Study Guides (238,072)
Canada (114,906)
English (5)
GNED 135 (5)

Some Reviews for Midterm.docx

17 Pages
Unlock Document

Centennial College
GNED 135
Holly Pearlman

Description Some Reviews for Midterm True/False _T_ 1. By the 1970s, electronic crimes were increasing, especially in the financial sector. _T__ 2. To be a successful computer forensics investigator, you must be familiar with more than one computing platform. _F__ 3. Computer investigations and forensics fall into the same category: public investigations. _F__ 4. The law of search and seizure protects the rights of all people, excluding people suspected of crimes. _T__ 5. After a judge approves and signs a search warrant, it’s ready to be executed, meaning you can collect evidence as defined by the warrant. _T__ 6. Chain of custody is also known as chain of evidence. _T__ 7. Employees surfing the Internet can cost companies millions of dollars. _F__ 8. You cannot use both multi-evidence and single-evidence forms in your investigation. _T__ 9. Many attorneys like to have printouts of the data you have recovered, but printouts can present problems when you have log files with several thousand pages of data. _F__ 10. Abit-stream copy is a bit-by-bit duplicate of the original disk. You should use the original disk whenever possible. _T__ 11. Performing a forensic analysis of a disk 200 GB or larger can take several days and often involves running imaging software overnight and on weekends. _F__ 12. Requirements for taking the EnCE certification exam depend on taking the Guidance Software EnCase training courses. _F__ 13. If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately. _T__ 14. Agood working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks. _T__ 15. Computing systems in a forensics lab should be able to process typical cases in a timely manner. _F__ 16. One advantage with live acquisitions is that you are able to perform repeatable processes. _F__ 17. The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your evidence image file. _T__ 18. Many acquisition tools don’t copy data in the host protected area (HPA) of a disk drive. _T__ 19. FTK Imager requires that you use a device such as a USB or parallel port dongle for licensing. _F__ 20. Unlike RAID 0, RAID 3 stripes tracks across all disks that make up one volume. _F__ 21. ISPs can investigate computer abuse committed by their customers. _T__ 22. If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement. T 23. Ajudge can exclude evidence obtained from a poorly worded warrant. _T__ 24. The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene’s immediate location. ____ 25. Corporate investigators always have the authority to seize all computers equipments during a corporate investigation. Multiple Choices ____ 26. The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence. a. Federal Rules of Evidence (FRE) b.Department of Defense Computer Forensics Laboratory (DCFL) c. DIBS d. ComputerAnalysis and Response Team (CART) ____ 27. ____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. a. Data recovery c. Computer forensics b. Network forensics d. Disaster recovery ____ 28. ____ involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring. a. Computer forensics c. Disaster recovery b. Data recovery d. Network forensics ____ 29. The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime. a. network intrusion detection c. incident response b. computer investigations d. litigation ____ 30. By the early 1990s, the ____ introduced training on software for forensics investigations. a. IACIS c. CERT b. FLETC d. DDBIA ____ 31. In the Pacific Northwest, ____ meets monthly to discuss problems that law enforcement and corporations face. a. IACIS c. FTK b. CTIN d. FLETC ____ 32. In a ____ case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation. a. corporate c. criminal b. civil d. fourth amendment ____ 33. In general, a criminal case follows three stages: the complaint, the investigation, and the ____. a. litigation c. blotter b. allegation d. prosecution ____ 34. Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. a. litigation c. blotter b. allegation d. prosecution ____ 35. In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____. a. blotter c. litigation report b. exhibit report d. affidavit Computer Forensic- Midterm ____ 36. It’s the investigator’s responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant. a. litigation c. exhibits b. prosecution d. reports ____ 37. The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. a. notarized c. recorded b. examined d. challenged ____ 38. Published company policies provide a(n) ____ for a business to conduct internal investigations. a. litigation path c. line of allegation b. allegation resource d. line of authority ____ 39. A____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. a. warning banner c. line of authority b. right of privacy d. right banner ____ 40. A(n) ____ is a person using a computer to perform routine tasks other than systems administration. a. complainant c. end user b. user banner d. investigator ____ 41. Without a warning banner, employees might have an assumed ____ when using a company’s computer systems and network accesses. a. line of authority c. line of privacy b. right of privacy d. line of right ____ 42. In addition to warning banners that state a company’s rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. a. authorized requester c. line of right b. authority of line d. authority of right ____ 43. Most computer investigations in the private sector involve ____. a. e-mail abuse c. Internet abuse b. misuse of computing assets d. VPN abuse ____ 44. Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer. a. silver-tree c. silver-platter b. gold-tree d. gold-platter ____ 45. Your ____ as a computer investigation and forensics analyst is critical because it determines your credibility. a. professional policy c. line of authority b. oath d. professional conduct ____ 46. Maintaining ____ means you must form and sustain unbiased opinions of your cases. a. confidentiality c. integrity b. objectivity d. credibility ____ 47. The ____ is the route the evidence takes from the time you find it until the case is closed or goes to court. a. acquisition plan c. evidence path b. chain of custody d. evidence custody ____ 48. When preparing a case, you can apply ____ to problem solving. a. standard programming rules c. standard systems analysis steps b. standard police investigation d. bottom-up analysis ____ 49. The list of problems you normally expect in the type of case you are handling is known as the ____. Computer Forensic- Midterm a. standard risk assessment c. standard problems form b. chain of evidence d. problems checklist form ____ 50. The basic plan for your investigation includes gathering the evidence, establishing the ____, and performing the forensic analysis. a. risk assessment c. chain of custody b. nature of the case d. location of the evidence ____ 51. A(n) ____ helps you document what has and has not been done with both the original evidence and forensic copies of the evidence. a. evidence custody form c. initial investigation form b. risk assessment form d. evidence handling form ____ 52. Use ____ to secure and catalog the evidence contained in large computer components. a. Hefty bags c. paper bags b. regular bags d. evidence bags ____ 53. ____ prevents damage to the evidence as you transport it to your secure evidence locker, evidence room, or computer lab. a. An antistatic wrist band c. An antistatic pad b. Padding d. Tape ____ 54. ____ investigations typically include spam, inappropriate and offensive message content, and harassment or threats. a. VPN c. E-mail b. Internet d. Phone ____ 55. To conduct your investigation and analysis, you must have a specially configured personal computer (PC) known as a ____. a. mobile workstation c. forensic lab b. forensic workstation d. recovery workstation ____ 56. You can use ____ to boot to Windows without writing any data to the evidence disk. a. a SCSI boot up disk c. a write-blocker b. a Windows boot up disk d. Windows XP ____ 57. To begin conducting an investigation, you start by ____ the evidence using a variety of methods. a. copying c. opening b. analyzing d. reading ____ 58. A____ is a bit-by-bit copy of the original storage medium. a. preventive copy c. backup copy b. recovery copy d. bit-stream copy ____ 59. Abit-stream image is also known as a(n) ____. a. backup copy c. custody copy b. forensic copy d. evidence copy ____ 60. To create an exact image of an evidence disk, copying the ____ to a target work disk that’s identical to the evidence disk is preferable. a. removable copy c. bit-stream image b. backup copy d. backup image ____ 61. ____ from Technology Pathways is a forensics data analysis tool. You can use it to acquire and analyze data from several different file systems. a. Guidance EnCase c. DataArrest SnapCopy b. NTI SafeBack d. ProDiscover Basic ____ 62. Forensics tools such as ____ can retrieve deleted files for use as evidence. Computer Forensic- Midterm a. ProDiscover Basic c. FDisk b. ProDelete d. GainFile ____ 63. When analyzing digital evidence, your job is to ____. a. recover the data c. copy the data b. destroy the data d. load the data ____ 64. ____ can be the most time-consuming task, even when you know exactly what to look for in the evidence. a. Evidence recovery c. Data analysis b. Data recovery d. Evidence recording ____ 65. When you write your final report, state what you did and what you ____. a. did not do c. wanted to do b. found d. could not do ____ 66. In any computing investigation, you should be able to repeat the steps you took and produce the same results. This capability is referred to as ____. a. checked values c. evidence backup b. verification d. repeatable findings ____ 67. After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and ____. a. critique the case c. present the case b. repeat the case d. read the final report ____ 68. A____ is where you conduct your investigations, store evidence, and do most of your work. a. forensic workstation c. storage room b. computer forensics lab d. workbench ____ 69. Lab costs can be broken down into daily, ____, and annual expenses. a. weekly c. bimonthly b. monthly d. quarterly ____ 70. ____ are generated at the federal, state, and local levels to show the types and frequency of crimes committed. a. HTCN reports c. Uniform crime reports b. IDE reports d. ASCLD reports ____ 71. Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Windows File System. a. NTFS c. FAT24 b. ext3 d. ext2 ____ 72. ____ was created by police officers who wanted to formalize credentials in computing investigations. a. HTCN c. TEMPEST b. NISPOM d. IACIS ____ 73. IACIS requires recertification every ____ years to demonstrate continuing work in the field of computer forensics. a. 2 c. 4 b. 3 d. 5 ____ 74. What HTCN certification level requires candidates have three years of investigative experience in any discipline from law enforcement or corporate or have a college degree with one year of experience in investigations? a. Certified Computer Crime Investigator, Basic Level b. Certified Computer Crime Investigator,Advanced Level c. Certified Computer Forensic Technician, Basic d. Certified Computer Forensic Technician, Advanced Computer Forensic- Midterm ____ 75. To preserve the integrity of evidence data, your lab should function as an evidence locker or safe, making it a ____ or a secure storage safe. a. secure workstation c. protected PC b. secure workbench d. secure facility ____ 76. The EMR from a computer monitor can be picked up as far away as ____ mile. a. 1/4 c. 3/4 b. 1/2 d. 1 ____ 77. Defense contractors during the Cold War were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____. a. TEMPEST c. NISPOM b. RAID d. EMR ____ 78. A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock. a. gypsum c. wood b. steel d. expanded metal ____
More Less

Related notes for GNED 135

Log In


Don't have an account?

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.