3601 Chapter 2 Review
Large digital forensics labs should have at least ____ exits
2
Which organization has guidelines on how to operate a digital forensics lab?
ASCLD
A(n) ____ is a plan you can use to sell your services to your management or clients.
Business Case
A(n) ____ ensures that you can restore your workstations and investigation file servers to their original condition in the presence of a catastrophic failure.
Disaster Recovery
List two popular certification systems for digital forensics
EnCase, HTCN
A forensic workstation should always have a direct broadband connection to the Internet
False
Digital forensics facilities always have windows
False
Evidence storage containers should have several master keys
False
Which organization provides good information on safe storage containers?
NISPOM
What three items should you research before enlisting in a certification program?
Requirements, cost and acceptability in your chosen area of employment.
One way to investigate older and unusual computing systems is to keep track of ____ that still use these old systems.
Special Interest Groups
What term refers to labs constructed to shield EMR emissions?
TEMPEST
An employer can be held liable for e-mail harassment
True
The ASCLD mandates the procedures established for a digital forensics lab
True
The ____ identifies the number of hard disk types, such as IDE or SCSI, and the OS used to commit crimes.
Uniform Crime Report
To determine the types of operating systems needed in your lab, list two sources of information you could use
Uniform Crime Report statistics for your area and a list of cases handled in your area or at your company.
A(n) ____ is where you conduct investigations, store evidence, and do most of your forensics work.
digital forensics lab
To preserve the integrity of evidence, your lab should function as an evidence locker or safe, making it a(n) ____ or a secure storage safe.
secure facility
Why is physical security so critical for digital forensics labs?
to maintain the chain of custody and prevent data from being lost, corrupted, or stolen