Chapter 1 Quiz - Cengage / Sammons

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

c. ​Digital Evidence First Responder

After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant. a. ​Digital Evidence Scene Investigator b. ​Digital Evidence Specialist c. ​Digital Evidence First Responder d. ​Digital Evidence Recorder

False

Digital forensics and data recovery refer to the same activities. True False

True

For digital evidence, an evidence bag is typically made of antistatic material. True False

d. ​affidavit

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.​ a. ​memo b. ​verdict c. exhibit d. ​affidavit

A. DOMEX

In Afghanistan and Iraq, armed forces are exploiting intelligence collected from digital devices brought straight from the battlefield The process is known as A. DOMEX B. NICE C. AAFS D. Quality Assurance

True

In a legal sense, to be considered an expert in a court of law, one doesn't have to possess an advanced academic degree. True False

Fourth Amendment

Police in the United States must use procedures that adhere to which of the following? Third Amendment Fourth Amendment First Amendment None of the above

a. civil suit

The _______ is not one of the three stages of a typical criminal case. a. civil suit b. ​complaint c. investigation d. prosecution

True

User groups for a specific type of system can be very useful in a forensics investigation.​ True False

Chain of custody

What do you call a list of people who have had physical possession of the evidence? Chain of custody Affidavit Evidence record Evidence log

Signature of an impartial judicial officer

What is one of the necessary components of a search warrant? Signature of an impartial judicial officer Professional codes Standards of behavior Professional ethics

False

A warning banner should never state that the organization has the right to monitor what users do. True False

True

Embezzlement is a type of digital investigation typically conducted in a business environment. True False

False

In a civil case, both parties are generally entitled to examine the evidence that will be used against them before trial. This legal process is known as "scientific method." True False

D. Examination of the file's metadata

In the case of Dennis Rader better known as the BTK Killer, investigators got the lead they needed to arrest and seal the suspect's fate through A. Document and Media Exploitation (DOMEX) B. Identifying which websites had been visited C. Locating what applications had been installed or uninstalled D. Examination of the file's metadata

True

One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. True False

Any of the above

Policies can address rules for which of the following? The amount of personal e-mail you can send The Internet sites you can or can't access When you can log on to a company network from home Any of the above

A. Imaging/hashing, Repeatability, Analysis, Reporting

Put these phases of a digital forensic process in the proper order (not all phases represented. A. Imaging/hashing, Repeatability, Analysis, Reporting B. Expert Presentation, Search Authority, Analysis, C of C C. Reporting, Analysis, Imaging, Search Authority D. Repeatability, Hashing, Search Authority, Expert Presentation

B. The WTCC Computer Technologies Department

Several organizations help establish the standards and best practices used in digital forensics. These organizations include all of the following except A. The American Academy of Forensic Sciences B. The WTCC Computer Technologies Department C. Scientific Working Group on Digital Evidence D. American Society for Testing Materials

b. ​Federal Rules of Evidence

Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings. a. Federal Proceedings Law b. ​Federal Rules of Evidence c. ​Federal Proceedings Rules d. ​Federal Consistency Standards

C. Digital Forensics

The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, and possible expert presentation is the definition of A. Electronic Discovery B. Imaging/Hashing C. Digital Forensics D. Search Authority

False

The name given to the mathematical process (via an algorithm) that produces a unique value that is essentially the digital "fingerprint" of a particular file is known as bitstream imaging. True False

B. Locard's Exchange Principle

The principle that says, in the physical world, whenever perpetrators enter of leave a crime scene, they will leave something behind and take something with them is A. File Carving B. Locard's Exchange Principle C. Principles of Live Collection D. Data Persistence

True

The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. True False

b. ​industrial espionage

The sale of sensitive or confidential company information to a competitor is known as _______. a. ​industrial betrayal b. ​industrial espionage c. ​industrial sabotage d. ​industrial collusion

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

The triad of computing security includes which of the following? Vulnerability assessment, intrusion response, and monitoring Detection, response, and monitoring Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation Vulnerability assessment, detection, and monitoring

B. Electronic discovery

This term refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. A. Repeatability B. Electronic discovery C. Chain of Custody D. Locard's exchange principle

c. ​ILook

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?​ a. ​DeepScan b. ​Photorec c. ​ILook d. ​AccessData Forensic Toolkit

To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant

What's the purpose of an affidavit? To list problems that might happen when conducting an investigation To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant To determine the OS of the suspect computer and list the software needed for the examination To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth

c. ​MS-DOS 6.22

Which Microsoft OS below is the least intrusive to disks in terms of changing data?​ a. ​Windows XP b. ​Windows 95 c. ​MS-DOS 6.22 d. ​Windows 7

To make sure data isn't altered

Why should evidence media be write-protected? To make image files smaller in size To speed up the imaging process To make sure data isn't altered To comply with Industry standards

To improve your work

Why should you critique your case after it's finished? To maintain a professional conduct To list problems that might happen when conducting an investigation To improve your work To maintain chain of custody

To list problems that might happen when conducting an investigation

Why should you do a standard risk assessment to prepare for an investigation? To list problems that might happen when conducting an investigation To obtain a search warrant To obtain an affidavit To discuss the case with the opposing counsel

b. ​repeatable findings

Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as _______. a. reloadable steps b. ​repeatable findings c. ​verifiable reporting d. ​evidence reporting

False

You should always prove the allegations made by the person who hired you. True False

False

You shouldn't include a narrative of what steps you took in your case report True False

a. ​Exhibits

_______ must be included in an affidavit to support an allegation in order to justify a warrant. a. ​Exhibits b. ​Subpoenas c. ​Witnesses d. ​Verdicts


Ensembles d'études connexes

Life Insurance: Chapter 3-Policy Riders, Provisions, Options and Exclusions

View Set

Chapter 10 Mini Stim Exercise: Human Resource Management

View Set

Pre-Lab Quiz-Glassware, Techniques, and Measurement

View Set

Chapter 13: Assessing Nutritional status

View Set

Endocrine System Part 1 Questions

View Set

NRSG 337 Exam #5 Class Questions

View Set

Ch. 1 (What is Public Relations)

View Set