_______ would not be found in an initial-response field kit.
a. Computer evidence bags (antistatic bags)
b. Leather gloves and disposable latex gloves
c. A digital camera with extra batteries or 35mm camera with film and flash
d. External USB devices or a portable hard drive
As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state?
a. The power cable should be pulled.
b. The system should be shut down gracefully.
c. The power should be left on.
d. The decision should be left to the Digital Evidence First Responder (DEFR).
What does FRE stand for?
a. Federal Rules of Evidence
b. Federal Regulations for Evidence
c. Federal Rights for Everyone
d. Federal Rules for Equipment
A _______ is not a private sector organization.
a. small to medium business
b. large corporation
c. non-government organization
d. hospital
If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.
a. two
b. five
c. one
d. three
In cases that involve dangerous settings, what kind of team should be used to recover evidence from the scene?
a. B-Team
b. HAZMAT
c. CDC First Responders
d. SWAT
The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.
a. probable cause
b. due diligence
c. accusations
d. reliability
The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers.
a. storage room
b. server farm
c. data well
d. storage hub
The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest.
a. criminal
b. potential data source
c. person of interest
d. witness
What should you do while copying data on a suspect's computer that is still live?
a. Open files to view contents.
b. Make notes regarding everything you do.
c. Conduct a Google search of unknown extensions using the computer.
d. Check Facebook for additional suspects.
hat type of media has a 30-year lifespan?
a. DVD-Rs
b. DLT magnetic tape
c. hard drive
d. USB thumb drive
When seizing digital evidence in criminal investigations, whose standards should be followed?
a. U.S. DOJ
b. ISO/IEC
c. IEEE
d. ITU
Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?
a. United States v. Wong
b. United States v. Carey
c. United States v. Salgado
d. United States v. Walser
Which of the following is not done when preparing for a case?
a. Describe the nature of the case.
b. Identify the type of OS.
c. Set up covert surveillance.
d. Determine whether you can seize the computer or digital device.
Which system below can be used to quickly and accurately match fingerprints in a database?
a. Fingerprint Identification Database (FID)
b. Systemic Fingerprint Database (SFD)
c. Automated Fingerprint Identification System (AFIS)
d. Dynamic Fingerprint Matching System (DFMS)
You must abide by the _______ while collecting evidence.
a. Fourth Amendment
b. Federal Rules of Evidence
c. state's Rules of Evidence
d. Fifth Amendment
_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers.
a. Hospitals
b. ISPs
c. Law firms
d. News networks
_______ does not recover data in free or slack space.
a. Raw format acquisition
b. Live acquisition
c. Static acquisition
d. Sparse acquisition
_______ is a common cause for lost or corrupted evidence.
a. Public access
b. Not having enough people on the processing team
c. Having an undefined security perimeter
d. Professional curiosity
_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing.
a. Second-party evidence
b. Rumor
c. Fiction
d. Hearsay