Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS4670 CYBER CRIME FORENSICS QUESTIONS > IS4670 Chapter 6 Controlling a Forensic Investigation > Flashcards

IS4670 Chapter 6 Controlling a Forensic Investigation Flashcards

1
Q 
1. What type of data is lost whenever a system is used and should therefore be collected first to minimize corruption or loss?
A. Bit stream data 
B. Forensic data 
C. Temporary data 
D. Volatile data
A

Volatile data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. The ________, as its name suggests, recommends leaving a suspect computer turned on and working on it immediately after securing it.
A

Live analysis school of thought

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Why is it important to create a bit stream copy of a disk drive or another type of storage media?
    A. A bit stream copy can be created very quickly.
    B. A bit stream copy exactly replicates all sectors on the storage device, including all files and ambient data storage areas.
    C. The Department of Defense requires bit
    stream copies in all investigations.
    D. It’s not. Standard file backups and network server backups are sufficient in most cases.
A

A bit stream copy exactly replicates all sectors on the storage device, including all files and ambient data storage areas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. You should always work on the suspect hard drive rather than a backup, a duplicate, a copy, or an image.
    A. True
    B. False
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. In a forensic investigation, speed is more important than thoroughness.
    A. True
    B. False
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
6. Which of the following is a batch file that handles drivers for all the devices hooked up to the controllers and ports?
A. AUTOEXEC.BAT 
B. COMMAND.COM 
C. CONFIG.SYS 
D. DRVSPACE.BI
A

AUTOEXEC.BAT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
7. Which techniques of forensic analysis are discussed in this chapter? (Select three.)
A. Live analysis 
B. Volatile analysis 
C. Physical analysis 
D. Logical analysis
A

Live analysis

Physical analysis

Logical analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
8. Which of the following does Windows use on a system as a “scratch pad” to write data when additional RAM is needed?
A. Batch file 
B. Swap file 
C. File residue 
D. Unallocated space
A

Swap file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
9. Which of the following is the smallest unit of storage on a computer?
A. File allocation table (FAT) 
B. Cluster 
C. Sector 
D. File
A

Sector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. ________ is the area of a hard drive that has never been allocated for file storage, or the leftover area that the computer regards as unallocated after file deletion.
A

Unallocated space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. One of the first questions that can be asked in computer seizure law is when exactly the search occurs. The ________ Amendment to the U.S. Constitution deals with search and seizure.
A

Fourth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. Which of the following is not a best practice in preserving data for future computer forensics examination?
    A. Immediately turn on and attempt to examine the suspect computer.
    B. Identify all devices that may contain evidence.
    C. Quarantine all in-house computers.
    D. Forensically image all suspect media.
A

Immediately turn on and attempt to examine the suspect computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IS4670 CYBER CRIME FORENSICS QUESTIONS (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions