Chapter 1 Quiz - Cengage / Sammons
c. Digital Evidence First Responder
After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant. a. Digital Evidence Scene Investigator b. Digital Evidence Specialist c. Digital Evidence First Responder d. Digital Evidence Recorder
False
Digital forensics and data recovery refer to the same activities. True False
True
For digital evidence, an evidence bag is typically made of antistatic material. True False
d. affidavit
If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______. a. memo b. verdict c. exhibit d. affidavit
A. DOMEX
In Afghanistan and Iraq, armed forces are exploiting intelligence collected from digital devices brought straight from the battlefield The process is known as A. DOMEX B. NICE C. AAFS D. Quality Assurance
True
In a legal sense, to be considered an expert in a court of law, one doesn't have to possess an advanced academic degree. True False
Fourth Amendment
Police in the United States must use procedures that adhere to which of the following? Third Amendment Fourth Amendment First Amendment None of the above
a. civil suit
The _______ is not one of the three stages of a typical criminal case. a. civil suit b. complaint c. investigation d. prosecution
True
User groups for a specific type of system can be very useful in a forensics investigation. True False
Chain of custody
What do you call a list of people who have had physical possession of the evidence? Chain of custody Affidavit Evidence record Evidence log
Signature of an impartial judicial officer
What is one of the necessary components of a search warrant? Signature of an impartial judicial officer Professional codes Standards of behavior Professional ethics
False
A warning banner should never state that the organization has the right to monitor what users do. True False
True
Embezzlement is a type of digital investigation typically conducted in a business environment. True False
False
In a civil case, both parties are generally entitled to examine the evidence that will be used against them before trial. This legal process is known as "scientific method." True False
D. Examination of the file's metadata
In the case of Dennis Rader better known as the BTK Killer, investigators got the lead they needed to arrest and seal the suspect's fate through A. Document and Media Exploitation (DOMEX) B. Identifying which websites had been visited C. Locating what applications had been installed or uninstalled D. Examination of the file's metadata
True
One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. True False
Any of the above
Policies can address rules for which of the following? The amount of personal e-mail you can send The Internet sites you can or can't access When you can log on to a company network from home Any of the above
A. Imaging/hashing, Repeatability, Analysis, Reporting
Put these phases of a digital forensic process in the proper order (not all phases represented. A. Imaging/hashing, Repeatability, Analysis, Reporting B. Expert Presentation, Search Authority, Analysis, C of C C. Reporting, Analysis, Imaging, Search Authority D. Repeatability, Hashing, Search Authority, Expert Presentation
B. The WTCC Computer Technologies Department
Several organizations help establish the standards and best practices used in digital forensics. These organizations include all of the following except A. The American Academy of Forensic Sciences B. The WTCC Computer Technologies Department C. Scientific Working Group on Digital Evidence D. American Society for Testing Materials
b. Federal Rules of Evidence
Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings. a. Federal Proceedings Law b. Federal Rules of Evidence c. Federal Proceedings Rules d. Federal Consistency Standards
C. Digital Forensics
The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, and possible expert presentation is the definition of A. Electronic Discovery B. Imaging/Hashing C. Digital Forensics D. Search Authority
False
The name given to the mathematical process (via an algorithm) that produces a unique value that is essentially the digital "fingerprint" of a particular file is known as bitstream imaging. True False
B. Locard's Exchange Principle
The principle that says, in the physical world, whenever perpetrators enter of leave a crime scene, they will leave something behind and take something with them is A. File Carving B. Locard's Exchange Principle C. Principles of Live Collection D. Data Persistence
True
The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. True False
b. industrial espionage
The sale of sensitive or confidential company information to a competitor is known as _______. a. industrial betrayal b. industrial espionage c. industrial sabotage d. industrial collusion
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation
The triad of computing security includes which of the following? Vulnerability assessment, intrusion response, and monitoring Detection, response, and monitoring Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation Vulnerability assessment, detection, and monitoring
B. Electronic discovery
This term refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. A. Repeatability B. Electronic discovery C. Chain of Custody D. Locard's exchange principle
c. ILook
What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk? a. DeepScan b. Photorec c. ILook d. AccessData Forensic Toolkit
To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
What's the purpose of an affidavit? To list problems that might happen when conducting an investigation To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant To determine the OS of the suspect computer and list the software needed for the examination To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth
c. MS-DOS 6.22
Which Microsoft OS below is the least intrusive to disks in terms of changing data? a. Windows XP b. Windows 95 c. MS-DOS 6.22 d. Windows 7
To make sure data isn't altered
Why should evidence media be write-protected? To make image files smaller in size To speed up the imaging process To make sure data isn't altered To comply with Industry standards
To improve your work
Why should you critique your case after it's finished? To maintain a professional conduct To list problems that might happen when conducting an investigation To improve your work To maintain chain of custody
To list problems that might happen when conducting an investigation
Why should you do a standard risk assessment to prepare for an investigation? To list problems that might happen when conducting an investigation To obtain a search warrant To obtain an affidavit To discuss the case with the opposing counsel
b. repeatable findings
Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as _______. a. reloadable steps b. repeatable findings c. verifiable reporting d. evidence reporting
False
You should always prove the allegations made by the person who hired you. True False
False
You shouldn't include a narrative of what steps you took in your case report True False
a. Exhibits
_______ must be included in an affidavit to support an allegation in order to justify a warrant. a. Exhibits b. Subpoenas c. Witnesses d. Verdicts