Chapter 19- Investigations and Ethics

Question 1

1. What are administrative Policies?

Answer 1

Administrative Policies are internal investigations that examine either operational issues or a violation of the organisation’s policies.

Question 2

2. What is root cause analysis?

Answer 2

Root Cause Analysis seeks to identify the reason that an operational issue occurred.

Question 3

3. What is admissible evidence?

Answer 3

Admissible Evidence are evidence that must be relevant, material and competent. Competent mean it must have been obtained legally.

Question 4

4. List 3 types of evidences used in the court of law:

Answer 4

Real Evidence
• Documentary Evidence
• Testimonial Evidence

Question 5

5. What is Real Evidence?

Answer 5

Real Evidence (aka object or conclusive evidence) consist of the things that may actually be brought into a court of law. e.g. murder weapon
•	It is also known as object evidence.

Question 6

6. What are Documentary Evidence?

Answer 6

Documentary Evidence includes any written items brought into court to prove a fact at hand. This type of evidence must be authenticated

Question 7

7. List 2 specific documentary evidence rules:

Answer 7

Best Evidence Rule, Parol Evidence Rule

Question 8

8. What is best evidence rule?

Answer 8

Best Evidence Rule states that when a document is used as evidence in a court proceeding, the original document must be introduced.

Question 9

9. Copies or descriptions of original evidence are known as ______ evidence

Answer 9

secondary

Question 10

10. What is Parol Evidence?

Answer 10

Parol Evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.

Question 11

11. What is chain of evidence?

Answer 11

this is also known as chain of custody, it documents everyone that handles the evidence.

Question 12

12. What is testimonial evidence?

Answer 12

Testimonial Evidence is evidence containing the testimony of a witness.

Question 13

13. Types of testimony evidence

Answer 13

verbal testimony or written testimony

Question 14

14. What is Media Analysis?

Answer 14

Media Analysis is a branch of computer forensic analysis that involves the identification and extraction of information from storage media e.g. magnetic media, memory etc.

Question 15

15. What is Network Analysis?

Answer 15

Forensic Investigators are often interested in the activity that took place over the network during a security incident.

Question 16

16. List some pre-existing security controls that log network activity:

Answer 16

: IDS and IPS log systems.
• Network flow data
• packet captured during an incident
• logs from firewalls

Question 17

17. List the categories of computer crime

Answer 17

• Military and Intelligence Attacks
• Business Attacks
• Financial Attacks
• Terrorist Attacks
• Grudge Attacks
• Thrill Attacks

Question 18

18. List the basic alternative for confiscating evidence and when each one is appropriate

Answer 18

• Person who owns evidence voluntarily surrender it.
• Subpoena to compel the subject to surrender the evidence
• Search warrant: when there is need to confiscate evidence without giving the subject the opportunity to alter it.

Question 19

19. List evidence that may be used in a civil or criminal trial:

Answer 19

• Real evidence: actual objects that can be brought to court
• Documentary Evidence: written documents that provide insight to facts
• Testimonial Evidence: verbal or written evidence made by witnesses.