Created by Tyler Rock
over 5 years ago
|
||
Question | Answer |
_______ would not be found in an initial-response field kit. a. Computer evidence bags (antistatic bags) b. Leather gloves and disposable latex gloves c. A digital camera with extra batteries or 35mm camera with film and flash d. External USB devices or a portable hard drive | b. Leather gloves and disposable latex gloves |
As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state? a. The power cable should be pulled. b. The system should be shut down gracefully. c. The power should be left on. d. The decision should be left to the Digital Evidence First Responder (DEFR). | d. The decision should be left to the Digital Evidence First Responder (DEFR). |
What does FRE stand for? a. Federal Rules of Evidence b. Federal Regulations for Evidence c. Federal Rights for Everyone d. Federal Rules for Equipment | a. Federal Rules of Evidence |
A _______ is not a private sector organization. a. small to medium business b. large corporation c. non-government organization d. hospital | d. hospital |
If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab. a. two b. five c. one d. three | c. one |
In cases that involve dangerous settings, what kind of team should be used to recover evidence from the scene? a. B-Team b. HAZMAT c. CDC First Responders d. SWAT | b. HAZMAT |
The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______. a. probable cause b. due diligence c. accusations d. reliability | a. probable cause |
The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers. a. storage room b. server farm c. data well d. storage hub | b. server farm |
The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest. a. criminal b. potential data source c. person of interest d. witness | c. person of interest |
What should you do while copying data on a suspect's computer that is still live? a. Open files to view contents. b. Make notes regarding everything you do. c. Conduct a Google search of unknown extensions using the computer. d. Check Facebook for additional suspects. | b. Make notes regarding everything you do. |
hat type of media has a 30-year lifespan? a. DVD-Rs b. DLT magnetic tape c. hard drive d. USB thumb drive | b. DLT magnetic tape |
When seizing digital evidence in criminal investigations, whose standards should be followed? a. U.S. DOJ b. ISO/IEC c. IEEE d. ITU | a. U.S. DOJ |
Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records? a. United States v. Wong b. United States v. Carey c. United States v. Salgado d. United States v. Walser | c. United States v. Salgado |
Which of the following is not done when preparing for a case? a. Describe the nature of the case. b. Identify the type of OS. c. Set up covert surveillance. d. Determine whether you can seize the computer or digital device. | c. Set up covert surveillance. |
Which system below can be used to quickly and accurately match fingerprints in a database? a. Fingerprint Identification Database (FID) b. Systemic Fingerprint Database (SFD) c. Automated Fingerprint Identification System (AFIS) d. Dynamic Fingerprint Matching System (DFMS) | c. Automated Fingerprint Identification System (AFIS) |
You must abide by the _______ while collecting evidence. a. Fourth Amendment b. Federal Rules of Evidence c. state's Rules of Evidence d. Fifth Amendment | a. Fourth Amendment |
_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers. a. Hospitals b. ISPs c. Law firms d. News networks | b. ISPs |
_______ does not recover data in free or slack space. a. Raw format acquisition b. Live acquisition c. Static acquisition d. Sparse acquisition | d. Sparse acquisition |
_______ is a common cause for lost or corrupted evidence. a. Public access b. Not having enough people on the processing team c. Having an undefined security perimeter d. Professional curiosity | d. Professional curiosity |
_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing. a. Second-party evidence b. Rumor c. Fiction d. Hearsay | d. Hearsay |
Want to create your own Flashcards for free with GoConqr? Learn more.