Processing Crime and Incident Scenes-Chapter 4

Question 1

Automated Fingerprint Identification System (AFIS):

Answer 1

Definition: A biometric system that uses digital images of fingerprints to identify individuals.
Example: Law enforcement agencies use AFIS to compare fingerprints collected from crime scenes to those in their databases.

Question 2

Computer-generated records

Answer 2

Definition: Records generated by a computer system, such as reports or logs.
Example: A financial institution’s daily transaction report, which is generated by its computer system.

Question 3

Computer-stored records

Answer 3

Definition: Records that are stored electronically on a computer system.
Example: Electronic medical records stored in a hospital’s database.

Question 4

Covert surveillance

Answer 4

Definition: The monitoring of a person or group without their knowledge or consent.
Example: An investigator covertly monitoring the activities of a suspect in a criminal investigation.

Question 5

Cyclic Redundancy Check (CRC)

Answer 5

Definition: A mathematical algorithm used to detect errors in data transmission or storage.
Example: CRC is commonly used in digital storage devices such as hard drives or memory cards to ensure data integrity.

Question 6

Digital evidence

Answer 6

Definition: Any form of electronic data that can be used as evidence in a legal proceeding.
Example: Emails, text messages, digital photos, or computer files that contain evidence of a crime.

Question 7

Extensive-response field kit

Answer 7

Definition: A portable kit containing specialized equipment and supplies used to respond to and manage large-scale incidents.
Example: An extensive-response field kit may include hazmat suits, gas detectors, and decontamination supplies.

Question 8

Hash value

Answer 8

Definition: A unique digital fingerprint generated by a hash function, used to verify the integrity of data.
Example: A hash value can be used to ensure that a file has not been modified or corrupted during transmission or storage.

Question 9

Hazardous materials (HAZMAT)

Answer 9

Definition: Materials or substances that are potentially harmful or dangerous to human health or the environment.
Example: Chemicals, radioactive materials, or infectious biological agents are considered hazardous materials.

Question 10

Initial-response field kit

Answer 10

Definition: A portable kit containing basic equipment and supplies used to respond to and manage small-scale incidents.
Example: An initial-response field kit may include basic first-aid supplies, a flashlight, and a multi-tool.

Question 11

Innocent information

Answer 11

Definition: Information that is not relevant or connected to a criminal investigation.
Example: Personal information that does not provide any evidence of a crime, such as a person’s shopping habits or hobbies.

Question 12

Keyed hash set

Answer 12

Definition: A set of hash values generated from a list of specific keywords or phrases.
Example: A keyed hash set can be used to identify files or messages that contain specific keywords or phrases relevant to an investigation.

Question 13

Limiting phrase

Answer 13

Definition: A phrase or statement used to limit the scope or extent of a search or investigation.
Example: A limiting phrase may be used to restrict the search of a suspect’s computer to a specific time frame or set of files.

Question 14

Low-level investigations

Answer 14

Definition: Investigations that are focused on minor or low-level offenses.
Example: A low-level investigation may involve the theft of a small amount of money or property.

Question 15

Message Digest 5 (MD5)

Answer 15

Definition: A commonly used cryptographic hash function that generates a 128-bit hash value.
Example: MD5 is often used to verify the integrity of files during data transmission or storage.

Question 16

National Institute of Standards and Technology (NIST)

Answer 16

Definition: A federal agency that develops standards and guidelines for technology and science.
Example: NIST has developed many standards for digital evidence, including guidelines for the acquisition and analysis of digital evidence.

Question 17

Nonkeyed hash set

Answer 17

Definition: A set of hash values generated from a random selection of data.
Example: A nonkeyed hash set can be used to identify files or messages that contain unknown or unexpected

Question 18

Private-sector investigations are typically easier than law enforcement investigations for which of the following reasons?

Most companies keep inventory databases of all hardware and software used.
The investigator doesn’t have to get a warrant.
The investigator has to get a warrant.
Users can load whatever they want on their machines.

Answer 18

Most companies keep inventory databases of all hardware and software

Question 19

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause. True or False?

Answer 19

true

Question 20

If you discover a criminal act while investigating a company policy abuse, the case becomes a criminal investigation and should be referred to law enforcement. True or False?

Answer 20

true

Question 21

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens?

You begin to take orders from a police detective without a warrant or subpoena.
Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement.
Your internal investigation begins.
None of the above.

Answer 21

none of the above

Question 22

The plain view doctrine in computer searches is well-established law. True or False?

Answer 22

true

Question 23

If a suspect’s computer is found in an area that might have toxic chemicals, you must do which of the following?

Coordinate with the HAZMAT team.
Determine a way to obtain the suspect’s computer.
Assume the suspect’s computer is contaminated.
Do not enter alone.

Answer 23

Coordinate with the HAZMAT team.

Question 24

What are the three rules for a forensic hash?

Answer 24

Unique, repeatable, and unchanged.

Question 25

In forensic hashes, when does a collision occur?

Answer 25

A collision occurs when two different data sets produce the same hash value.

Question 26

List three items that should be in an initial-response field kit.

Answer 26

Forensic software, digital camera, and evidence collection forms.

Question 27

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

Answer 27

To preserve the integrity of the crime scene and avoid contamination of evidence.

Question 28

Computer peripherals or attachments can contain DNA evidence. True or False?

Answer 28

true

Question 29

if a suspect computer is running Windows 10, which of the following can you perform safely?

Browsing open applications
Disconnecting power
Either of the above
None of the above

Answer 29

Browsing open applications

Question 30

Describe what should be videotaped or sketched at a digital crime scene.

Answer 30

The physical layout of the crime scene, the location of the computer, the location of peripherals, and the orientation of the computer.

Question 31

Which of the following techniques might be used in covert surveillance?

Keylogging
Data sniffing
Network logs
None of the above

Answer 31

Keylogging and data sniffing.

Question 32

Commingling evidence means what in a private-sector setting?

Answer 32

Commingling evidence means that evidence from different investigations is stored together.

Question 33

List two hashing algorithms commonly used for forensic purposes. True or False?

Answer 33

True - SHA-1 and MD5 are two commonly used hashing algorithms for forensic purposes.

Question 34

Small companies rarely need investigators. True or False?

Answer 34

false

Question 35

If a company doesn’t distribute a computing use policy stating an employer’s right to inspect employees’ computers freely, including e-mail and Web use, employees have an expectation of privacy. True or False?

Answer 35

true

Question 36

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

Answer 36

Extensive-response field kit

Question 37

You should always answer questions from onlookers at a crime scene. True or False?

Answer 37

False - it is important to avoid discussing details of the investigation with anyone who is not directly involved in it.