Networking 978-0123742681 Chapter 7 Quiz

Unlock access to all the studying documents.

View Full Document

Chapter 7

Handling a Digital Crime Scene

Objectives

On completion of this chapter, the student will:

– Understand that crime scene investigation is the first, most crucial step in the forensic

process.

– Be aware of sources for digital crime scene processing guidelines.

Chapter Guide

Although no two digital crime scenes will ever be the same, the application of accepted methods

and best practices goes a long way to assuring that the scene is protected and digital evidence is

preserved.

Multiple Choice Questions

1. The following organizations have published guidelines for handling digital crime scenes:

2. When a first responder encounters technology or equipment that he is not familiar with, the

recommended course of action is to:

3. When preparing a questionnaire for interviewing individuals of the crime scene which of the

following should NOT be requested:

4. When entering a crime scene, the initial survey should:

5. Examples of data that should be immediately preserved include:

6. The crime scene preservation process includes all but which of the following:

7. A thorough crime scene survey should include:

8. The challenge to controlling access to a digital crime scene is that:

9. In the case where digital investigators dealing with distributed systems need to collect data

from remote sites, the following procedure is recommended:

10. When presenting evidence on an organizational network, the digital investigator may require

the assistance of:

11. Which of the following is not a safety consideration for a first responder?

12. Digital investigators like to preserve every potential source of digital evidence; however,

they are constrained by:

13. During the initial survey of a crime scene, why it is necessary to photograph or videotape the

area and items of potential interest in their current state?

14. Why is the first step to secure the physical crime scene by removing everyone from the

immediate area?

15. When a piece of evidence has both a biological and a digital component, who should process

it first?

True or False Questions

1. When first entering a crime scene, the first responder should immediately focus on the

computers and technology.

2. Since crime scenes are typically pretty much the same, very little planning needs to take place

prior to first entering the scene.

3. On entering a crime scene, an investigator notes that a piece of equipment with antennas

attached is connected to one of the target computers. Since this indicates a wireless connection,

it is advisable to either disconnect or disable the piece of equipment.

4. In most situations, it is advisable to let the physical crime scene technicians, under the

direction of the forensic investigator, process the scene first.

5. The likelihood of collecting notable information from a running computer is relatively small,

so it is safe to shut down any running computer to preserve the data on the hard drive.

6. When shutting down a live system it is generally recommended to unplug the power from the

back of the computer.

7. The proper collection of evidence at a crime scene is crucial in terms of admissibility in court.

8. When performing triage at a crime scene, an important first step is to turn on any computers

that are off and immediately look for items of evidence.

9. Computer security professionals should obtain instructions and written authorization from

their attorneys before gathering digital evidence relating to an investigation with an organization.

10. The Fourth Amendment, like ECPA, only applies to the government, not the private sector.

11. When an organization itself is under investigation, it is always feasible to collect all the data

for every system.

12. The contents of volatile memory are becoming more and more important.

13. The decision to seize an entire computer versus create a forensic duplicate of the internal

hard drive will be influenced by the role of the computer.

14. When seizing a computer, it is

cables from hard drives.

15. Capturing volatile data or specific files from a live system is a straightforward process

usually handled by the first responder.

Essay Questions

1. What considerations are there when developing a crime scene plan?

2. What information would you provide when preparing a search warrant?