Name:
Class:
Date:
Indicate whether the statement is true or false.
1. User groups for a specific type of system can be very useful in a forensics investigation.
a.
True
b.
False
2. Most digital investigations in the private sector involve misuse of computing assets.
a.
True
b.
False
3. All suspected industrial espionage cases should be treated as civil case investigations.
a.
True
b.
False
4. If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of
law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.
a.
True
b.
False
5. According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically
examining and analyzing data from computer storage media so that it can be used as evidence in court.
a.
True
b.
False
Indicate the answer choice that best completes the statement or answers the question.
6. Which amendment to the U.S. Constitution protects everyone’s right to be secure in their person, residence, and
property from search and seizure?
a.
First Amendment
b.
Second Amendment
c.
Fourth Amendment
d.
Fifth Amendment
7. _______ is not one of the functions of the investigations triad.
a.
Digital investigations
b.
Data recovery
c.
Vulnerability/threat assessment and risk management
d.
Network intrusion detection and incident response
8. Which Microsoft OS below is the least intrusive to disks in terms of changing data?
a.
Windows 95
b.
Windows XP
c.
Windows 7
d.
MSDOS 6.22
9. After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined
Name:
Class:
Date:
by the warrant.
a.
Digital Evidence Recorder
b.
Digital Evidence Specialist
c.
Digital Evidence First Responder
d.
Digital Evidence Scene Investigator
10. Which option below is not a standard systems analysis step?
a.
Determine a preliminary design or approach to the case.
b.
Obtain and copy an evidence drive.
c.
Share evidence with experts outside of the investigation.
d.
Mitigate or minimize the risks.
11. _______ is not recommended for a digital forensics workstation.
a.
A text editor tool
b.
A write-blocker device
c.
An SCSI card
d.
Remote access software
12. A chain-of-evidence form, which is used to document what has and has not been done with the original evidence and
forensic copies of the evidence, is also known as a(n) _______.
a.
single-evidence form
b.
multi-evidence form
c.
evidence custody form
d.
evidence tracking form
13. Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is
known as _______.
a.
repeatable findings
b.
reloadable steps
c.
verifiable reporting
d.
evidence reporting
14. The _______ is not one of the three stages of a typical criminal case.
a.
complaint
b.
investigation
c.
civil suit
d.
prosecution
15. After the evidence has been presented in a trial by jury, the jury must deliver a(n) _______.
a.
exhibit
b.
affidavit
c.
allegation
d.
verdict
16. An evidence custody form does not usually contain _______.
Name:
Class:
Date:
a.
the nature of the case
b.
a description of evidence
c.
vendor names for computer components
d.
a witness list
17. The _______ is responsible for analyzing data and determining when another specialist should be called in to assist
with analysis.
a.
Digital Evidence First Responder
b.
Digital Evidence Specialist
c.
Digital Evidence Analyst
d.
Digital Evidence Examiner
18. What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement,
can analyze and read special files that are copies of a disk?
a.
AccessData Forensic Toolkit
b.
DeepScan
c.
ILook
d.
Photorec
19. If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct
him or her to submit a(n) _______.
a.
exhibit
b.
verdict
c.
affidavit
d.
memo
20. In what year was the Computer Fraud and Abuse Act passed?
a.
1976
b.
1980
c.
1986
d.
1996
21. _______ must be included in an affidavit to support an allegation in order to justify a warrant.
a.
Verdicts
b.
Witnesses
c.
Exhibits
d.
Subpoenas
22. The sale of sensitive or confidential company information to a competitor is known as _______.
a.
industrial sabotage
b.
industrial espionage
c.
industrial collusion
d.
industrial betrayal
23. The term _______ describes a database containing informational records about crimes that have been committed
Name:
Class:
Date:
previously by a criminal.
a.
police ledger
b.
police blotter
c.
police blogger
d.
police recorder
24. Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings.
a.
Federal Proceedings Law
b.
Federal Rules of Evidence
c.
Federal Consistency Standards
d.
Federal Proceedings Rules
25. _______ describes an accusation of fact that a crime has been committed.
a.
Attrition
b.
Attribution
c.
Allegation
d.
Assignment
Enter the appropriate word(s) to complete the statement.
26. When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all
findings confidential.
27. Typically, the _____________ requires a bootable DVD or USB flash drive that runs an independent OS in a suspect
computer’s RAM, with the goal of preserving data during an acquisition.
28. A(n) ________________ states who has the legal right to initiate an investigation, who can take possession of
evidence, and who can have access to evidence.
29. A(n) _______________ notifies end users that the organization owning the computer equipment reserves the right to
inspect or search computer systems and network traffic at will.
30. In 1987, the ____________ was introduced with an external EasyDrive hard disk with 60 MB of storage.
a.
Authorized requester
b.
Bit-stream image
c.
Digital Evidence First Responder (DEFR)
d.
Digital Evidence Specialist (DES)
e.
Inculpatory evidence
f.
Line of authority
g.
Search and seizure
h.
Single-evidence form
i.
Verdict
j.
Warning banner
31. A professional who secures digital evidence at the scene and ensures its viability while transporting it to the lab
32. In a private-sector environment, the person who has the right to request an investigation, such as the chief security
officer or chief intelligence officer
Name:
Class:
Date:
33. The legal act of acquiring evidence for an investigation
34. The decision returned by a jury
35. The order in which people or positions are notified of a problem; these people or positions have the legal right to
initiate an investigation, take possession of evidence, and have access to evidence
36. An expert who analyzes digital evidence and determines whether additional specialists are needed
37. A form that dedicates a page for each item retrieved for a case; it allows investigators to add more detail about exactly
what was done to the evidence each time it was taken from the storage locker
38. Text displayed on computer screens when people log on to a company computer; this text states ownership of the
computer and specifies appropriate use of the machine or Internet access
39. Evidence that indicates a suspect is guilty of the crime with which he or she is charged
40. The file where the bit-stream copy is stored
41. Why is confidentiality critical in a corporate environment during and after an investigation of a terminated employee?
42. Basic report writing involves answering the six Ws. What are they?
43. What must be done if data is found in the form of binary files, such as CAD drawings?
44. What is the difference between a Digital Evidence First Responder (DEFR) and a Digital Evidence Specialist (DES)?
45. What is a bit-stream image?
46. Why is it important to have a well-defined policy, especially when investigators and forensics examiners are involved?
47. What is the difference between an interview and an interrogation?
48. Why is it important to maintain specific temperature and humidity ranges within a forensics lab?
49. Why must all evidence that is collected be treated with the highest level of security and accountability, even if the
evidence is regarding an internal abuse investigation within an organization?
50. What questions should someone consider prior to assisting in an interview or interrogation?
Name:
Class:
Date:
Name:
Class:
Date:
Name:
Class:
Date: