Chapter 1

Question 1

Digital forensics and data recover refer to the same activities.

Answer 1

False

Question 2

Police in the United States must use procedures that adhere to which of the following amendments?

Answer 2

Fourth

Question 3

The triad of computing security includes which of the following?

Answer 3

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.

Question 4

What’s the purpose of maintaining a network of digital forensics specialists?

Answer 4

To allow you the ability to cultivate professional relationships with people who specialize in technical area different from your own specialty

Question 5

Policies can address rules for which of the following? When you can log on to a company network from home, the internet sites you can or can’t access, the amount of personal e-mail you can send

Answer 5

All

Question 6

List two items that should appear on a warning banner.

Answer 6

An organization has the right to monitor what end users do, and their e-mail is not personal and can be monitored

Question 7

Under normal circumstances, a private-sector investigator is considered an agent of law enforcement.

Answer 7

False

Question 8

List two types of digital investigations typically conducted in a business environment.

Answer 8

Espionage, and e-mail harassment

Question 9

What is professional conduct, and why is it important?

Answer 9

It helps you remember what procedures were followed if the case ever goes to court. It can also be used as a reference if you need to remember how you solved a previous problem

Question 10

What’s the purpose of an affidavit?

Answer 10

To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence

Question 11

What are the necessary components of a search warrant?

Answer 11

The affidavit is a sworn statement of support of facts about or evidence of a crime which is submitted to a judge with the request for a search warrant before seizing evidence. This includes exhibits (evidence) that support the allegation to justify the warrant. The affidavit is then notarized under sworn oath to verify that the information in the affidavit is true. The affidavit, the warrant, and return of service are basically the order of the procedure

Question 12

What are some ways to determine the resources needed for an investigation?

Answer 12

a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.

Question 13

List three items that should be on an evidence custody form

Answer 13

Case number, name of the investigator assigned to the case, nature of the case, location where evidence was obtained, description of the evidence and so on.

Question 14

Why should you do a standard risk assessment to prepare for an investigation?

Answer 14

It will help you prepare what materials and tools you will need in order to mitigate the risk of any failure to capture evidence. (To list problems that might happen when conducting your investigation.)

Question 15

You should always prove the allegations made by the person who hired you. T or F?

Answer 15

F

Question 16

For digital evidence, an evidence bag is typically made of anti static material. True or False?

Answer 16

T

Question 17

Why should your evidence media be write-protected?

Answer 17

To ensure that data isn’t altered.

Question 18

List three items that should be in your case report.

Answer 18

An explanation of basic computer and network processes, a narrative of what steps you took, a description of your findings, and log files generated from your analysis tools.

Question 19

Why should you critique your case after it’s finished?

Answer 19

To improve your work

Question 20

What do you call a list of people who have had physical possession of the evidence?

Answer 20

Chain of custody

Question 21

Data collected before an attorney issues a memorandum for an attorney-client privilege case is protected under the confidential work product rule. True or False?

Answer 21

True

Question 22

Vulnerability/threat assessment and risk management, network intrusion detection and incident response, and digital investigation.

Answer 22

Triad of computing security

Question 23

To provide a sworn statement of support of facts about evidence of a crime this is submitted to a judge with the request for a search warrant before seizing evidence. What is the term?

Answer 23

affidavit

Question 24

a. Determine the OS of the suspect computer. b. List the necessary software to use for the examination.

Answer 24

some ways to determine the resources needed for an investigation

Question 25

allegation

Answer 25

a charge made against someone or something before proof has been found

Question 26

a charge made against someone or something before proof has been found

Answer 26

allegation

Question 27

approved secure container is

Answer 27

A fireproof container locked by a key or combination

Question 28

A fireproof container locked by a key or combination

Answer 28

approved secure container

Question 29

attorney-client privilege (ACP)

Answer 29

Communication between an attorney and client about legal matters is protected as confidential communications

Question 30

Communication between an attorney and client about legal matters is protected as confidential communications

Answer 30

attorney-client privilege (ACP)

Question 31

authorized requester

Answer 31

the person who has the right to request an investigation (Private-sector)

Question 32

the person who has the right to request an investigation (Private-sector)

Answer 32

authorized requester

Question 33

bit-stream copy

Answer 33

bit-by-bit duplicate of data on the original storage medium

Question 34

bit-by-bit duplicate of data on the original storage medium

Answer 34

bit-stream copy

Question 35

bit-stream image

Answer 35

the file where the bit-stream copy is stored

Question 36

the file where the bit-stream copy is stored

Answer 36

bit-stream image

Question 37

chain of custody

Answer 37

the route evidence takes from the time the investigator obtains it until the case is closed or goes to court

Question 38

the route evidence takes from the time the investigator obtains it until the case is closed or goes to court

Answer 38

chain of custody

Question 39

Computer Technology Investigators Network (CTIN)

Answer 39

nonprofit group based in Seattle, composed of law enforcement members, private corp security professionals, and other security professionals whose aim is to improve the quality of high technology investigations in the Pacific Northwest.

Question 40

nonprofit group based in Seattle, composed of law enforcement members, private corp security professionals, and other security professionals whose aim is to improve the quality of high technology investigations in the Pacific Northwest.

Answer 40

Computer Technology Investigators Network (CTIN)

Question 41

data recovery

Answer 41

retrieving files that were deleted accidentally or purposefully

Question 42

retrieving files that were deleted accidentally or purposefully

Answer 42

data recovery

Question 43

Digital Evidence First Responder (DEFR)

Answer 43

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

Question 44

A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab.

Answer 44

Digital Evidence Firtst Responder (DEFR)

Question 45

Digital Evidence Specialist (DES)

Answer 45

An expert who analyzes digital evidence and determines whether additional specialists are needed.

Question 46

An expert who analyzes digital evidence and determines whether additional specialists are needed.

Answer 46

Digital Evidence Specialist (DES)

Question 47

Digital forensics

Answer 47

Applying investigative procedures for a legal purpose,

Question 48

Applying investigative procedures for a legal purpose

Answer 48

Digital forensics

Question 49

digital investigations

Answer 49

The process of conducting forensic analysis of system suspected of containing evidence related to an incident or a crime

Question 50

The process of conducting forensic analysis of system suspected of containing evidence related to an incident or a crime

Answer 50

digital investigations

Question 51

evidence custody form

Answer 51

A printed form indicating who has signed out and been in physical possession of evidence

Question 52

A printed form indicating who has signed out and been in physical possession of evidence

Answer 52

evidence custody form

Question 53

evidence bags

Answer 53

Nonstatic bags used to transport computer components and other digital devices

Question 54

Nonstatic bags used to transport computer components and other digital devices

Answer 54

evidence bags

Question 55

exculpatory evidence

Answer 55

Evidence that indicates the suspect is innocent of the crime

Question 56

Evidence that indicates the suspect is innocent of the crime

Answer 56

exculpatory evidence

Question 57

exhibits

Answer 57

evidence used in court to prove a case

Question 58

evidence used in court to prove a case

Answer 58

exhibits

Question 59

Fourth Amendment

Answer 59

Must have probable cause for search and seizure

Question 60

Must have probable cause for search and seizure

Answer 60

Fourth Amendment

Question 61

hostile work environment

Answer 61

environment where employees can't perform their assigned duties because of the actions of others.

Question 62

environment where employees can't perform their assigned duties because of the actions of others.

Answer 62

hostile work environment

Question 63

inculpatory evidence

Answer 63

Evidence that indicates a suspect is guilty of the crime with which he or she is charged

Question 64

Evidence that indicates a suspect is guilty of the crime with which he or she is charged

Answer 64

inculpatory evidence

Question 65

industrial espionage

Answer 65

Theft of company sensitive or proprietary company information often to sell to a competitor

Question 66

Theft of company sensitive or proprietary company information often to sell to a competitor

Answer 66

industrial espionage

Question 67

International Association of Computer Investigative Specialists (IACIS)

Answer 67

AN organization created to provide training and software for law enforcement in the digital forensics field

Question 68

AN organization created to provide training and software for law enforcement in the digital forensics field

Answer 68

International Association of Computer Investigative Specialists (IACIS)

Question 69

interrogation

Answer 69

The process of trying to get a suspect to confess to a specific incident or crime

Question 70

The process of trying to get a suspect to confess to a specific incident or crime

Answer 70

interrogation

Question 71

interview

Answer 71

A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation

Question 72

A conversation conducted to collect information from a witness or suspect about specific facts related to an investigation

Answer 72

interview

Question 73

line of authority

Answer 73

The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take posession of evidence, and have access to evidence

Question 74

The order in which people or positions are notified of a problem; these people or positions have the legal right to initiate an investigation, take posession of evidence, and have access to evidence

Answer 74

line of authority

Question 75

multi-evidence form

Answer 75

An evidence custody form used to list all items associated with a case

Question 76

An evidence custody form used to list all items associated with a case

Answer 76

multi-evidence form

Question 77

network intrusion detection and incident response

Answer 77

Detecting attacks from intruders by using automated tools

Question 78

Detecting attacks from intruders by using automated tools

Answer 78

network intrusion detection and incident response

Question 79

professional conduct

Answer 79

Behavior expected of an employee in the workplace or other professional setting

Question 80

Behavior expected of an employee in the workplace or other professional setting

Answer 80

professional conduct

Question 81

repeatable findings

Answer 81

Being able to obtain the same results every time from a digital forensics examination

Question 82

Being able to obtain the same results every time from a digital forensics examination

Answer 82

repeatable findings

Question 83

search and seizure

Answer 83

The legal act of acquiring evidence for an investigation

Question 84

The legal act of acquiring evidence for an investigation

Answer 84

search and seizure

Question 85

search warrants

Answer 85

Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime

Question 86

Legal documents that allow law enforcement to search an office, a home, or other locale for evidence related to an alleged crime

Answer 86

search warrants

Question 87

single-evidence form

Answer 87

A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.

Question 88

A form that dedicates a page for each item retrieved for a case. It allows investigators to add more detail about exactly what was done to the evidence each time it was taken from the storage locker.

Answer 88

single-evidence form

Question 89

verdict

Answer 89

The decision returned by a jury

Question 90

The decision returned by a jury

Answer 90

verdict

Question 91

vulnerability/threat assessment and risk management is what?

Answer 91

The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.

Question 92

The group that determines the weakest points in a system. It covers physical security and the security of OSs and applications.

Answer 92

vulnerability/threat assessment and risk management

Question 93

warning banner

Answer 93

Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access

Question 94

Text displayed on computer screens when people log on to a company computer; this text states ownership of the computer and specifies appropriate use of the machine or Internet access

Answer 94

warning banner