IS3350 CHAPTER 15

Question 1

Documentation that shows how evidence is collected, used, and handled throughout the lifetime of a case is called ___?
This document shows who obtained evidence, where and when it was obtained, who secured it, and who had control or possession of it.

Answer 1

CHAIN OF CUSTODY

Question 2

A category of computer forensics that focuses on examining programming code for malicious code or signatures is called ___?
It is also know as malware forensics.

Answer 2

CODE OF ANALYSIS

Question 3

The scientific process of collecting and examining data that is stored on or received or transmitted by an electronic device is called ___?
It is also called system forensics, digital forensics, computer forensic analysis, computer examination, data recovery, or inforensics.

Answer 3

COMPUTER FORENSICS

Question 4

Evidence collected from an electronic device is called ___?

Answer 4

DIGITAL EVIDENCE

Question 5

An exact copy of an electronic media storage device is called ___?
A bit-by-bit copy includes deleted files, slack space, and areas of the storage device that a normal file copy would not include.

Answer 5

FORENSIC DUPLICATE IMAGE

Question 6

A legal doctrine that states that evidence that isn’t gathered evidence can’t be used in court is called ___?
Any subsequent evidence gathered as a result of the illegally obtained evidence can’t be used in court either.

Answer 6

FRUIT OF THE POISONOUS TREE DOCTRINE

Question 7

Any out-of-court statement made by a person that is offered to prove some issue in a case is called ___?
Gossip is a common example.

Answer 7

HEARSAY

Question 8

A basic assumption in forensics science that states that people always leave traces of their activities when they interact with other people or with other objects is called ___?

Answer 8

LOCARD’S EXCHANGE PRINCIPLE

Question 9

A category of computer forensics that focuses on collecting and examining data stored on physical media is called ___?

Answer 9

MEDIA ANALYSIS

Question 10

A category of computer forensics that focuses on capturing and examining network traffic is called ___?
It includes reviewing transaction logs and using real time monitoring to identify and locate evidence.

Answer 10

NETWORK ANALYSIS

Question 11

A warning banner that provides notice of legal rights to users of computer networks is called ___?
The are generally displayed as a computer user logs into a network or on an entity’s home page.

Answer 11

NETWORK BANNER

Question 12

A formal protest made by an attorney to a trial court judge is called ___?
An attorney usually makes this if the opposing party is asking questions or submitting evidence that is inappropriate or violates a trial court rule.

Answer 12

OBJECTION

Question 13

Devices that monitor outgoing transmission data is called ___?
They record dialing, routing, signaling, or address information.

Answer 13

PEN REGISTER DEVICES

Question 14

Data that is sorted on a hard drive or other storage media is called ___?
It is preserved when an electronic device is turned off.

Answer 14

PERSISTENT DATA

Question 15

Evidence that proves or disproves a legal element in a case is called ___?
If evidence isn’t this, then it can be excluded from a trial.
Also known as relevant evidence.

Answer 15

PROBATIVE EVIDENCE

Question 16

Devices that monitor incoming transmission data is called ___?
They capture incoming electronic signals that identify the originating transmission data.

Answer 16

TRAP AND TRACE DEVICES

Question 17

Data that is sorted in the memory of an electronic device is called ___?
It is lost when an electronic device is turned off.

Answer 17

VOLATILE DATA

Question 18

1. A system back-up copy is considered a forensic duplicate image.
   TRUE OR FALSE

Answer 18

FALSE

Question 19

2. What is an exception to the Fourth Amendment’s search warrant requirement?
3. Consent
4. Plain view doctrine
5. Inventory search
6. All the above
7. None of the above

Answer 19

Consent
Plain view doctrine
Inventory search

All the above

Question 20

3. Which principle is a basic assumption of forensic science?
4. The silver platter doctrine
5. Exigent circumstances
6. Rocard’s exchange principle
7. The Daubert test
8. None of the above

Answer 20

Rocard’s exchange principle

Question 21

4. What are the three main electronic communications eavesdropping laws?

Answer 21

The Electronic Communications Privacy Act;
the Wiretap Act;
the Pen Register and Trap and Trace Statute

Question 22

5. What is another common term for computer forensics?

Answer 22

Computer forensics also is known as 
system forensics, 
digital forensics, 
computer forensic analysis, 
computer examination, 
data recovery, 
and inforensics (information forensics)
These are interchangeable

Question 23

6. Which type of computer forensics focuses on examining programming code?
7. Media analysis
8. Malware forensics
9. Internet forensics
10. Network analysis
11. None of the above

Answer 23

Malware forensics

Question 24

7. Which forensic certification is only available to law enforcement personnel?
8. CCE
9. GCFA
10. CCFE
11. EnCE
12. None of the above

Answer 24

None of the above

Question 25

8. A computer can play one of ___ roles in a crime.

Answer 25

Three (3)

Question 26

9. Which investigative step includes "bag and tag"? 1. Identification 2. Preservation 3. Collection 4. Examination 5. None of the above

Answer 26

Collection

Question 27

10. which investigative step includes interviewing persons of interest for information about electronic devices? 1. Identification 2. Preservation 3. Collection 4. Presentation 5. None of the above

Answer 27

Preservation

Question 28

11. Which organization created the most well-known guiding principles for computer forensic examiners? 1. IOCE 2. ISO/IEC 3. ISFCE 4. IACRB 5. None of the above

Answer 28

IOCE

Question 29

12. What is volatile data?

Answer 29

Data stored in the memory of an electronic device. Volatile data is lost when the electronic device is turned off.

Question 30

13. Which law governs the collection of real-time transmission data? 1. The Electronic Communications Privacy Act 2. The Wiretap Act 3. The Pen Register and Trap and Trace Statute 4. The Fourth Amendment 5. None of the above

Answer 30

The Pen Register and Trap and Trace Statute

Question 31

14. A trap and trace device monitors incoming transmission data. TRUE OR FALSE

Answer 31

FALSE

Question 32

15. A forensic duplicate image is a ____.

Answer 32

Bit-by-bit copy