Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics (2022) > Module 4 Quiz > Flashcards

Module 4 Quiz Flashcards

1
Q

You should always answer questions from onlookers at a crime scene.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

If a suspect’s computer is found in an area that might have toxic chemicals, you must do which of the following?

Coordinate with the HAZMAT team.

Determine a way to obtain the suspect’s computer.

Assume the suspect’s computer is contaminated.

Do not enter alone.

A

Coordinate with the HAZMAT team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the three rules for a forensic hash?

Fast, reliable, and the hash value should be at least 2048 bits

Produce collisions, should be at least 2048 bits, and it can’t be predicted

It can’t be predicted, no two files can have the same hash value, and if the file changes, the hash value changes

It can be predicted, fast and reliable

A

It can’t be predicted, no two files can have the same hash value, and if the file changes, the hash value changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The plain view doctrine in computer searches is well-established law.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Commingling evidence means that sensitive or confidential information being mixed with data collected as evidence.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

List two hashing algorithms commonly used for forensic purposes.

MD5 and SHA-1

MD5 and AES

AES and SHA-2

RSA and RC5

A

MD5 and SHA-1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Small companies rarely need investigators.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In forensic hashes, a collision occur when two different files have the same hash value.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens?

You begin to take orders from a police detective without a warrant or subpoena.

Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement.

Your internal investigation begins.

None of the above.

A

You begin to take orders from a police detective without a warrant or subpoena.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An initial-response field kit does not contain evidence bags.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If you discover a criminal act while investigating a company policy abuse, the case becomes a criminal investigation and should be referred to law enforcement.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Private-sector investigations are typically easier than law enforcement investigations for which of the following reasons?

Most companies keep inventory databases of all hardware and software used.

The investigator doesn’t have to get a warrant.

The investigator has to get a warrant.

Users can load whatever they want on their machines.

A

Most companies keep inventory databases of all hardware and software used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Extensive-response kit

Initial-response kit

Lightweight kit

Car crash kit

A

Initial-response kit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You should videotape or sketch anything at a digital crime scene that might be of interest to the investigation.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Computer peripherals or attachments can contain DNA evidence.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

If a company doesn’t distribute a computing use policy stating an employer’s right to inspect employees’ computers freely, including e-mail and Web use, employees have an expectation of privacy.

True

False

A

True

17
Q

Which of the following techniques might be used in covert surveillance (Choose All That Apply)?

Keylogging

Data sniffing

Network logs

All of the above

A

Keylogging

Data sniffing

18
Q

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

To conceal trade secrets

To preserver your physical security

To speed up the acquisition process

To minimize how much you have to keep track of at the scene

A

To minimize how much you have to keep track of at the scene

19
Q

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause.

True

False

A

True

Digital Forensics (2022) (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions