Which of the following is not an objective of computer forensics?
A. Computer forensics deals with the process of finding evidence related to a digital
... [Show More] crime to find the victims and prevent legal action against them.
B. Computer forensics deals with the process of finding evidence related to a crime to find the culprits and initiate legal action against them.
C. Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and initiate legal action against them.
D. Computer forensics deals with the process of finding evidence related to a digital crime to find the culprits and avoid legal action against them.
C
Which of the following is not an objective of computer forensics?
A. Track and prosecute the perpetrators in a court of law.
B. Identify, gather, and preserve the evidence of a cybercrime.
C. Interpret, document, and present the evidence to be admissible during prosecution.
D. Document vulnerabilities allowing further loss of intellectual property, finances, and reputation during an attack.
D
Which of the following is true regarding the enterprise theory of investigation (ETI) ?
A. It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal act.
B. It adopts an approach toward criminal activity as a criminal act.
C. It differs from traditional investigative methods, and it is less complex and less time-consuming.
D. It encourages reactive action on the structure of the criminal enterprise.
A
Forensic readiness referrers to:
A. having no impact on prospects of successful legal action
B. replacing the need to meet all regulatory requirements
C. the establishment of specific incident response procedures and designated trained personnel to prevent a breach
D. an organization's ability to make optimal use of digital evidence in a limited time period and with minimal investigation costs
D
Which of the following is not an element of cybercrime?
A. anonymity through masquerading
B. fast-paced speed
C. volatile evidence
D. evidence smaller in size
D
Which of the following is true of cyber crimes?
A. Investigators, with a warrant, have the authority to forcibly seize the computing devices.
B. Investigators attempt to demonstrate information to the opposite party to support the claims and induce settlement.
C. The searching of the devices is based on mutual understanding and provides a wider time frame to hide the evidence.
D. The claimant is responsible for the collection and analysis of the evidence.
A
Which of the following is true of civil crimes?
A. The initial reporting of the evidence is generally informal.
B. A formal investigation report is required.
C. Law enforcement agencies are responsible for collecting and analyzing evidence.
D. The standards of proof need to be very high.
A
Which of the following is not a consideration during a cybercrimes investigation?
A. collection of clues and forensic evidence
B. analysis of digital evidence
C. presentation of admissible evidence
D. value or cost to the victim
D
Which of the following is a user-created source of potential evidence?
A. address book
B. printer spool
C. cookies
D. log files
A
Which of the following is a computer-created source of potential evidence?
A. bookmarks
B. spreadsheet
C. swap file
D. steganography
C
Which of the following is not where potential evidence may be located?
A. digital camera
B. smart card
C. processor
D. thumb drive
C
Under which of the following conditions will duplicate evidence not suffice?
A. when original evidence is destroyed in the normal course of business
B. when original evidence is in possession of the originator
C. when original evidence is in possession of a third party
D. when original evidence is destroyed due to fire or flood
B
Which of the following Federal Rules of Evidence governs proceedings in the courts of the United States?
A. Rule 105
B. Rule 103
C. Rule 101
D. Rule 102
C
Which of the following Federal Rules of Evidence ensures that the truth may be ascertained and the proceedings justly determined?
A. Rule 105
B. Rule 102
C. Rule 101
D. Rule 103
B
Which of the following Federal Rules of Evidence contains Rulings on Evidence?
A. Rule 103
B. Rule 105
C. Rule 102
D. Rule 101
A
Which of the following Federal Rules of Evidence states that the court shall restrict the evidence to its proper scope and instruct the jury accordingly?
A. Rule 102
B. Rule 103
C. Rule 101
D. Rule 105
D
Which of the following answers refers to a set of methodological procedures and techniques to identify, gather, preserve, extract, interpret, document, and present evidence from computing equipment in such a manner that the discovered evidence is acceptable during a legal and/or administrative proceeding in a court of law?
A. disaster recovery
B. incident handling
C. computer forensics
D. network analysis
C
Computer forensics deals with the process of finding _______ related to digital crime to find the culprits and initiate legal action against them.
A. insider threats
B. evidence
C. fraud
D. malware
B
Minimizing the tangible and intangible losses to the organization or an individual is considered an essential computer forensics use.
A. True
B. False
A
Cybercrimes can be classified into the following two types of attacks, based on the line of attack.
A. Fraud and Spam
B. Phishing and Malware
C. Internal and External
C
Espionage, theft of intellectual property, manipulation of records, and Trojan horse attacks are examples of what?
A. insider attacks or secondary threats
B. insider attacks or primary threats
C. outsider attacks or secondary threats
D. outsider attacks or primary threats
B
External attacks occur when there are inadequate information-security policies and procedures.
A. True
B. False
A
Which type of cases involve disputes between two parties?
A. civil
B. investigative
C. administrative
D. criminal
A
A computer forensic examiner can investigate any crime as long as he or she takes detailed notes and follows appropriate processes.
A. True
B. False
B
_______ is the standard investigative model used by the FBI when conducting investigations against major criminal organizations.
A. Enterprise Theory of Investigation (ETI)
B. Both Enterprise Theory of Investigation (ETI) and Entrepreneur Theory of Investigation
C. Entrepreneur Theory of Investigation
A
Digital devices store data about sessions such as user and type of connection.
A. True
B. False
A
Forensic readiness includes technical and non-technical actions that maximize an organization's competence to use digital evidence.
A. True
B. False
A
Which of the following is the process of developing a strategy to address the occurrence of any security breach in the system or network?
A. best evidence rule
B. incident response
C. security policy
D. forensic readiness planning
B
Codes of ethics are the principals stated to describe the expected behavior of an investigator while handling a case. Which of the following is not a principal that a computer forensic investigator must follow?
A. Ensure integrity of the evidence throughout the investigation process.
B. Act with utmost ethical and moral principles.
C. Provide personal or prejudiced opinions.
D. Act in accordance with federal statutes, state statutes, and local laws and policies.
C
What must an investigator do in order to offer a good report to a court of law and ease the prosecution?
A. preserve the evidence
B. prosecute the evidence
C. obfuscate the evidence
D. authorize the evidence
A
What is the role of an expert witness?
A. to testify against the plaintiff
B. to support the defense
C. to evaluate the court's decisions
D. to educate the public and court
D
Which of the following is NOT a legitimate authorizer of a search warrant?
A. magistrate
B. concerned authority
C. first responder
D. court of law
C
Under which of the following circumstances has a court of law allowed investigators to perform searches without a warrant?
A. Delay in obtaining a warrant may lead to the preservation of evidence and expedite the investigation process.
B. Delay in obtaining a warrant may lead to the destruction of evidence and hamper the investigation process.
C. Expediting the process of obtaining a warrant may lead to a delay in prosecution of a perpetrator.
D. Expediting the process of obtaining a warrant may lead to the timely prosecution of a perpetrator.
B
Which of the following should be considered before planning and evaluating the budget for the forensic investigation case?
A. use of outdated, but trusted, technologies
B. breakdown of costs into daily and annual expenditure
C. past success rate as a measure of value
D. current media coverage of high-profile computer crimes
B
Which of the following should be physical location and structural design considerations for forensics labs?
A. Lightweight construction materials need to be used.
B. Lab exteriors should have no windows.
C. Room size should be compact with standard HVAC equipment.
D. Computer systems should be visible from every angle.
B
Which of the following should be work area considerations for forensics labs?
A. Multiple examiners should share workspace for efficiency.
B. Additional equipment such as notepads, printers, etc. should be stored elsewhere.
C. Examiner station has an area of about 50-63 square feet.
D. Physical computer examinations should take place in a separate workspace.
C
Which of the following is NOT part of the Computer Forensics Investigation Methodology?
A. testify as an expert witness
B. data analysis
C. testify as an expert defendant
D. data acquisition
C
Which of the following is NOT part of the Computer Forensics Investigation Methodology?
A. Secure the evidence.
B. Assess the evidence.
C. Destroy the evidence.
D. Collect the evidence.
C
Investigators can immediately take action after receiving a report of a security incident.
A. False
B. True
A
In forensics laws, "authenticating or identifying evidences" comes under which rule?
A. Rule 708
B. Rule 801
C. Rule 608
D. Rule 901
D
Courts call knowledgeable persons to testify to the accuracy of the investigative process. These people who testify are known as the:
A. judges
B. character witnesses
C. counselors
D. expert witnesses
D
A chain of custody is a critical document in the computer forensics investigation process because the document provides legal validation of appropriate evidence handling.
A. True
B. False
A
Identify the following project which was launched by the National Institute of Standards and Technology (NIST), that establishes a "methodology for testing computer forensics software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware."
A. Computer Forensic Tool Testing Project (CFTTP)
B. Computer Forensic Hardware Project (CFHP)
C. Enterprise Theory of Investigation (ETI)
D. Computer Forensic Investigation Project (CFIP)
A
In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for
dealing with evidence in a civil case?
A. evidence procedures are not important unless you work for a law enforcement agency
B. evidence must be handled in the same way regardless of the type of case
C. evidence in a civil case must be secured more tightly than in a criminal case
D. evidence in a criminal case must be secured more tightly than in a civil case
B
Which part of the Windows Registry contains the user's password file?
A. HKEY_LOCAL_MACHINE
B. HKEY_CURRENT_CONFIGURATION
C. HKEY_USER
D. HKEY_CURRENT_USER
C
If a suspect's computer is located in an area that may have toxic chemicals, you must:
A. coordinate with the HAZMAT team
B. do not enter alone
C. assume the suspect machine is contaminated
D. determine a way to obtain the suspect computer
A
Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their
pervious activity. After a computer has been compromised by a hacker, which of the following would be most
important in forming a profile of the incident?
A. The vulnerability exploited in the incident
B. The manufacture of the system compromised
C. The nature of the attack
D. The logic, formatting and elegance of the code used in the attack
D
What information do you need to recover when searching a victims computer for a crime committed with
specific e-mail message?
A. Username and password
B. Firewall log
C. E-mail header
D. Internet service provider information
C
The use of warning banners helps a company avoid litigation by overcoming an employees assumed
___________________ when connecting to the companys intranet, network, or virtual private network (VPN)
and will allow the companys investigators to monitor, search, and retrieve information stored within the
network.
A. right of privacy
B. right to Internet access
C. right to work
D. right of free speech
A
When examining a hard disk without a write-blocker, you should not start Windows because Windows will
write data to the:
A. Case files
B. Recycle Bin
C. BIOS
D. MSDOS.SYS
B
How many sectors will a 125 KB file use in a FAT32 file system?
A. 16
B. 25
C. 256
D. 32
C
Which part of the Windows Registry contains the user's password file?
A. HKEY_CURRENT_CONFIGURATION
B. HKEY_USER
C. HKEY_CURRENT_USER
D. HKEY_LOCAL_MACHINE
B
You are working as an independent computer forensics investigator and receive a call from a systems
administrator for a local school system requesting your assistance. One of the students at the local high
school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab.
When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a
simple backup copy of the hard drive in the PC and put it on this drive and requests that you examine the
drive for evidence of the suspected images. You inform him that a simple backup copy will not provide
deleted files or recover file fragments. What type of copy do you need to make to ensure that the evidence
found is complete and admissible in future proceedings?
A. incremental backup copy
B. full backup copy
C. robust copy
D. bit-stream copy
D [Show Less]