1
Q
Corporate investigations are typically easier than law enforcement investigations for which of the following reasons?
A
a. Most companies keep inventory databases of all hardware and software used.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
n the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a corporate investigator can conduct covert surveillance on an employee with little cause.
A
T
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
If you discover a criminal act, such as murder or child p*rnography, while investigating a corporate policy abuse, the case becomes a criminal investigation and should be referred to law enforcement.
A
T
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
As a corporate investigator, you can become an agent of law enforcement when which of the following happens? (Choose all that apply.)
a. You begin to take orders from a police detective without a warrant or subpoena.
b. Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement.
c. Your internal investigation begins.
A
A, B
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
The plain view doctrine in computer searches is well-established law.
A
F
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
If a suspect computer is located in an area that might have toxic chemicals, you must do which of the following? (Choose all that apply.)
a. Coordinate with the HAZMAT team.
b. Determine a way to obtain the suspect computer
c. Assume the suspect computer is contaminated.
d. Do not enter alone
A
a, c
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
What are the three rules for a forensic hash?
A
It can’t be predicted, no two files can have the same hash value, and if the file changes, the hash value changes.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
In forensic hashes, a collision occurs when ________.
A
two files have the same hash value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
List three items that should be in an initial-response field kit.
A
Small computer toolkit, large-capacity drive, IDE ribbon cables, forensic boot media, laptop IDE 40-to-44 pin adapter, laptop or portable computer, FireWire or USB dual write-protect external bay, flashlight, digital camera or 35mm camera
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
When you arrive at the scene, why should you extract only those items that you need to acquire evidence?
A
To minimize how much you have to keep track of at the scene.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
Computer peripherals or attachments can contain DNA evidence. True or False?
A
T
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
If a suspect computer is running Windows 2000, which of the following can you perform safely?
A
Browsing open applications.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
Describe what should be videotaped or sketched at a computer crime scene.
A
Computers, cable connections, overview of scene—anything that might be of interest to the investigation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Which of the following techniques might be used in covert surveillance?
A
Keylogging, data sniffing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Commingling evidence means what in a corporate setting?
A
Sensitive corporate information being mixed with data collected as evidence.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Two hashing algorithms commonly used for forensic purposes are_____.
A
MD5 and SHA-1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
Small companies rarely need investigators. True or False?
A
F
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
If a company doesn’t distribute a computing use policy stating an employer’s rights to inspect employee’s computers freely, including e-mail and web use, employees have an expectation of privacy. True or False?
A
T
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?
A
Initial-response field kit.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
You should always answer questions from onlookers at the crime scene? True or False?
A
F
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
Automated Fingerprint Identification System (AFIS)
A
A computerized system for identifying fingerprints that’s connected to a central database; used to identify criminal suspects and review thousands of fingerprint samples at high speed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
A computerized system for identifying fingerprints that’s connected to a central database; used to identify criminal suspects and review thousands of fingerprint samples at high speed.
A
Automated Fingerprint Identification System (AFIS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
computer-generated records
A
Digital files generated by a computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
Digital files generated by a computer
A
computer-generated records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
computer-stored records
A
Digital files generated by a person
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
Digital files generated by a person
A
computer-stored records
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
covert surveillance
A
observing people or places without being detected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
observing people or places without being detected
A
covert surveillance
29
Q
Cyclic Redundancy Check (CRC)
A
A mathematical algorithm that translates a file into a unique hexadecimal value
30
Q
A mathematical algorithm that translates a file into a unique hexadecimal value
A
Cyclic Redundancy Check (CRC)
31
Q
digital evidence
A
Evidence consisting of information stored or transmitted in electronic form
32
Q
Evidence consisting of information stored or transmitted in electronic form
A
digital evidence
33
Q
extensive-response field kit
A
A portable kit designed to process several computers and a variety of operating systems at a crime or incident scene involving computers
34
Q
A portable kit designed to process several computers and a variety of operating systems at a crime or incident scene involving computers
A
extensive-response field kit
35
Q
What should an extensive-response field kit include?
A
Two or more types of software or hardware computer forensics tools
36
Q
hash value
A
A unique hexadecimal value that identifies a file or drive
37
Q
A unique hexadecimal value that identifies a file or drive
A
hash value
38
Q
hazardous materials (HAZMAT)
A
Chemical, biological, or radiological substances that can cause harm to people
39
Q
Chemical, biological, or radiological substances that can cause harm to people
A
hazardous materials (HAZMAT)
40
Q
initial-response field kit
A
A portable kit containing only the minimum tools needed to perform disk acquisitions and preliminary forensics analysis in the field.
41
Q
A portable kit containing only the minimum tools needed to perform disk acquisitions and preliminary forensics analysis in the field.
A
initial-response field kit
42
Q
innocent information
A
Data that doesn’t contribute to evidence of a crime or violation
43
Q
Data that doesn’t contribute to evidence of a crime or violation
A
innocent information
44
Q
keyed hash set
A
A value created by an encryption utility’s secret key
45
Q
A value created by an encryption utility’s secret key
A
keyed hash set
46
Q
limiting phrase
A
Wording in a search warrant that limits the scope of a search for evidence
47
Q
Wording in a search warrant that limits the scope of a search for evidence
A
limiting phrase
48
Q
low-level investigations
A
Corporate cases that require less investigative effort than a major criminal case
49
Q
Corporate cases that require less investigative effort than a major criminal case
A
low-level investigations
50
Q
Message Digest 5 (MD5)
A
An algorithm that produces a hexadecimal value of a file or storage media.
51
Q
An algorithm that produces a hexadecimal value of a file or storage media.
A
Message Digest 5 (MD5)
52
Q
National Institute of Standards and Technology (NIST)
A
One of the governing bodies responsible for setting standards for some U.S. industries.
53
Q
One of the governing bodies responsible for setting standards for some U.S. industries.
A
National Institute of Standards and Technology (NIST)
54
Q
nonkeyed hash set
A
A unique hash number generated by a software tool and used to identify files
55
Q
A unique hash number generated by a software tool and used to identify files
A
nonkeyed hash set
56
Q
person of interest
A
Someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest
57
Q
Someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest
A
person of interest
58
Q
plain view doctrine
A
When conducting a search and seizure, objects in plain view of a law enforcement officer, who has the right to be in position to have that view, are subject to seizure without a warrant and can be introduced as evidence.
59
Q
When conducting a search and seizure, objects in plain view of a law enforcement officer, who has the right to be in position to have that view, are subject to seizure without a warrant and can be introduced as evidence.
A
plain view doctrine
60
Q
probable cause
A
The standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest.
61
Q
The standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest.
A
probable cause
62
Q
professional curiosity
A
The motivation for law enforcement and other professional personnel to examine an incident or crime scene to see what happened
63
Q
The motivation for law enforcement and other professional personnel to examine an incident or crime scene to see what happened
A
professional curiosity
64
Q
Scientific Working Group on Digital Evidence (SWGDE)
A
A group that sets standards for recovering, preserving, and examining digital evidence
65
Q
A group that sets standards for recovering, preserving, and examining digital evidence
A
Scientific Working Group on Digital Evidence (SWGDE)
66
Q
Secure Hash Algorithm version 1 (SHA-1)
A
A forensic hashing algorithm created by NIST to determine whether data in a file or storage media has been altered.
67
Q
A forensic hashing algorithm created by NIST to determine whether data in a file or storage media has been altered.
A
Secure Hash Algorithm version 1 (SHA-1)
68
Q
sniffing
A
Detecting data transmissions to and from a suspect’s computer and a network server to determine the type of data being transmitted over a network
69
Q
Detecting data transmissions to and from a suspect’s computer and a network server to determine the type of data being transmitted over a network
A
sniffing