Forensics Ch 4

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Should you videotape or sketch anything at a digital crime scene that might be of interest to the investigation?

yes

Why are private-sector investigations typically easier than law enforcement investigations?

Most companies keep inventory databases of all hardware and software used

Two hashing algorithms commonly used for forensic purposes:

MD5 SHA-1

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

To minimize how much you need to keep track of

three rules for a forensic hash:

Can't be predicted No two files should have the same hash value A change in the files results in a completely different hash

If a suspect's computer is found in an area that might have toxic chemicals, you must do which of the following?

Coordinate with a HAZMAT team

T or F: Commingling evidence means that sensitive or confidential information is being mixed with data collected as evidence

true

T or F: If a company doesn't distribute a computing use policy stating an employer's right to inspect employees' computers freely, including e-mail and Web use, employees have an expectation of privacy.

true

T or F: In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause

true

Can computer peripherals or attachments contain DNA evidence?

yes

Does a collision occur when two different files have the same hash value?

yes

Techniques that can be used in covert surveillance:

Keylogging Data sniffing

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens?

You begin to take orders from a police detective without a warrant or subpoena

T or F: Small companies rarely need investigators

false

T or F: The plain view doctrine in computer searches is well-established law.

false

T or F: You should always answer questions from onlookers at a crime scene.

false

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

initial-response kit

Does an initial-response field kit contain evidence bags?

no


Set pelajaran terkait

Microbiology, Ch 30, Nester's 9th

View Set

Hoff Ch 28 Assessment of Cardiovascular Function

View Set

Algebra 1 Ch 7 Polynomial Equations and Factoring

View Set

Intro to Communication C464 Questions

View Set

Disability Income Insurance Ch. 4

View Set