Chapter 1 Flashcards

1
Q

Digital forensics and data recover refer to the same activities.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Police in the United States must use procedures that adhere to which of the following amendments?

A

Fourth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The triad of computing security includes which of the following?

A

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s the purpose of maintaining a network of digital forensics specialists?

A

To allow you the ability to cultivate professional relationships with people who specialize in technical area different from your own specialty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Policies can address rules for which of the following? When you can log on to a company network from home, the internet sites you can or can’t access, the amount of personal e-mail you can send

A

All

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List two items that should appear on a warning banner.

A

An organization has the right to monitor what end users do, and their e-mail is not personal and can be monitored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List two types of digital investigations typically conducted in a business environment.

A

Espionage, and e-mail harassment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is professional conduct, and why is it important?

A

It helps you remember what procedures were followed if the case ever goes to court. It can also be used as a reference if you need to remember how you solved a previous problem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s the purpose of an affidavit?

A

To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the necessary components of a search warrant?

A

The affidavit is a sworn statement of support of facts about or evidence of a crime which is submitted to a judge with the request for a search warrant before seizing evidence. This includes exhibits (evidence) that support the allegation to justify the warrant. The affidavit is then notarized under sworn oath to verify that the information in the affidavit is true. The affidavit, the warrant, and return of service are basically the order of the procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some ways to determine the resources needed for an investigation?

A

a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

List three items that should be on an evidence custody form

A

Case number, name of the investigator assigned to the case, nature of the case, location where evidence was obtained, description of the evidence and so on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Why should you do a standard risk assessment to prepare for an investigation?

A

It will help you prepare what materials and tools you will need in order to mitigate the risk of any failure to capture evidence. (To list problems that might happen when conducting your investigation.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

You should always prove the allegations made by the person who hired you. T or F?

A

F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

For digital evidence, an evidence bag is typically made of anti static material. True or False?

A

T

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Why should your evidence media be write-protected?

A

To ensure that data isn’t altered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

List three items that should be in your case report.

A

An explanation of basic computer and network processes, a narrative of what steps you took, a description of your findings, and log files generated from your analysis tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Why should you critique your case after it’s finished?

A

To improve your work

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What do you call a list of people who have had physical possession of the evidence?

A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Data collected before an attorney issues a memorandum for an attorney-client privilege case is protected under the confidential work product rule. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.

A

Triad of computing security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence. What is the term?

A

affidavit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.

A

some ways to determine the resources needed for an investigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

allegation

A

a charge made against someone or something before proof has been found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

a charge made against someone or something before proof has been found

A

allegation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

approved secure container is

A

A fireproof container locked by a key or combination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A fireproof container locked by a key or combination

A

approved secure container

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

attorney-client privilege (ACP)

A

Communication between an attorney and client about legal matters is protected as confidential communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Communication between an attorney and client about legal matters is protected as confidential communications

A

attorney-client privilege (ACP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

authorized requester

A

the person who has the right to request an investigation (Private-sector)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

the person who has the right to request an investigation (Private-sector)

A

authorized requester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

bit-stream copy

A

bit-by-bit duplicate of data on the original storage medium

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

bit-by-bit duplicate of data on the original storage medium

A

bit-stream copy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

bit-stream image

A

the file where the bit-stream copy is stored

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

the file where the bit-stream copy is stored

A

bit-stream image

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

chain of custody

A

the route evidence takes from the time the investigator obtains it until the case is closed or goes to court

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

the route evidence takes from the time the investigator obtains it until the case is closed or goes to court

A

chain of custody

39
Q

Computer Technology Investigators Network (CTIN)

A

nonprofit group based in Seattle, composed of law enforcement members, private corp security professionals, and other security professionals whose aim is to improve the quality of high technology investigations in the Pacific Northwest.

40
Q

nonprofit group based in Seattle, composed of law enforcement members, private corp security professionals, and other security professionals whose aim is to improve the quality of high technology investigations in the Pacific Northwest.

A

Computer Technology Investigators Network (CTIN)

41
Q

data recovery

A

retrieving files that were deleted accidentally or purposefully

42
Q

retrieving files that were deleted accidentally or purposefully

A

data recovery

43
Q

Digital Evidence First Responder (DEFR)

A

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

44
Q

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

A

Digital Evidence Firtst Responder (DEFR)

45
Q

Digital Evidence Specialist (DES)

A

An expert who analyzes digital evidence and determines whether additional specialists are needed.

46
Q

An expert who analyzes digital evidence and determines whether additional specialists are needed.

A

Digital Evidence Specialist (DES)

47
Q

Digital forensics

A

Applying investigative procedures for a legal purpose,

48
Q

Applying investigative procedures for a legal purpose

A

Digital forensics

49
Q

digital investigations

A

The process of conducting forensic analysis of system suspected of containing evidence related to an incident or a crime

50
Q

The process of conducting forensic analysis of system suspected of containing evidence related to an incident or a crime

A

digital investigations

51
Q

evidence custody form

A

A printed form indicating who has signed out and been in physical possession of evidence

52
Q

A printed form indicating who has signed out and been in physical possession of evidence

A

evidence custody form

53
Q

evidence bags

A

Nonstatic bags used to transport computer components and other digital devices

54
Q

Nonstatic bags used to transport computer components and other digital devices

A

evidence bags

55
Q

exculpatory evidence

A

Evidence that indicates the suspect is innocent of the crime

56
Q

Evidence that indicates the suspect is innocent of the crime

A

exculpatory evidence

57
Q

exhibits

A

evidence used in court to prove a case

58
Q

evidence used in court to prove a case

A

exhibits

59
Q

Fourth Amendment

A

Must have probable cause for search and seizure

60
Q

Must have probable cause for search and seizure

A

Fourth Amendment

61
Q

hostile work environment

A

environment where employees can’t perform their assigned duties because of the actions of others.

62
Q

environment where employees can’t perform their assigned duties because of the actions of others.

A

hostile work environment

63
Q

inculpatory evidence

A

Evidence that indicates a suspect is guilty of the crime with which he or she is charged

64
Q

Evidence that indicates a suspect is guilty of the crime with which he or she is charged

A

inculpatory evidence

65
Q

industrial espionage

A

Theft of company sensitive or proprietary company information often to sell to a competitor

66
Q

Theft of company sensitive or proprietary company information often to sell to a competitor

A

industrial espionage

67
Q

International Association of Computer Investigative Specialists (IACIS)

A

AN organization created to provide training and software for law enforcement in the digital forensics field

68
Q

AN organization created to provide training and software for law enforcement in the digital forensics field

A

International Association of Computer Investigative Specialists (IACIS)

69
Q

interrogation

A

The process of trying to get a suspect to confess to a specific incident or crime

70
Q

The process of trying to get a suspect to confess to a specific incident or crime

A

interrogation

71
Q

interview

A

A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation

72
Q

A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation

A

interview

73
Q

line of authority

A

The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take posession of evidence, and have access to evidence

74
Q

The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take posession of evidence, and have access to evidence

A

line of authority

75
Q

multi-evidence form

A

An evidence custody form used to list all items associated with a case

76
Q

An evidence custody form used to list all items associated with a case

A

multi-evidence form

77
Q

network intrusion detection and incident response

A

Detecting attacks from intruders by using automated tools

78
Q

Detecting attacks from intruders by using automated tools

A

network intrusion detection and incident response

79
Q

professional conduct

A

Behavior expected of an employee in the workplace or other professional setting

80
Q

Behavior expected of an employee in the workplace or other professional setting

A

professional conduct

81
Q

repeatable findings

A

Being able to obtain the same results every time from a digital forensics examination

82
Q

Being able to obtain the same results every time from a digital forensics examination

A

repeatable findings

83
Q

search and seizure

A

The legal act of acquiring evidence for an investigation

84
Q

The legal act of acquiring evidence for an investigation

A

search and seizure

85
Q

search warrants

A

Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime

86
Q

Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime

A

search warrants

87
Q

single-evidence form

A

A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.

88
Q

A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.

A

single-evidence form

89
Q

verdict

A

The decision returned by a jury

90
Q

The decision returned by a jury

A

verdict

91
Q

vulnerability/threat assessment and risk management is what?

A

The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.

92
Q

The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.

A

vulnerability/threat assessment and risk management

93
Q

warning banner

A

Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access

94
Q

Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access

A

warning banner