3601 Chapter 4 review
____ records are data the system maintains, such as system log files and proxy server logs.
computer-generated
____ can be any information stored or transmitted in digital form.
digital evidence
Most federal courts have interpreted computer records as ____ evidence.
physical
Evidence is commonly lost or corrupted through ____, which involves police officers and other professionals who aren't part of the crime scene processing team.
professional curiosity
In forensic hashes, a collision occurs when ___
two files have the same hash value
Describe what should be sketched or videotaped at a digital crime scene
Computers, cables; anything that may be potentially be of interest to the investigation
The plain view doctrine in computer searches is well-established law
False
You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?
Initial-response field kit.
What are the three rules for a forensic hash?
It can't be predicted, no two files can have the same hash value, and if the file changes, the hash value changes.
What techniques may be used in covert surveillance?
Keylogging and data sniffing
List two hashing algorithms commonly used for forensic hashes
MD5 and SHA1
A(n) ____ is a unique hash number generated by a software tool, such as the Linux md5sum command.
Non-keyed hash set
____ is facts or circumstances that lead a reasonable person to believe a crime has been committed or is about to be committed.
Probable cause
Commingling evidence means what in a corporate setting?
Sensitive corporate information being mixed with data collected as evidence.
Corporate investigations are typically easier than law enforcement investigations for which of the following reasons
The investigator doesn't have to get a warrant
When you arrive at the scene, why should you extract only those items you need to acquire evidence?
To minimize how much you have to keep track of at the scene.
Computer peripherals or attachments can contain DNA evidence
True
As a corporate investigator, you can become an agent of law enforcement when what kind of event occurs?
You begin to take orders from a police detective without a warrant or subpoena.
