Module 1 Quiz
What do you call a list of people who have had physical possession of the evidence? a. Evidence log b. Chain of custody c. Affidavit d. Evidence record
Chain of custody
Data collected before an attorney issues a memo for an attorney-client privilege case is protected under the confidential work product rule. a. True b. False
False
Digital forensics and data recovery refer to the same activities. a. True b. False
False
Under normal circumstances, a private-sector investigator is considered an agent of law enforcement. a. True b. False
False
You should always prove the allegations made by the person who hired you. a. True b. False
False
You shouldn't include a narrative of what steps you took in your case report a. True b. False
False
Police in the United States must use procedures that adhere to which of the following? a. Third Amendment b. Fourth Amendment c. First Amendment d. None of the above
Fourth Amendment
What Amendment to the U.S. Constitution provides protection against unlawful searches and seizures?
Fourth Amendment
What is the first rule of digital forensics and subsequent analysis of evidence?
Preserve the original evidence, and analyse a copy only
Why should evidence media be write-protected?
To make sure data isn't altered
What's the purpose of an affidavit? a. To determine the OS of the suspect computer and list the software needed for the examination b. To specify who, what, when, and where—that is, specifics on place, time, items being searched for, and so forth c. To list problems that might happen when conducting an investigation d. To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
To provide facts in support of evidence of a crime to submit to a judge when requesting a search warrant
Embezzlement is a type of digital investigation typically conducted in a business environment. a. True b. False
True
For digital evidence, an evidence bag is typically made of antistatic material. a. True b. False
True
One way to determine the resources needed for an investigation is based on the OS of the suspect computer, list the software needed for the examination. a. True b. False
True
The purpose of maintaining a network of digital forensics specialists is to develop a list of colleagues who specialize in areas different from your own specialties in case you need help on an investigation. a. True b. False
True
Policies can address rules for which of the following? a. When you can log on to a company network from home b. The amount of personal e-mail you can send c. The Internet sites you can or can't access d. Any of the above
Any of the above
What type of forensic copy should be conducted on the original media?
Bit-stream
List three items that should be on an evidence custody form. a. Description of the evidence, location of the evidence and search warrant b. Affidavit, search warrant, and description of the evidence c. Case number, name of the investigator and nature of the case d. Name of the investigator, affidavit and name of the judge assigned to the case
Case number, name of the investigator and nature of the case
What is the term for tracking evidence in an investigation?
Chain of custody
Of the following choices, which would permanently remove data from media so that it is unrecoverable?
Data is accessible until it is overwritten by other content to the same physical location
A warning banner should never state that the organization has the right to monitor what users do. a. True b. False
False
Why is professional conduct important? a. It saves a company from using warning banners b. It helps with an investigation c. It includes ethics, morals, and standards of behavior d. All of the above
It includes ethics, morals, and standards of behavior
What is one of the necessary components of a search warrant? a. Signature of an impartial judicial officer b. Standards of behavior c. Professional ethics d. Professional codes
Signature of an impartial judicial officer
Why should you critique your case after it's finished? a. To maintain a professional conduct b. To maintain chain of custody c. To improve your work d. To list problems that might happen when conducting an investigation
To improve your work
Why should you do a standard risk assessment to prepare for an investigation? a. To obtain a search warrant b. To obtain an affidavit c. To discuss the case with the opposing counsel d. To list problems that might happen when conducting an investigation
To list problems that might happen when conducting an investigation
The triad of computing security includes which of the following? a. Vulnerability assessment, detection, and monitoring b. Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation c. Vulnerability assessment, intrusion response, and monitoring d. Detection, response, and monitoring
Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation