Cybercrime and Digital Evidence Midterm

Chapt. 3 In Linux most system configuration files are stored in the ____ directory. A) /etc B) /home C) /dev D) /var

A) /etc

Chapt. 4 Digital forensics tools are divided into ____ major categories. A) 2 B) 3 C) 4 D) 5

A) 2

Chapt. 4 ____ images store graphics information as grids of pixels. A) Bitmap B) Raster C) Vector D) Metafiles

A) Bitmap

Chapt. 1 By the early 1990s, the ____ introduced training on software for forensics investigations. A) IACIS (International Association of Computer Investigative Specialists) B) FLETC (Federal Law Enforcement Training Center) C) CERT (Community Emergency Response Team) D) DDBIA (?)

A) IACIS (International Association of Computer Investigative Specialists)

Chapt. 2 In ____, two or more disk drives become one large volume, so the computer views the disks as a single disk A) RAID 0 B) RAID 1 C) RAID 5 D) RAID 6

A) RAID 0

Chapt. 4 Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0 and 3.0, SATA, PATA, and SCSI controllers. A) USB B) IDE C) LCD D) PCMCIA

A) USB

Chapt. 1 In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. A) authorized requester B) authority of line C) line of right D) authority of right

A) authorized requester

Chapt. 1 The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. A) notarized B) examined C) recorded D) challenged

A) notarized

Chapt. 1 A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. A) warning banner B) right of privacy C) line of authority D) right banner

A) warning banner

Chapt. 4 ____ involves sorting and searching through investigation findings to separate good data and suspicious data. A) Validation B) Filtering C) Acquisition D) Reconstruction

B) Filtering

Chapt. 4 ____ disks are commonly used with Sun Solaris systems A) F.R.E.D. (Federal Reserve Economic Data) B) SPARC (Scalable Processor Architecture) C) FIRE IDE (Mac IDE) D) DiskSpy ( A software that can view every sector of any installed hard disk drive.)

B) SPARC

Chapt. 2 During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older ____ or MS-DOS system. A) Linux B) Windows C) Android D) MacOS

B) WIndows

Chapt. 1 Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. A) litigation B) allegation C) blotter D) prosecution

B) allegation

Chapt. 3 On Mac OSs, the ____ stores any file information not in the MDB or Volume Control Block (VCB) A) volume information block B) extents overflow file C) catalog D) master directory block

B) extents

Chapt. 3 In a files's inode, the first 10 pointers are called ____ pointers A) direct B) indirect C) double D) triple

B) indirect

Chapt. 1 Most digital investigations in the private sector involve ____ A) e-mail abuse B) misuse of digital assets C) internet abuse D) VPN abuse

B) misuse of digital assets

Chapt. 1 Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses A) line of authority B) right of privacy C) line of privacy D) line of right

B) right of privacy

Chapt. 2 The FOIA was originally enacted in the ____ A) 1940s B) 1950s C) 1960s D) 1970s

C) 1960s

Chapt. 2 ____, or mirrored striping with parity, is a combination of RAID 1 and RAID 5 A) RAID 0 B) RAID 10 C) RAID 15 D) RAID 16

C) RAID 15

Chapt. 1 It's the investigator's responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant A) litigation B) prosecution C) exhibits D) reports

C) exhibits

Chapt. 3 In Linux, most applications and commands are in the ____ directory or its subdirectories bin and sbin. A) /home B) /var C) /etc D) /usr

D) /usr

Chapt. 3 The early standard Linux file system was ____ A) NTFS (New Technology File System) B) Ext3 (Third Extended Filesystem) C) HFS+ (Hierarchical File System Extended) D) Ext2 (Second Extended File System)

D) Ext2

Chapt. 4 The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes A) EPS B) BMP C) GIF D) JPEG

D) JPEG

Chapt. 2 ____, or mirrored striping, is a combination of RAID 1 and RAID 0 A) RAID 0 B) RAID 6 C) RAID 5 D) RAID 10

D) RAID 10

Chapt. 1 Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility. A) professional policy B) oath C) line of authority D) professional conduct

D) professional conduct

Chapt. 2 Every business or organization must have a well-defined process describing when an investigation can be initiated. At a minimum, most company policies require that employers have a ____ that a law or policy is being violated A) confirmed suspicion B) proof C) court order stating D) reasonable suspicion

D) reasonable suspicion

Chapt. 3 In macOS, when you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls A) application B) system C) data D) resource

D) resources

Chapt. 2 Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example A) live B) online C) real-time D) static

D) static

Chapt. 3 In macOS volume fragmentation is kept to a minimum by removing clumps from larger files. True or False

False

Chapt. 4 All TIF files start at position zero (offset 0 is the first byte of a file) with hexadecimal 49 49 3B. True of False

False

Chapt. 1 After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant. True or False

True

Chapt. 2 Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized True or False

True

Chapt. 2 The most common computer-related crime is check fraud. True or False

True

Chapt. 2 The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location. True or False

True

Chapt. 3 All disks have more storage capacity than the manufacturer states True or False

True

Chapt. 3 Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories True or False

True

Chapt. 3 If a file contains information, it always occupies at least one allocation block True or False

True

Chapt. 4 Although a disk editor gives you the most flexibility in testing, it might not be capable of examining a compressed file's contents. True or False

True

Chapt. 4 Computers used several OSs before Windows and MS-DOS dominated the market. True or False

True

Chapt. 4 Under copyright laws, maps and architectural plans may be registered as pictorial, graphic, and sculptural works. True or False

True

Chapt. 1 Discussion Question: Your Department has given you a fairly tight budget to purchase forensic software and training. You and another computer forensic examiner are at a conference looking through booths at the expo and demonstration center. What software would you ultimately purchase and why? Would you purchase a training package? Why or why not?

look at other peoples posts and your own replies. just make sure to review it!

Chapt. 2 Discussion Question: You are the Chief Information Security Officer (CISO) for a smaller corporation of fewer than 150 employees across three states that handles billing and invoicing for a very large health provider. It has been brought to your attention that personal information about patients to include dates of birth, social security numbers, credit card information and health data is being sold on the Dark Web. This information could only have been stolen from your database servers. Discuss a plan to respond to the incident.

look at other peoples posts and your own replies. just make sure to review it!

Chapt. 3 Discussion Question: You are examining the computer of an individual who has gone to great lengths to delete and obfuscate important data. You noticed that the individual overlooked modifying or cleaning up the registry. Why is this important and what artifacts are you likely to find by examining the registry of a Windows computer? What tools would you use and why?

look at other peoples posts and your own replies. just make sure to review it!

Chapt. 4 Discussion Question Discuss the advantages and disadvantages of using ISO standards for testing and validation purposes. In what situations would they be used? What is their relation to cybercrime and digital forensics? The discussion should be oriented but not limited to ISO standards. Any other standard definition can be used.

look at other peoples posts and your own replies. just make sure to review it!