Computer System Forensics Quiz: Module 01 Understanding the Digital Forensics Profession and Investigations
When collecting computer components as evidence, you should place them in antistatic bags. True or False? a. True b. False
a. True >Computer components collected as evidence should be placed in antistatic bags to protect computer components from electrostatic discharge (ESD), which can harm them and the data stored on them.
Digital forensics and data recovery refer to the same activities. True or False? a. True b. False
a. True >In data recovery, you typically know what you're looking for. Digital forensics is the task of recovering data that users have hidden or deleted, with the goal of ensuring that the recovered data is valid so it can be used as evidence
A warning banner should contain information about ____________. a. who can use the site b. who owns the computer c. the content of websites d. consequences of misuse
a. who can use the site >Warning banners are used by organizations to avoid litigation by end users of a computing asset by reminding the end user who can use the site and who owns the computing resources and noting possible consequences for violating the acceptable use policies.
What term do you use to refer to all the people who have had physical possession of the evidence? a. Professional investigators b. Chain of custody c. Legal custody d. Physical tracking
b. Chain of custody >Chain of custody is the route evidence takes from the time the investigator obtains it until the case is closed or goes to court. A document showing the chain of custody lists everyone who has had physical possession of the evidence.
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True or False? a. True b. False
b. False >For data to be protected by the work product rule, it must be labeled as confidential work product. Data without this label is not protected by work product and hence not legally confidential. It is therefore subject to discovery by opposing counsel.
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True or False? a. True b. False
b. False >Only after a private-sector investigator turns over evidence to law enforcement does a private-sector investigator becomes an agent of law enforcement. Prior to this, the private-sector investigator role is to minimize risk for the organization.
Criminal proceedings in the United States must use procedures that adhere to which of the following? a. Third Amendment b. Fourth Amendment c. First Amendment d. None of these choices
b. Fourth Amendment >The Fourth Amendment to the U.S. Constitution (and similar amendments to individual state's constitutions) protects a person's right to be secure in their person, residence, and property against unreasonable search and seizure.
The triad of computing security includes which of the following? a. Detection, response, and monitoring b. Vulnerability assessment, detection, and monitoring c. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation d. Vulnerability assessment, intrusion response, and monitoring
c. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation >All three groups work together to conduct digital technology investigations.
Policies can address rules for which of the following? a. When you can log on to a company network from home b. The Internet sites you can or can't access c. The amount of personal email you can send d. All of these choices
d. All of these choices >Policies can address rules for acceptable use of a variety of company resources, including the company network and email. Such policies can make internal investigations go more smoothly, as these policies define what is acceptable and unacceptable usage or behavior with respect to corporate resources.
