Comp Forensics
What is the first rule of digital forensics and subsequent analysis of evidence?
Preserve the original evidence, and analyse a copy only
Why should evidence media be write-protected?
To make sure data isn't altered
The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation.
True
The triad of computing security includes which of the following?
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation
Embezzlement is a type of digital investigation typically conducted in a business environment.
true
For digital evidence, an evidence bag is typically made of antistatic material.
true
What type of forensic copy should be conducted on the original media?
Bit-stream
List three items that should be on an evidence custody form.
Case number, name of the investigator and nature of the case
Why should you critique your case after it's finished?
To improve your work
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.
false
What is the term for tracking evidence in an investigation?
Chain of custody
Police in the United States must use procedures that adhere to which of the following?
Fourth Amendment
What Amendment to the U.S. Constitution provides protection against unlawful searches and seizures?
Fourth Amendment
What's the purpose of an affidavit?
To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule.
false
Digital forensics and data recovery refer to the same activities.
false
You shouldn't include a narrative of what steps you took in your case report
false
What do you call a list of people who have had physical possession of the evidence?
Chain of custody
Of the following choices, which would permanently remove data from media so that it is unrecoverable?
Data is accessible until it is overwritten by other content to the same physical location
A warning banner should never state that the organization has the right to monitor what users do.
False
Why is professional conduct important?
It includes ethics, morals, and standards of behavior
What is one of the necessary components of a search warrant?
Signature of an impartial judicial officer
Policies can address rules for which of the following?
The amount of personal e-mail you can send, When you can log on to a company network from home, The Internet sites you can or can't access
Why should you do a standard risk assessment to prepare for an investigation?
To list problems that might happen when conducting an investigation
You should always prove the allegations made by the person who hired you.
false
One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination.
true
