IT 226 - TEST 1 REVIEW

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

When recovering evidence from a contaminated crime scene, the investigator should take measures to avoid damage to the drive from overheating. At what temperature should the investigator take action?

80 degrees or higher

What do law enforcement investigators need in order to remove computers from a crime scene and transport them to a lab?

A warrant

What is the best approach to handling the expectation of privacy by employees in the event an investigation needs to be carried out on company-owned digital assets?

A well-defined published policy that clearly states that an employer has the right to examine, inspect or access company-owned assets.

Sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence.

Affidavit

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant?

An affidavit

Computer crime

Any crime involving the use of a computer system

When federal courts are evaluating digital evidence from computer-generated records, what exception is applied to hearsay?

Business-records exception

Which of the following are ideal examples of storage media?

CD's & Magnetic Tape

What is the term for tracking evidence in an investigation?

Chain of Custody

What type of records are considered data that the system maintains, such as system log files and proxy server logs?

Computer-generated

What term refers to a column of tracks on two or more disk platters?

Cylinder

Hashing algorithms are used on evidence files to uphold the chain of custody in an investigation. Which of the following is NOT a hashing algorithm?

DAT-1

What is the most common and flexible data-acquisition method

Disk-to-image file copy

Which acronym refers to the file structure database that Microsoft originally designed for floppy disks?

FAT

Which of the following is NOT an example of a Microsoft file system?

FAT28

Which of the following CANNOT be used as a forensics data acquisition format?

FTK

Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.

False

For daily work production, several examiners can work together in a large open area, as long as they all have different levels of authority and access needs.

False

What Amendment to the U.S. Constitution provides protection against unlawful searches and seizures?

Fourth Amendment

If you face an investigation where dangerous substances might be around, you may need to obtain which of the following?

HAZMAT certificate

MD5 and SHA1 are examples of which of the following:

Hashing Algorithms

Why should companies publish a policy stating their right to inspect computing assets at will?

If a company doesn't display a warning banner or publish a policy statingthat it reserves the right to inspect computing assets at will, employees have an expectation of privacy.

What should you do when working on an Internet investigation and the suspect's computer is on?

If you're working on a network or Internet investigation and the computer is on, save data in any current applications as safely as possible and record all active windows or shell sessions. Don't examine folders or network connections or press any keys unless it's necessary.

Involves selling sensitive or confidential company information to a competitor.

Industrial espionage

How can you secure a computer incident or crime scene?

Investigators secure an incident or crime scene to preserve the evidence and to keep information about the incident or crime confidential. Information made public could jeopardize the investigation.

What does Autopsy use to validate an image

MD5

What is on an NTFS disk immediately after the Partition Boot Sector?

MFT

What is most often the focus of digital investigations in the private sector?

Misuse of digital assets

Which acronym refers to the file system that was introduced when Microsoft created Windows NT and that remains the main file system in Windows 10?

NTFS

What is a good resource for known OSs and applications?

National Software Resource Library (NSRL)

What type of evidence do courts consider evidence data in a computer to be?

Physical

When investigators find evidentiary items that aren't specified in a warrant or under probable cause, what type of doctrine applies?

Plainview Doctrine

Mobile device forensics

Preservation and analysis of cell phones, smart phones, and satellite navigation (GPS) systems

Computer forensics

Preservation and analysis of computers

Malware forensics

Preservation and analysis of malicious code such as viruses, worms, and Trojan horse programs

Network forensics

Preservation and analysis of traffic and logs from networks

What is the first rule of digital forensics and subsequent analysis of evidence?

Preserve the original evidence, and analyze a copy only

Without a warning banner, what right might employees assume they have when using a company's computer systems and network accesses?

Privacy

What standard is used to determine whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest?

Probable cause

What investigator characteristic, which includes ethics, morals, and standards of behavior, determines the investigator's credibility?

Professional conduct

The presence of police officers and other professionals who aren't part of the crime scene-processing team may result in the loss or corruption of data through which process?

Professional curiosity

Which type of format acquisition leaves the investigator unable to share an image between different vendors' computer forensics analysis tools?

Proprietary

Which RAID configuration, also called mirrored striping, is a combination of RAID 1 and RAID 0

RAID 10

At a minimum, what do most company policies require that employers have in order to initiate an investigation?

Reasonable suspicion that a law or policy is being violated.

Which of the following keeps a record of attached hardware, user preferences, network connections, and installed software?

Registry

If your time is limited, what type of acquisition data copy method should you consider?

Sparse

If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have an expectation of privacy.

True

The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.

True

Under what circumstances are digital records considered admissible?

business records

Of the following methods for acquiring data for forensic analysis, which of the following is NOT one of them?

data-to-data file

What command creates a raw format file that most computer forensics analysis tools can read?

dd

Which Linux command is used to create a forensic copy of an image?

dd

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

digital forensics

Specifies who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence.

line of Authority

Yields information about how attackers gain access to a network along with files they might have copied, examined, or tampered with.

network forensics

In addition to md5, which hashing algorithm utility is included with current distributions of Linux?

sha1


Ensembles d'études connexes

Chapter 9 - Lifespan Development

View Set

Chapter 57: Management of Patients with Burn Injury - ML3

View Set

Ch.45 Mgmnt of pts w/ oral esophageal disorders

View Set