional codes Signature of an impartial judicial officer

Signature of an impartial judicial

What's the purpose of an affidavit? To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth To list problems that might happen when conducting an investigation To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant To determine the OS of the suspect computer and list the software needed for the examination

To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant

The triad of computing security includes which of the following? Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation Detection, response, and monitoring Vulnerability assessment, intrusion response, and monitoring Vulnerability assessment, detection, and monitoring

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

A warning banner should never state that the organization has the right to monitor what users do. True False

false

Digital forensics and data recovery refer to the same activities. True False

false

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True False

false

You should always prove the allegations made by the person who hired you. True False

false

You shouldn't include a narrative of what steps you took in your case report True False

false

Why should you critique your case after it's finished? To maintain chain of custody To list problems that might happen when conducting an investigation To improve your work To maintain a professional conduct

to improve your work

For digital evidence, an evidence bag is typically made of antistatic material. True False

true

One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. True False

true


Ensembles d'études connexes

Chapter 11. Responsibility Accounting Systems

View Set

Chapter 22 production and evaluation of radiographs

View Set

The New England Colonies- Chapt 3 sect. 2

View Set