Cybercrime Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

(T/F) APNIC assigns and registers IP addresses from Europe, the Middle East and parts of Central Asia.

False

(T/F) ARIN is responsible for coordinating the general pool of IP addresses and providing them to RIRs.

False

(T/F) An Address Resolution Protocol consists of a 12 digit hexadecimal number.

False

(T/F) Blocking moves are passive and do not attempt to directly engage or tamper with surveillance.

False

(T/F) Encase is used by the Criminal Investigation Division of the Internal Revenue Service, U.S. Department of Treasury.

False

(T/F) Examples of handheld computing and wireless devices include printers and scanners.

False

(T/F) Firewalls help shield the intrusion into the system and any access and/or modification to data that may have occurred.

False

(T/F) Forensics tools enable users to back up the data on their mobile phone devices.

False

(T/F) GSM consists of the country code, national destination code, and subscriber number (in that order).

False

(T/F) If the computer is off at a crime scene, it should be turned on.

False

(T/F) Invasion of privacy occurs when a person either as an individual or as a representative acting on behalf of a corporation damages an individual's reputation by making public statements that are both false and malicious.

False

(T/F) Manufacturer-provided tools with which to extract data from a mobile phone are forensically sound and their use will not alter the data in the device.

False

(T/F) Notes can be made in ink or pencil in a bound notebook with its pages numbered sequentially.

False

(T/F) PDA Seizure tool is one of the most popular forensics tools, but is incompatible with PDAs running Pocket PC.

False

(T/F) Photographs help document the exact position of the evidence.

False

(T/F) Salami slicing occurs when data are changed before or during their input into a computer.

False

(T/F) System logs provide data on applications that are installed on a computer.

False

(T/F) TCP server logs can link an IP address to a particular computer at a specific date and time.

False

(T/F) The Fifth Amendment contains several criminal trial rights.

False

(T/F) The PING Command shows that domain names and IP addresses can allow an investigator to track an email to a particular ISP and its location.

False

(T/F) The UMTS stores data that identifies a mobile phone user as well as his or her subscriber data, contacts, and preferences.

False

(T/F) The employee should make a copy of the pornography image for evidentiary purposes.

False

(T/F) Unlike the server-based network configuration, individual configuration of each computer is not required for the peer-to-peer network.

False

(T/F) Volatile data are stored and preserved in the hard drive when the computer is powered off.

False

(T/F) Windows, UNIX/Linux, and Macintosh operating systems have similar shutdown procedures.

False

(T/F) Photographs include the measurements taken by an investigator to provide accurate dimensions of the crime scene and the location of the evidence in relation to that scene.

False; this is for sketches

_______________________ are devices that are not essential parts of a computer system.

Peripheral devices

(T/F) A device that has both mobile phone and PDA capabilities is known as a smartphone.

True

(T/F) Cache is an example of nonvolatile data.

True

(T/F) Corporations often do not officially report other crimes such as theft and hacking.

True

(T/F) Deleted files can typically be recovered by investigators.

True

(T/F) Electronic evidence must be extracted first from a CD before the investigator dusts it for fingerprints so as not to damage it.

True

(T/F) Encase is a computer forensics tool that is widely used by law enforcement agencies.

True

(T/F) External computer forensics investigators are not influenced by internal politics or other biases.

True

(T/F) Honeypots are a form of intrusion detection/intrusion prevention.

True

(T/F) Individuals can hide files in plain sight by renaming or changing the file extensions.

True

(T/F) Live analysis retrieves data from a running system, which will be lost once a device is powered down.

True

(T/F) Network devices include firewalls, routers and switches.

True

(T/F) Packets are units of data transmitted over the network.

True

(T/F) The Authentication-Results field and the Received-SPF field are both intended for spam filtering.

True

(T/F) The MOBILedit! forensics tool is also widely used by law enforcement, government agencies, and forensic investigators.

True

(T/F) The PING Command can be used to validate IP addresses found in the email header.

True

(T/F) The Uniformed Services Employment and Reemployment Rights Act of 1994 protects individuals from workplace discrimination because of their military service.

True

(T/F) The operating system also collects data about the Web sites visited by a user known as spooler files

True

(T/F) The primary purpose of a network forensics investigation is to find evidence of a crime, incident or policy violation.

True

(T/F) To clone an existing mobile phone, a suspect needs the MIN and ESN.

True

(T/F) Two types email systems exist: client/server and web-based.

True

(T/F) Videos with audio recordings are often discouraged because the comments made by investigators may be considered unprofessional or inappropriate by a defense team or jury.

True

__________________ is used to prevent anything from being written to the hard drive or other data source:

a write blocker

______________ is responsible for assigning and registering IP addresses in the North American region. Question options: a) ARIN b) AfriNIC c) APNIC d) RIPE e) LACNIC

a) ARIN

______________ consist of rules that define network security policies and governs the rights and privileges of users of a specific system. Question options: a) Access control lists b) Network protocols c) Administrator protocols d) Network control lists e) none of the above

a) Access control lists

______________ affords users with the opportunity to synchronize and transfer the data on their mobile devices with their home and work computers and laptops. Question options: a) Bluetooth technology b) Digital Manner Policies c) SIM card readers d) SIM cards e) None of the above

a) Bluetooth technology

________________ are required to prevent messages from being sent or received by electronic devices (such as PDAs and mobile phones) Question options: a) Faraday bags b) antistatic bags c) static bags d) antisignal bags e) none of the above

a) Faraday bags

The __________________, which is imprinted on the SIM card, can be used by the service provider operator to trace the SIM card back to the number that it was assigned to. Question options: a) ICCID b) PIN c) PUK d) GSM e) none of the above

a) ICCID

______________ are extremely difficult to detect on computer systems. Question options: a) Keyloggers b) Routers c) IDSs d) Firewalls e) IPSs

a) Keyloggers

The __________________ forensics tool is compatible with numerous mobile phones and smartphones and is widely used by law enforcement and government agencies. Question options: a) Oxygen Phone Manager b) .XRY c) Duplicate Disk d) POSE e) all of the above

a) Oxygen Phone Manager

To determine the original address from which a message was sent, a user should also pay close attention to the ___________ field in the full header. Question options: a) Received b) Message ID c) Content-type d) X-Mailer e) MIME-Version

a) Received

______________ is an example of a sniffer program. Question options: a) Wireshark b) A honeypot c) A honeynet d) A rootkit e) None of the above

a) Wireshark

In ____________, data within a computer database are altered, deleted, or fabricated. Question options: a) input scams b) output scams c) throughput scams d) salami slicing e) none of the above

a) input scams

_____________ occurs when a director, officer, or shareholder who holds more than 10 percent of the stock of a corporation listed on a national exchange buys and sells corporate shares based on information known generally by security officers before it is made available to the general public. a) Insider trading b) Bid rigging c) Embezzlement d) Money laundering e) none of the above

a) insider trading

When filing a _________________, the attorney seeks a pretrial ruling on the admissibility of evidence. Question options: a) motion in limine b) motion to suppress evidence c) motion to admit evidence d) motion for discovery e) none of the above

a) motion in limine

The types of photographs taken at a crime scene should include: Question options: a) overall, medium-range, and close-range photographs b) overall and close-range photographs c) medium-range and close-range photographs d) only overall photographs e) only close-range photographs

a) overall, medium-range, and close-range photographs

_______________ logs are new event logs in Windows 7. Instead of recording events that may affect the system as a whole, each log stores events from a single application or component.

applications and services

_____________ is a mobile phone forensics tool. Question options: a) POSE b) .XRY c) Duplicate Disk d) Pilot-link e) All of the above

b) .XRY

Under the _______________ institutions are required to report instances of money laundering. Question options: a) Foreign Corrupt Practices Act of 1977 b) Bank Secrecy Act of 1970 c) Sherman Antitrust Act of 1890 d) Equal Pay Act of 1963 e) all of the above

b) Bank Secrecy Act of 1970

The two most popular forensics tools geared toward mobile phones, PDAs, and smartphones are _____________. Question options: a) Cell Seizure and GSM.XRY b) CellDEK and Device Seizure c) Cell Seizure and CellDEK d) Device Seizure and Cell Seizure e) none of the above

b) CellDEK and Device Seizure

The ______________________ established minimum wages and the 40-hour work week. a) Equal Pay Act of 1963 b) Fair Labor Standards Act of 1938 c) Occupational Safety and Health Act of 1970 d) Title VII of the Civil Rights Act of 1964 e) none of the above

b) Fair Labor Standards Act of 1938

Most service providers do not use the ________ number to identify mobile phone users, but instead use the ___________ number assigned by the provider and stored on the SIM card. Question options: a) IMSI; IMEI b) IMEI; IMSI c) UICC; UMTS d) UMTS; UICC e) none of the above

b) IMEI; IMSI

________________ occurs when numerous ARP requests are sent requesting multiple MAC address in order to overwhelm the resources of network switches. Question options: a) ARP poisoning b) MAC Flooding c) MAC Address Spoofing d) Man-in-the-Middle Attack e) none of the above

b) MAC flooding

The ______________ field consists of the name of the server and a unique string that the sending e-mail server assigned to the message: Question options: a) Received b) Message ID c) Content-type d) X-Mailer e) MIME-Version

b) Message ID

______________ logs contain the events that are logged by programs and applications. Errors of these applications and programs are also recorded in this log. a) security b) application c) setup d) system e) none of the above

b) application

A more efficient and intelligent version of a _______ is a ________. Question options: a) switch; hub b) hub; switch c) router; switch d) router; hub e) none of the above

b) hub; switch

In ___________, an individual seeks to use company-owned data in the computer for personal gain. Question options: a) input scams b) output scams c) throughput scams d) salami slicing e) none of the above

b) output scams

______________ are devices that are not essential parts of a computer system. Question options: a) handheld computing devices b) peripheral devices c) telecommunications devices d) a and c e) none of the above

b) peripheral devices

_____________ are often used to document the overall crime scene; they complement the __________ of the crime scene and evidence. Question options: a) photographs; videos b) videos; photographs c) sketches; videos d) sketches; photographs e) none of the above

b) videos; photographs

__________________ involve written questions that are provided to a witness. Question options: a) Motions b) Interrogations c) Interrogatories d) Depositions e) None of the above

c) Interrogatories

______________ are used to connect computers within a small area and provide these systems with the ability to share resources. Question options: a) MANs b) WANs c) LANs d) CANS e) none of the above

c) LANs

____________ is a SIM tool that has been designated for forensic purposes. Question options: a) SIMClone b) SIMGuard c) MOBILedit! Forensic d) Dekart SIM reader e) All of the above

c) MOBILedit! Forensic

________________ is essentially gibberish Question options: a) metadata b) plaintext c) ciphertext d) decryption e) all of the above

c) ciphertext

Digital cameras contain a wealth of metadata in: Question options: a) graphical interchange format file b) tagged image file format c) exchangeable image file format d) image interchange format file e) all of the above

c) exchangeable image file format

______________ provide a narrative of what happened at the crime scene and how the investigation of the scene was conducted. Question options: a) notes b) videos c) reports d) sketches e) none of the above

c) reports

____________ is the space that is available because it was never used or because the information in it was deleted. Question options: a) a hidden partition b) a bad cluster c) unallocated space d) slack space e) none of the above

c) unallocated space

_____________ are files created by Web sites that are stored on a user's computer hard drive when he or she visits that particular Web site. Question options: a) cookies b) history files c) event logs d) spooler files e) none of the above

cookies

_____________ are used to block incoming network traffic based on certain predetermined criteria. Question options: a) Hubs b) Routers c) Switches d) Firewalls e) Backdoors

d) Firewalls

The __________________ attack hijacks a TCP connection between a client and a server. Question options: a) ARP poisoning b) MAC Flooding c) MAC Address Spoofing d) Man-in-the-Middle e) none of the above

d) Man-in-the-middle

The ____________ field specifies the email system used to send the message. Question options: a) Received b) Message ID c) X-Originating-IP d) X-Mailer e) none of the above

d) X-Mailer

Crimes for the corporation include: Question options: a) investment fraud b) inflating sales c) data diddling d) a and b e) all of the above

d) a and b

When filing a _________________, the attorney seeks pretrial disclosure of evidence. Question options: a) motion in limine b) motion to suppress evidence c) motion to admit evidence d) motion for discovery e) none of the above

d) motion for discovery

Computer forensics investigators need to consider __________________ when packaging and transporting evidence: Question options: a) magnetic fields b) static electricity c) corrosive elements d) temperature e) all of the above

e) all of the above

Files that may be created by the computer user include: a) document b) image c) graphics d) a and b e) all of the above

e) all of the above

For a computer forensic investigation, a corporation may use. Question options: a) external computer forensics investigator b) internal computer forensics investigator c) an individual from the IT department d) a and b e) all of the above

e) all of the above

Mobile phones and PDAs may ___________________. Question options: a) be the target of an attack b) be used as tools to commit a crime or incident c) provide evidence of a crime or incident d) a and b e) all of the above

e) all of the above

Mobile phones have: Question options: a) a microprocessor b) RAM c) ROM d) EEPROM e) all of the above

e) all of the above

The ability to recover deleted text messages depends on the __________ of a cell phone. Question options: a) make b) model c) service provider d) a and b e) all of the above

e) all of the above

The sketch should contain the: Question options: a) case number b) location of crime c) type of crime d) a and c e) all of the above

e) all of the above

The ________________ field makes a recommendation to the user as to the validity of the origin of the message and the integrity of its content. Question options: a) Received-SPF b) Message ID c) Return-Path d) MIME-Version e) none of the above

e) none of the above

An individual may use ________________ to physically block third-party access to them, either by using a password or by rendering the file or aspects of the file unusable..

encryption


Ensembles d'études connexes

Part 1 - Chapter 1 (Inquisitive)

View Set

Chapter 6: Formation of the Solar System - Questions, Study

View Set

PC - Polynomial Function Unit Review

View Set

Personal Finance Chapter 2 Study Guide

View Set

ANESTHESIA BOARD QUESTIONS 2015-2018

View Set