Computer Forensics Review Questions
What do you call a list of people who have had physical possession of the evidence?
Chain of custody
List two types of digital investigations conducted in a business
Embezzlement and fraud
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True or false?
False
Under normal circumstance, a private-sector investigator is considered an agent of law enforcement. True or False?
False
You should always prove the allegations made by the person who hired you. True or False?
False
Digital forensics and data recovery refer to the same activities. True or False?
False, digital forensics is analyzing and documenting data found on a computer in order to aid a criminal investigation
What are the necessary components of a search warrant?
Probable cause, what you're searching for, who is involved, when the search is taking place and where the evidence will be
List two items that should appear on warning banner
The computer may be subjected to surveillance and the fine that comes with breaking the law
Why should you critique your case after it's finished?
To improve your work and fix your mistakes
For digital evidence, an evidence bag is typically made out of antistatic material. True or False?
True
What are some ways to determine the resources needed for an investigation?
Determine the operating system of the suspect computer and list the necessary software to use for the examination
List three items that should be on an evidence custody form
Name of the investigator, case number and description of the evidence
What is the purpose of maintaining a network of digital forensics specialists?
To develop a list of colleagues who specialize in areas different from your own specialization in case help is needed in an investigation
Why should evidence media be write-protected?
To ensure that data isn't altered in any way - you can use a right blocker to prevent any changes
What is the purpose of an affidavit
To justify issuing a warrant
Professional conduct. Why is it important?
To make sure everyone is comfortable and acting professionally
Why should you do a standard risk assessment to prepare for an investigation?
To make sure you don't accidentally lose the data/evidence
The triad of computing security involves which of the following?
Vulnerability/threat assessment and risk management, network intrusion detecting and incident response, and digital investigation
List three items that should be in your case report
What you found, where you found it, and how you found it
What are some the rules that policies can address?
When you can log on to a company network from home, the internet sites you can or can't access, and the amount of personal email you can send
Police in the United States must use procedures that adhere to...
the fourth amendment
