DIGITAL FORENSICS PRACTICE
ruled by the IEEE 1394B standard
Fire Wire
You should have at least one copy of your backups on site and a duplicate copy or a previous copy of your backups stored in a safe ____ facility.
Off Site
_______ would not be found in an initial-response field kit.
Leather gloves and disposable latex gloves
A ____ is where you conduct your investigations, store evidence, and do most of your work.
Digital Forensics Lab
____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.
Disaster Recovery
The law of search and seizure protects the rights of all people, excluding people suspected of crimes.
False
A _______ is not a private sector organization.
Hospital
____ was created by police officers who wanted to formalize credentials in computing investigations.
IACIS
a type of evidence custody form
Multi Evidence Form
Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Windows File System.
NTFS
an older computer forensics tool
Norton DiskEdit
tool for directly restoring files
Norton Ghost
The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest.
Person of interest
Forensics tools such as ____ can retrieve deleted files for use as evidence.
ProDiscover Basic
A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks.
True
sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence
Affidavit
Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed
Allegation
In the ____, you justify acquiring newer and better resources to investigate computer forensics cases.
Business Case
The EMR from a computer monitor can be picked up as far away as ____ mile.
1/2
Computing components are designed to last 18 to ____ months in normal business operations.
36
The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis.
Chain of Custody
In addition to performing routine backups, record all the updates you make to your workstation by using a process called ____ when planning for disaster recovery.
Configuration Management
What type of media has a 30-year lifespan?
DLT Magnetic Tape
____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example.
Data Recovery
is the more well-known and lucrative side of the computer forensics business
Data Recovery
addresses how to restore a workstation you reconfigured for a specific investigation
Disaster Recovery Plan
____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats.
a high-end RAID server from Digital Intelligence
FREDC
A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.
False
Computer investigations and forensics fall into the same category: public investigations.
False
The Fourth Amendment states that only warrants "particularly describing the place to be searched and the persons or things to be seized" can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for anything.
False
What does FRE stand for?
Federal Rules of Evidence
involves selling sensitive or confidential company information to a competitor
Industrial Espionage
stands for Metropolitan Area Network
MAN
By using ____ to attract new customers or clients, you can justify future budgets for the lab's operation and staff.
Marketing
___ from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems.
ProDiscover Basic
The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.
Probable Cause
Lab costs can be broken down into daily, ____, and annual expenses.
Quarterly
For labs using high-end ____ servers (such as Digital Intelligence F.R.E.D.C. or F.R.E.D.M.), you must consider methods for restoring large data sets.
RAID
Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses.
Right of Privacy
Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer.
Silver Platter
_______ does not recover data in free or slack space.
Sparse Acquisition
A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.
Steel
Defense contractors during the Cold War were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____.
TEMPEST
Chain of custody is also known as chain of evidence.
True
Computing systems in a forensics lab should be able to process typical cases in a timely manner.
True
State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies.
True
To be a successful computer forensics investigator, you must be familiar with more than one computing platform.
True
To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.
True
A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
Warning Banner
