CSCI 511 Quiz 1: Digital ForensicInvestigationsQuestion 11 / 1 ptsMost digital investigations in the private sector involve ____.e-mail abusemisuse of digital assetsInternet abuseVPN abuse Show Question 21 / 1 ptsA ____ usually appears when a computer starts or connects to the company intranet, network, or virtualprivate network (VPN) and informs end users that the organization reserves the right to inspect computersystems and network traffic at will. Get answer to your question and much more Question 31 / 1 pts____ involves recovering information from a computer that was deleted by mistake or lost during a powersurge or server crash, for example. When analyzing digital evidence, your job is to ____.A) recover the data Employees surfing the Internet can cost companies millions of dollars.A) True A bit-stream
image is also known as a(n) ____.A) backup copy The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence.A) Federal Rules of Evidence (FRE) D) Computer Analysis and Response Team (CART) Most computer investigations in the private sector involve ____.A) e-mail abuse B) misuse of computing assets You
can use ____ to boot to Windows without writing any data to the evidence disk. A) a SCSI boot up disk ____ can be the most time-consuming task, even when you know exactly what to look for in the evidence. A) Evidence recovery The affidavit must be
____ under sworn oath to verify that the information in the affidavit is true.A) notarized Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed.A) litigation A ____ is a bit-by-bit copy of the
original storage medium.A) preventive copy In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as ____.A) checked values After a judge approves and signs a
search warrant, it’s ready to be executed, meaning you can collect evidence as defined by the warrant.A) True The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis.A) risk assessment The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime.A) network intrusion detection B) computer investigations To be a successful computer forensics investigator, you must be familiar with
more than one computing platform.A) True Your ____ as a computer investigation and forensics analyst is critical because it determines your credibility.A) professional policy ____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring.A)
Computer forensics In the Pacific Northwest, ____ meets monthly to discuss problems that law enforcement and corporations face.A) IACIS Computer investigations and forensics fall into the same category: public investigations.A) True By the early 1990s, the ____ introduced training on software for forensics investigations.A) IACIS When you write your final report, state what you did and what you ____.A) did not do Chain of custody is also known as chain of evidence.A) True
You cannot use both multi-evidence and single-evidence forms in your investigation.A) True ____ prevents damage to the evidence as you transport it to your secure evidence locker, evidence room, or computer lab.A) An antistatic wrist band ____
from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems.A) Guidance EnCase It’s the investigator’s responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant.A) litigation A bit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible.A) True To begin conducting an investigation, you start by ____ the evidence using a variety of methods.A) copying The list of problems you normally expect in the type of case you are handling is known as the ____.A) standard risk assessment A) standard risk assessment A(n) ____ helps you document what has and has not been done with both the original evidence and forensic copies of
the evidence.A) evidence custody form Without a warning banner, employees might have an assumed ____ when using a company’s computer systems and network accesses.A) line of authority To conduct your investigation and
analysis, you must have a specially configured personal computer (PC) known as a ____.A) mobile workstation By the 1970s, electronic crimes were increasing, especially in the financial sector.A) True . In a criminal or public case, if you have enough information to support a search
warrant, the prosecuting attorney might direct you to submit a(n) ____. A) blotter Which of the following are typical private sector investigations?Typical Private Investigation Examples:. Accident / Reconstruction: ... . Background Checks: ... . Child Support / Custody: ... . Civil Investigation: ... . Computer Forensics / Cyber Crime: ... . Crime Scene Investigation: ... . Criminal Investigations: ... . Financial Investigation:. Can computer forensic tools be trusted in digital investigations?Investigators cannot absolutely rely on CFTs because they can collect evidence that is not complete and credible in the presence of file system AF attacks such as secure-deletion, data hiding, and forging timestamps.
What is the goal of the Nsrl project created by NIST?The National Software Reference Library (NSRL) is designed to collect software from various sources and incorporate file profiles computed from this software into a Reference Data Set (RDS) of information.
What percentage of consumers utilize Intel and AMD PCS?Intel's market share dropped to 69%, while AMD's rose to 31% of consumer systems.
|