forensics-chapter 2
What do you call a list of the people who have had physical possession of the evidence?
Chain of custody.
What are some ways to determine the resources needed for an investigation?
Determine the OS of the suspect computer.
An acquisitions officer is not responsible for making notes of the computer's state at the time it was acquired.
False
Data collected before an attorney issues a memorandum for an attorney-client privilege case is protected under the confidential work product rule. True or False?
False
You should always prove the allegations made by the person who hired you.
False
Your evidence media should not be write-protected.
False
For employee termination cases, what type of investigations will you predominately encounter?
Incidents that create a hostile work environment.
What is the most important point to remember when assigned to work on an attorney-client privilege case?
Keeping all your findings confidential
What should appear on your case report? a. your findings only b. list of possible outcomes c. narrative of steps you took d.explanation of highly complex computer
Narrative of the steps that you took.
Why should you critique your case after it is done?
To improve your work.
Why should you do a standard risk assessment to prepare for an investigation?
To list problems that might happen when conducting your investigation.
An initial assessment that you should make for a computing investigation is determine whether law enforcement or company security officers already seized the computer evidence.
True
For digital evidence, an evidence bag is typically made of antistatic material. True or False?
True
Some of the information that should be on an evidence custody form include case number, name of the investigator assigned to the case, nature of the case, location where evidence was obtained, and description of the evidence.
True
When might an interview turn into an interrogation?
When an investigator has discovered enough facts to consider the witness a suspect.
What are some reasons that an employee might leak information to the press? (Choose all that apply)
all of the above
What are the basic guidelines when working on an attorney-client privilege case?
all of the above
Who should have access to a secure container? a. primary investigator b. only the investigator in the group c. everyone on the floor d. senior lvl management
only the investigators in the group