Digital Forensics: Chapter 1-3
A forensic workstation should always have a direct broadband connection to the Internet. True False
False
What do you call a list of people who have had physical possession of the evidence? A) Chain of custody B) Evidence log C)Affidavit D) Evidence record
A) Chain of custody
Which organization provides good information on safe storage containers? A) NISPOM B) ASQ C) TEMPEST D) ASCLD
A) NISPOM
Police in the United States must use procedures that adhere to which of the following? A) Third Amendment B) Fourth Amendment C) First Amendment D) None of the above
B) Fourth Amendment
To determine the types of operating systems needed in your lab, list two sources of information you could use. A) ANAB and IACIS B) EnCE and ACE C) Uniform Crime Report statistics and a list of cases handled in your area D) Local police reports and ISFCE reports
C) Uniform Crime Report statistics and a list of cases handled in your area
The manager of a digital forensics lab is responsible for which of the following? A) Making necessary changes in lab procedures and software B) Ensuring that staff members have enough training to do the job C) Knowing the lab objectives D) All of the above
D) All of the above
Policies can address rules for which of the following? A) When you can log on to a company network from home B) The amount of personal e-mail you can send C) The Internet sites you can or can't access D) Any of the above
D) Any of the above
List three items that should be on an evidence custody form. A) Name of the investigator, affidavit and name of the judge assigned to the case B) Description of the evidence, location of the evidence and search warrant C)Affidavit, search warrant, and description of the evidence D) Case number, name of the investigator and nature of the case
D) Case number, name of the investigator and nature of the case
Why should evidence media be write-protected? A) To make image files smaller in size B) To speed up the imaging process C) To comply with Industry standards D) To make sure data isn't altered
D) To make sure data isn't altered
Why is physical security so critical for digital forensics labs? A) To ensure continuous funding B) To make sure unwanted data isn't retained on the drive C)To protect trade secrets D) To prevent data from being lost, corrupted, or stolen
D) To prevent data from being lost, corrupted, or stolen
What's the purpose of an affidavit? A) To list problems that might happen when conducting an investigation B) To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth C) To determine the OS of the suspect computer and list the software needed for the examination D) To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
D) To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
A warning banner should never state that the organization has the right to monitor what users do. True False
False
ASQ and ANAB are two popular certification programs for digital forensics. True False
False
Large digital forensics labs should have at least ________ exits. A) 4 B) 7 C) 2 D) 5
C) 2
Before enlisting in a certification program, thoroughly research the requirements, ________, and acceptability in your area of employment. A) Location B) Number of students C) Business hours D) Cost
D) Cost
An employer can be held liable for e-mail harassment. True False
True
Embezzlement is a type of digital investigation typically conducted in a business environment. True False
True
For digital evidence, an evidence bag is typically made of antistatic material. True False
True
One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. True False
True
The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. True False
True
Your business plan should include physical security items. True False
True
Why should you do a standard risk assessment to prepare for an investigation? A) To discuss the case with the opposing counsel B) To list problems that might happen when conducting an investigation C) To obtain an affidavit D) To obtain a search warrant
B) To list problems that might happen when conducting an investigation
Which organization has guidelines on how to operate a digital forensics lab? A) TEMPEST B) SCADA C) ANAB D) NISPOM
C) ANAB
What is one of the necessary components of a search warrant? A) Standards of behavior B) Professional codes C) Signature of an impartial judicial officer D) Professional ethics
C) Signature of an impartial judicial officer
Why should you critique your case after it's finished? A) To maintain chain of custody B) To maintain a professional conduct C) To improve your work D) To list problems that might happen when conducting an investigation
C) To improve your work
Digital forensics facilities always have windows. True False
False
Why is professional conduct important? A) It saves a company from using warning banners B) It includes ethics, morals, and standards of behavior C) It helps with an investigation D) All of the above
B) It includes ethics, morals, and standards of behavior
What term refers to labs constructed to shield EMR emissions? A) ASQ B) TEMPEST C) NISPOM D) SCADA
B) TEMPEST
The triad of computing security includes which of the following? A) Vulnerability assessment, detection, and monitoring B) Vulnerability assessment, intrusion response, and monitoring C) Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation D) Detection, response, and monitoring
C) Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation
Building a business case can involve which of the following? A) Procedures for gathering evidence B) Testing software C) Protecting trade secrets D) All of the above
D) All of the above
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. True False
False
Digital forensics and data recovery refer to the same activities. True False
False
Evidence storage containers should have several master keys. True False
False
If a visitor to your digital forensics lab is a personal friend, it's not necessary to have him or her sign the visitor's log. True False
False
The ANAB mandates the procedures established for a digital forensics lab. True False
False
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. True False
False
You should always prove the allegations made by the person who hired you. True False
False
You shouldn't include a narrative of what steps you took in your case report True False
False
Typically, a(n) ________ lab has a separate storage area or room for evidence. A) State B) Research C) Federal D) Regional
D) Regional
