Cybercrime and Digital Evidence Midterm
Chapt. 3 In Linux most system configuration files are stored in the ____ directory. A) /etc B) /home C) /dev D) /var
A) /etc
Chapt. 4 Digital forensics tools are divided into ____ major categories. A) 2 B) 3 C) 4 D) 5
A) 2
Chapt. 4 ____ images store graphics information as grids of pixels. A) Bitmap B) Raster C) Vector D) Metafiles
A) Bitmap
Chapt. 1 By the early 1990s, the ____ introduced training on software for forensics investigations. A) IACIS (International Association of Computer Investigative Specialists) B) FLETC (Federal Law Enforcement Training Center) C) CERT (Community Emergency Response Team) D) DDBIA (?)
A) IACIS (International Association of Computer Investigative Specialists)
Chapt. 2 In ____, two or more disk drives become one large volume, so the computer views the disks as a single disk A) RAID 0 B) RAID 1 C) RAID 5 D) RAID 6
A) RAID 0
Chapt. 4 Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0 and 3.0, SATA, PATA, and SCSI controllers. A) USB B) IDE C) LCD D) PCMCIA
A) USB
Chapt. 1 In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. A) authorized requester B) authority of line C) line of right D) authority of right
A) authorized requester
Chapt. 1 The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. A) notarized B) examined C) recorded D) challenged
A) notarized
Chapt. 1 A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. A) warning banner B) right of privacy C) line of authority D) right banner
A) warning banner
Chapt. 4 ____ involves sorting and searching through investigation findings to separate good data and suspicious data. A) Validation B) Filtering C) Acquisition D) Reconstruction
B) Filtering
Chapt. 4 ____ disks are commonly used with Sun Solaris systems A) F.R.E.D. (Federal Reserve Economic Data) B) SPARC (Scalable Processor Architecture) C) FIRE IDE (Mac IDE) D) DiskSpy ( A software that can view every sector of any installed hard disk drive.)
B) SPARC
Chapt. 2 During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older ____ or MS-DOS system. A) Linux B) Windows C) Android D) MacOS
B) WIndows
Chapt. 1 Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. A) litigation B) allegation C) blotter D) prosecution
B) allegation
Chapt. 3 On Mac OSs, the ____ stores any file information not in the MDB or Volume Control Block (VCB) A) volume information block B) extents overflow file C) catalog D) master directory block
B) extents
Chapt. 3 In a files's inode, the first 10 pointers are called ____ pointers A) direct B) indirect C) double D) triple
B) indirect
Chapt. 1 Most digital investigations in the private sector involve ____ A) e-mail abuse B) misuse of digital assets C) internet abuse D) VPN abuse
B) misuse of digital assets
Chapt. 1 Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses A) line of authority B) right of privacy C) line of privacy D) line of right
B) right of privacy
Chapt. 2 The FOIA was originally enacted in the ____ A) 1940s B) 1950s C) 1960s D) 1970s
C) 1960s
Chapt. 2 ____, or mirrored striping with parity, is a combination of RAID 1 and RAID 5 A) RAID 0 B) RAID 10 C) RAID 15 D) RAID 16
C) RAID 15
Chapt. 1 It's the investigator's responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant A) litigation B) prosecution C) exhibits D) reports
C) exhibits
Chapt. 3 In Linux, most applications and commands are in the ____ directory or its subdirectories bin and sbin. A) /home B) /var C) /etc D) /usr
D) /usr
Chapt. 3 The early standard Linux file system was ____ A) NTFS (New Technology File System) B) Ext3 (Third Extended Filesystem) C) HFS+ (Hierarchical File System Extended) D) Ext2 (Second Extended File System)
D) Ext2
Chapt. 4 The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes A) EPS B) BMP C) GIF D) JPEG
D) JPEG
Chapt. 2 ____, or mirrored striping, is a combination of RAID 1 and RAID 0 A) RAID 0 B) RAID 6 C) RAID 5 D) RAID 10
D) RAID 10
Chapt. 1 Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility. A) professional policy B) oath C) line of authority D) professional conduct
D) professional conduct
Chapt. 2 Every business or organization must have a well-defined process describing when an investigation can be initiated. At a minimum, most company policies require that employers have a ____ that a law or policy is being violated A) confirmed suspicion B) proof C) court order stating D) reasonable suspicion
D) reasonable suspicion
Chapt. 3 In macOS, when you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls A) application B) system C) data D) resource
D) resources
Chapt. 2 Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example A) live B) online C) real-time D) static
D) static
Chapt. 3 In macOS volume fragmentation is kept to a minimum by removing clumps from larger files. True or False
False
Chapt. 4 All TIF files start at position zero (offset 0 is the first byte of a file) with hexadecimal 49 49 3B. True of False
False
Chapt. 1 After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant. True or False
True
Chapt. 2 Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized True or False
True
Chapt. 2 The most common computer-related crime is check fraud. True or False
True
Chapt. 2 The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location. True or False
True
Chapt. 3 All disks have more storage capacity than the manufacturer states True or False
True
Chapt. 3 Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories True or False
True
Chapt. 3 If a file contains information, it always occupies at least one allocation block True or False
True
Chapt. 4 Although a disk editor gives you the most flexibility in testing, it might not be capable of examining a compressed file's contents. True or False
True
Chapt. 4 Computers used several OSs before Windows and MS-DOS dominated the market. True or False
True
Chapt. 4 Under copyright laws, maps and architectural plans may be registered as pictorial, graphic, and sculptural works. True or False
True
Chapt. 1 Discussion Question: Your Department has given you a fairly tight budget to purchase forensic software and training. You and another computer forensic examiner are at a conference looking through booths at the expo and demonstration center. What software would you ultimately purchase and why? Would you purchase a training package? Why or why not?
look at other peoples posts and your own replies. just make sure to review it!
Chapt. 2 Discussion Question: You are the Chief Information Security Officer (CISO) for a smaller corporation of fewer than 150 employees across three states that handles billing and invoicing for a very large health provider. It has been brought to your attention that personal information about patients to include dates of birth, social security numbers, credit card information and health data is being sold on the Dark Web. This information could only have been stolen from your database servers. Discuss a plan to respond to the incident.
look at other peoples posts and your own replies. just make sure to review it!
Chapt. 3 Discussion Question: You are examining the computer of an individual who has gone to great lengths to delete and obfuscate important data. You noticed that the individual overlooked modifying or cleaning up the registry. Why is this important and what artifacts are you likely to find by examining the registry of a Windows computer? What tools would you use and why?
look at other peoples posts and your own replies. just make sure to review it!
Chapt. 4 Discussion Question Discuss the advantages and disadvantages of using ISO standards for testing and validation purposes. In what situations would they be used? What is their relation to cybercrime and digital forensics? The discussion should be oriented but not limited to ISO standards. Any other standard definition can be used.
look at other peoples posts and your own replies. just make sure to review it!