Guide To Computer Forensics and Investigations 5th Ed Chapter 1 Review Questions
List three items that should be on an evidence custody form.
Description, who handled the item(evidence), case number
What is professional conduct, and why is it important?
Ethics and morals Being a professional, it is necessary for the person to maintain his/her ethical behavior and to have good professional conduct.
What do you call a list of people who have had physical possession of the evidence?
Evidence custody form
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule.True or false
False
Digital forensics and data recovery refer to the same activities.True or false
False
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.True or false
False
You should always prove the allegations=إثبات الادعاءات made by the person who hired you?. True or False?
False
Police in the United States must use procedures that adhere to which of the following?
Fourth Amendment
List two types of digital investigations typically conducted in a business environment.
Fraud and insider trading
What's the purpose of maintaining a network of digital forensics specialists?
Not everyone knows everything
What are some ways to determine the resources needed for an investigation?
Operating System
Why should you do a standard risk assessment to prepare for an investigation?
Prevent problems
Why should you critique your case after it's finished?
Self-evaluation and peer review are essential parts of professional growth. After you complete a case, review it to identify successful decisions and actions and determine how you could have improved your performance.
What's the purpose of an affidavit? affidavit=إفادة خطية
Support of facts
What are the necessary components of a search warrant?
Swore statement,بيان اليمين الدستورية verified_user crime statement, judge needs to sign document
Why should evidence media be write-protected?
To make sure it's not altered or deleted
For digital evidence, an evidence bag is typically made of antistatic material.True or false
True
The triad of computing security includes which of the following?
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation
List two items that should appear on a warning banner.
Warning! Unauthorized Access will be prosecuted!!
List three items that should be in your case report.
What was done, what was found, and what actions were taken during the investigation.
Policies can address rules for which of the following?
a. When you can log on to a company network from home b. The Internet sites you can or can't access c. The amount of personal e-mail you can send d. Any of the above Answer D