Chapter 4 Review Questions

Ace your homework & exams now with Quizwiz!

If a suspect computer is running Windows 7, which of the following can you perform safely?

Browsing open applications

Corporate investigations are typically easier than law enforcement investigations for which of the following reasons?

The investigator doesn't have to get a warrant

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Initial-response field kit.

What are the three rules for a forensic hash?

It can't be predicted, no two files can have the same hash value, and if the file changes, the hash value changes.

List two hashing algorithms commonly used for forensic purposes.

MD5 and SHA1

Commingling evidence means what in a corporate setting?

Sensitive corporate information being mixed with data collected as evidence.

List three items that should be in an initial-response field kit.

Small computer tool kit, large capacity drive, IDE ribbon cables, Forensic boot media, laptop or portable computer.

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

To minimize how much you have to keep track of at the scene.

Computer peripherals or attachments can contain DNA evidence. True or False?

True

If a company doesn't distribute a computing use policy stating an employer's rights to inspect employee's computers freely, including e-mail and web use, employees have an expectation of privacy. True or False?

True

If you discover a criminal act, such as murder or child pornography, while investigating a corporate policy abuse, the case becomes a criminal investigation and should be referred to law enforcement. True or False?

True

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will,a corporate investigator can conduct covert surveillance on an employee with little cause. True or False?

True

As a corporate investigator, you can become an agent of law enforcement when which of the following happens

You begin to take orders from a police detective without a warrant or subpoena

Which of the following techniques might be used in cover surveillance?

keylogging and data sniffing

In forensic hashes, a collision occurs when ____

two files have the same hash value.

You should always answer questions from onlookers at a crime scene. True or False?

False

Describe what should be videotaped or sketched at a computer crime scene

Computers, cables; anything that may be potentially be of interest to the investigation

If a suspect computer is found in an area that might have toxic chemicals, you must do which of the following?

Coordinate with the HAZMAT team

Small companies rarely need investigators. True or False?

False

The plain view doctrine in computer searches is well-established law. True or False?

False


Related study sets

Accounting 202 - Exam 2: Ch. 17 Info

View Set

Praxis II (5001) Flashcard Study System - Mathematics

View Set

Mastering A & P Chapter 17 Assignment 10

View Set

Topic 18 - Organic Chemistry: Arenes

View Set

C839 - Intro to Cryptography - Pre-Assessment & Vocabulary

View Set

Econ 120 Chapter 8 Homework Examples

View Set

MGT 370: Chapter 07 Assignment: Designing Adaptive Organizations

View Set

MGMT 3600 EXAM 2 chapters 4,5,&6.

View Set