Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS4670 CYBER CRIME FORENSICS QUESTIONS > IS4670Chapter 7 Collecting, Seizing, and Protecting Evidence > Flashcards

IS4670Chapter 7 Collecting, Seizing, and Protecting Evidence Flashcards

1
Q
  1. No two investigations are the same.
    A. True
    B. False
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
2. Which of the following is not a step in the process of collecting and analyzing evidence?
A. Identifying the evidence 
B. Preserving the evidence 
C. Creating the evidence 
D. Analyzing the evidence 
E. Presenting the evidence
A

Creating the evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
3. Which of the following is the best type of evidence to support a case?
A. Testimonial evidence 
B. Real evidence 
C. Hearsay 
D. Rules of evidence
A

Real evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Admissibility, authenticity, completeness, reliability, and believability are called the ________.
A

Five rules of evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Never store system logs on a remote server.
    A. True
    B. False
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. When is the best time to notify law enforcement when dealing with a breach?
    A. Immediately after the breach is suspected
    B. After evidence collection has begun
    C. After the attacker is identified
    D. It depends on the circumstances of the case.
A

It depends on the circumstances of the case.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
7. Which of the following is a data collection process that involves creating a replica system and luring an attacker into it for further monitoring?
A. Collecting artifacts 
B. Honeypotting 
C. Freezing the scene 
D. Sandboxing
A

Honeypotting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following are important factors in maintaining the chain of custody? (Select three.)
    A. Keeping evidence within an investigator’s possession or control at all times
    B. Locking the evidence in an airtight chamber
    C. Documenting the collection and movement of evidence
    D. Securing the evidence appropriately so it can’t be tampered with
    E. Videotaping all data collection
A

Keeping evidence within an investigator’s possession or control at all times

Documenting the collection and movement of evidence

Securing the evidence appropriately so it can’t be tampered with

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
9. To search a hard drive for forensic evidence, an investigator should prepare a list of keywords to search for. What are the three main areas of a system that should be searched for these keywords? (Select three.)
A. C: drive 
B. Swap file 
C. Recycle Bin 
D. File slack 
E. Unallocated space
A

Swap file

File slack

Unallocated space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Forensic investigators should never use originals. Instead, they should use verified duplicates.
    A. True
    B. False
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. The ________ is a detailed list of what was done with original copies and systems after they were seized.
A

Chain of custody

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. An investigator should set the clock on a suspect system to the GMT time zone.
    A. True
    B. False
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IS4670 CYBER CRIME FORENSICS QUESTIONS (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions