Computer Crime and Forensics

Example of not a raster graphic extension

.eps

_____ is used to get the MAC address from an IP address and is primarily used on a LAN

ARP

.apk is associated with which OS

Android

The equipment found at a cell site that facilitates the communication of a cell phone user across a cellular network, best described as a

Base transceiver station

Says other evidence (copies/altered versions) is not admissible if the original exists. However, with digital evidence exceptions may be made since there may be copies made with further evidence revealed on them by forensic examiners.

Best evidence rule

What is composed of 8 bits and is the smallest addressable unit in memory?

Byte

Unique number that is created when a new file is created on a Mac

Catalog ID

Technology that enables user equipment to communicate with one another with or without a network

D2D

Primary function of assigning unique IP addresses to client hosts

DHCP server

the _____________ is an encrypted network that utilizes the public internet and is purposely hidden using peer-to-peer (P2P) network

Dark web

Used to create a bit-for-bit copy of a hard drive, an exact copy, can be used as a backup, bootable, significantly fast

Disk clone

Used to create a bit-for-bit copy of a hard drive, collection of files and folders with bit-for-bit copies, not an exact copy, cannot be used as a backup and not bootable

Disk image

Three primary image file formats

E01, AD1, dd

The metadata associated with digital pictures

Exchangeable Image File Format

A(n) ____________ can create an investigative report or review the findings of an investigative report and then interpret those findings based on specialized education, training, and knowledge

Expert witness

Completing a chain of custody form for a computer is no more complex than completing one for a knife or a gun (T/F)

F

The Cop App, available from www.technet.net, provides in-depth information about an iPhone or iPad, including CPU usage, battery, memory, network connections, and router tables (T/F)

F

The FBI is the world's largest international police organization (T/F)

F

The USA PATRIOT Act contains a set of rules that determine the admissibility of evidence in both civil and criminal cases in federal court

F

When a file on a personal computer is deleted, it is physically erased from the volume (disk) but now becomes available space (T/F)

F

When reading from a CD-R disk, you should use a write-blocker to handle it in a forensically sound manner (T/F)

F

The software or hardware mechanism used to inspect data packets on a network and determine, based on a set of rules, whether each packet should be allowed through

Firewall

Which amendment of the constitution has the purpose of protecting individuals against unlawful search and seizure?

Fourth

_____________ is a metaphorical expression to describe evidence that was initially acquired illegally, meaning that all evidence subsequently gathered at every point from that initial search is inadmissible in court

Fruit of the poisonous tree

________ is a powerful set of UNIX expressions used for pattern matching

GREP

International standard for signal communications (using TDMA and FDD communication methods)

GSM

What is the memory-management process that removes unused files on a solid state drive to make memory available?

Garbage collection

______ drives are the hard disk drives that act as receptacles for evidence acquired from the suspect's hard drive

Harvest

Which state, besides Arizona, does not observe daylight saving time (DST)?

Hawaii

Organization responsible for the allocation of IP addresses globally

IANA

standard for which FireWire is based

IEEE 1394

The role of the ________ is to determine the facts of a case and render a verdict

Jury

Layer of the OSI model that defines the wires of electrical impulses that flow through involved in internet communication

Physical

A request to a service provider to retain the records relating to a suspect and it is valid for 90 days before it may be extended

Preservation order

Enables a NIC to listen to communications broadcast on a network, regardless of the intended recipient

Promiscuous mode

_______ is often referred to as short-term memory or volatile memory because its contents largely disappear when the computer is powered down

Random Access Memory (RAM)

Windows feature that allows the user to extend virtual memory by using a removable flash device

ReadyBoost

The Windows ________ is a hierarchical database that stores system configuration information. It maintains files used to control the operating system's hardware and software and keeps track of the system's users

Registry

What kind of card is contained in cellular telephones that operates on the Global System for Mobile Communications (GSM) network?

SIM

a ________ cookie is used by online banks and merchants to prevent man-in-the-middle attacks

Session

What is a device used to illegally capture the data stored on the magnetic stripe of an ATM card, credit card, or debit card?

Skimmer

A _____________ handoff is when a cellular communication is conditionally handed off from one base station to another and the mobile equipment is simultaneously communicating with multiple base transceiver stations

Soft

Virtual file for macOS that grows as more files are added

Sparse Image

A feature in macOS that finds files, folders, and applications as soon as the user starts typing in the search bar

Spotlight

What is a free online service that enables a user to contact a cell phone number to hear who answers the telephone without identifying the number of the caller?

Spy Dialer

ASCLD/LAB can certify labs for federal, state, and local agencies, as well as some crime labs based outside of the US (T/F)

T

Boot Camp is a utility that is included with macOS that enables a user to run Windows OS on an Intel-based Mac (T/F)

T

Computer forensics is the retrieval, analysis, and use of digital evidence in a civil or criminal investigation (T/F)

T

Tor is a free open source software and an open network that enables a user to surf the internet with anonymity (T/F)

T

A(n) ____________ investigation is the process used to acquire information without the individual or suspect knowing the true identity of the investigator

Undercover

What term refers to the questioning process used in the jury selection process?

Voir dire

Certain open source tools are available to image a hard drive, but sometimes forensics investigators will choose to use a licensed product, such as BlackLight. Which is the most likely reason? a. To take advantage of the comprehensive reporting feature that comes with it b. To obtain volume licensing pricing c. Open source products' evidence won't stand up in court d. Their interface looks more user-friendly and easier to use

a.

___________ is the process of running a small piece of code to activate other parts of the OS during the boot process

bootstrapping

A ___________ is a uniform-type identifier, uniquely identifying an app

bundle ID

Unauthorized use of a computing device to mine a cryptocurrency is referred to as

cryptojacking

Which of the following best describes the information contained in MFT? a. File and folder metadata b. File compression and encryption c. File permissions d. All of the above

d.

A ___________ cookie is also referred to as a local shared object (LSO) which stores data on a user's system and is pushed out by websites running Adobe Flash

flash

The smallest element of a raster image, a dot or square

pixel

A computer that relays a request for a client to a server computer is a

proxy server

__________ is a cleanup feature associated with SQLite databases that will permanently erase deleted records or tables

vacuuming