Digital Forensics: Chapter 1-3

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A forensic workstation should always have a direct broadband connection to the Internet. True False

False

What do you call a list of people who have had physical possession of the evidence? A) Chain of custody B) Evidence log C)Affidavit D) Evidence record

A) Chain of custody

Which organization provides good information on safe storage containers? A) NISPOM B) ASQ C) TEMPEST D) ASCLD

A) NISPOM

Police in the United States must use procedures that adhere to which of the following? A) Third Amendment B) Fourth Amendment C) First Amendment D) None of the above

B) Fourth Amendment

To determine the types of operating systems needed in your lab, list two sources of information you could use. A) ANAB and IACIS B) EnCE and ACE C) Uniform Crime Report statistics and a list of cases handled in your area D) Local police reports and ISFCE reports

C) Uniform Crime Report statistics and a list of cases handled in your area

The manager of a digital forensics lab is responsible for which of the following? A) Making necessary changes in lab procedures and software B) Ensuring that staff members have enough training to do the job C) Knowing the lab objectives D) All of the above

D) All of the above

Policies can address rules for which of the following? A) When you can log on to a company network from home B) The amount of personal e-mail you can send C) The Internet sites you can or can't access D) Any of the above

D) Any of the above

List three items that should be on an evidence custody form. A) Name of the investigator, affidavit and name of the judge assigned to the case B) Description of the evidence, location of the evidence and search warrant C)Affidavit, search warrant, and description of the evidence D) Case number, name of the investigator and nature of the case

D) Case number, name of the investigator and nature of the case

Why should evidence media be write-protected? A) To make image files smaller in size B) To speed up the imaging process C) To comply with Industry standards D) To make sure data isn't altered

D) To make sure data isn't altered

Why is physical security so critical for digital forensics labs? A) To ensure continuous funding B) To make sure unwanted data isn't retained on the drive C)To protect trade secrets D) To prevent data from being lost, corrupted, or stolen

D) To prevent data from being lost, corrupted, or stolen

What's the purpose of an affidavit? A) To list problems that might happen when conducting an investigation B) To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth C) To determine the OS of the suspect computer and list the software needed for the examination D) To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant

D) To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant

A warning banner should never state that the organization has the right to monitor what users do. True False

False

ASQ and ANAB are two popular certification programs for digital forensics. True False

False

Large digital forensics labs should have at least ________ exits. A) 4 B) 7 C) 2 D) 5

C) 2

Before enlisting in a certification program, thoroughly research the requirements, ________, and acceptability in your area of employment. A) Location B) Number of students C) Business hours D) Cost

D) Cost

An employer can be held liable for e-mail harassment. True False

True

Embezzlement is a type of digital investigation typically conducted in a business environment. True False

True

For digital evidence, an evidence bag is typically made of antistatic material. True False

True

One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. True False

True

The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. True False

True

Your business plan should include physical security items. True False

True

Why should you do a standard risk assessment to prepare for an investigation? A) To discuss the case with the opposing counsel B) To list problems that might happen when conducting an investigation C) To obtain an affidavit D) To obtain a search warrant

B) To list problems that might happen when conducting an investigation

Which organization has guidelines on how to operate a digital forensics lab? A) TEMPEST B) SCADA C) ANAB D) NISPOM

C) ANAB

What is one of the necessary components of a search warrant? A) Standards of behavior B) Professional codes C) Signature of an impartial judicial officer D) Professional ethics

C) Signature of an impartial judicial officer

Why should you critique your case after it's finished? A) To maintain chain of custody B) To maintain a professional conduct C) To improve your work D) To list problems that might happen when conducting an investigation

C) To improve your work

Digital forensics facilities always have windows. True False

False

Why is professional conduct important? A) It saves a company from using warning banners B) It includes ethics, morals, and standards of behavior C) It helps with an investigation D) All of the above

B) It includes ethics, morals, and standards of behavior

What term refers to labs constructed to shield EMR emissions? A) ASQ B) TEMPEST C) NISPOM D) SCADA

B) TEMPEST

The triad of computing security includes which of the following? A) Vulnerability assessment, detection, and monitoring B) Vulnerability assessment, intrusion response, and monitoring C) Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation D) Detection, response, and monitoring

C) Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation

Building a business case can involve which of the following? A) Procedures for gathering evidence B) Testing software C) Protecting trade secrets D) All of the above

D) All of the above

Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True False

False

Digital forensics and data recovery refer to the same activities. True False

False

Evidence storage containers should have several master keys. True False

False

If a visitor to your digital forensics lab is a personal friend, it's not necessary to have him or her sign the visitor's log. True False

False

The ANAB mandates the procedures established for a digital forensics lab. True False

False

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True False

False

You should always prove the allegations made by the person who hired you. True False

False

You shouldn't include a narrative of what steps you took in your case report True False

False

Typically, a(n) ________ lab has a separate storage area or room for evidence. A) State B) Research C) Federal D) Regional

D) Regional


Ensembles d'études connexes

chapter 12 Organizational change and culture

View Set

Personal Finance Final Exam Study Guide

View Set

Operations with Complex Numbers assessment

View Set

Statistics Test 3 (Chapters 9, 10, 11)

View Set

Fiction "Somebody Wanted But So Then"

View Set

Psychology in Action - Chapter 6

View Set