Help
Options
Question
Ture of False A judge can exclude evidence obtained from a poorly worded warrant
click to flip
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't know
Question
A ____ is facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed.
Remaining cards (87)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Comp Forensics
Computer Forensics
| Question | Answer |
|---|---|
| Ture of False A judge can exclude evidence obtained from a poorly worded warrant | True |
| A ____ is facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed. | probable cause |
| When seizing computer evidence in criminal investigations, follow the ____ standards for seizing digital data. | U.S. DoJ |
| Real-time surveillance requires ____ data transmissions between a suspect’s computer and a network server. | sniffing |
| While cooperating with law enforcement officers, corporate investigators should avoid becoming a(n) ____. | agent of law enforcement |
| When an investigator finds a mix of information, judges often issue a(n) _________________________ to the warrant, which allows the police to separate innocent information from evidence. | limiting phrase |
| Collecting computers and processing a criminal or incident scene must be done ____. | systematically |
| Digital evidence can be any information stored or transmitted in ____________________ form. | digital |
| True or False: The type of file system an OS uses determines how data is stored on the disk. | True |
| True or False You can use a disk editor tool to identify the OS on an unknown disk. | True |
| True or False: In Microsoft OSs, when a file is deleted, the only modification made is the FAT chain for that file is set to zero. | False |
| The ____ contains programs that perform input and output at the hardware level. | BIOS |
| On Windows and DOS computer systems, the boot disk contains a file called the ____, which stores information about the partitions on a disk and their locations, size, and other critical items. | Master Boot Record |
| What is the first data set on an NTFS disk? | Partition Boot Sector |
| For Windows 2000 and XP, Registry information is contained in the \Winnt\System32\Config and ____ folders, respectively. | \Windows\System32\Config |
| A(n) ____________________ gives an OS a road map to data on a disk. | file system |
| ____________________ is composed of the unused space in a cluster between the end of an active file and the end of the cluster. | Drive slack |
| True or False: Companies specializing in disaster recovery use computer forensics techniques to retrieve information their clients have lost. | True |
| Professionals in the vulnerability assessment and risk management group also have skills in ____ and incident response. | network Intrusion Detection |
| Private organizations are not governed directly by ____ law or Fourth Amendment issues, but by internal policies that define expected employee behavior and conduct in the workplace. | criminal |
| The police ____ provides a record of clues to crimes that have been committed previously and is an aid for all current and future investigations. | blotter |
| Corporate computer crimes can involve e-mail harassment, falsification of data, gender and age discrimination, embezzlement, sabotage, and ____, which involves selling sensitive company information to a competitor. | industrial espionage or corporate espionage |
| Published company policies provide the ____ for a business to conduct internal investigations. | line of authority |
| A computer forensics investigator maintains an investigation’s credibility by keeping the case ____. | confidential |
| The ____________________ to the U.S. Constitution (and each state’s constitution) protects everyone’s rights to be secure in their person, residence, and property from search and seizure. | Fourth Amendment |
| When you work in the ____________________ and risk management group, you test and verify the integrity of standalone workstations and network servers. | vulnerability assessment |
| Government organizations must observe items such as Article 8 in the Charter of Rights of Canada and, in the United States, Fourth Amendment issues related to ____________________ rules. | search and seizure |
| One way a private or public organization can avoid litigation is to display a(n) ____________________. | warning banner |
| Involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases | Computer Forensics |
| Yields information about how a perpetrator or hacker gained access to a network | Network forensics |
| Involves recovering information from a computer that was deleted by mistake or lost during a power surge | Data recovery |
| Is the legal process of proving guilt or innocence in court | Litigation |
| Popular Computer Forensics Tool | Encase |
| In this type of case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation | Criminal |
| Provides a record of clues to crimes that have been committed previously and is an aid for all current and future investigations | Police blotter |
| Is a common computer crime, particularly in small firms | Embezzlement |
| ____ recovery involves ______ information from a computer that was deleted by mistake or lost during a power surge, for example (in your answer, separate the two words by comma) | Data, recovering |
| The ____ is the route the evidence takes from the time you find it until the case is closed or goes to court. | chain of custody |
| The list of problems you normally expect in the type of case you are handling is known as the ____. | standard risk assessment |
| What can you use to boot to Windows without writing any data to the evidence disk? | Write-blockers |
| A(n) ____ is an exact duplicate of the original data. | forensic copy |
| After you close the case and make your final report, you need to meet with your department or a group of fellow investigators and ____. | critique the case |
| A(n) ____________________ is where you conduct your investigations and where most of your equipment and software are located, including the secure evidence locker. | computer forensics lab, data-recovery lab |
| Disk area between the end of a file and the allotted space for that file | Slack space |
| Is the more well-known and lucrative side of the computer forensics business | Data recovery |
| Space on the drive not currently assigned to an existing file | Free space |
| Launch attacks on the network, workstations, and servers to assess vulnerabilities | Vulnerability assessment and risk management |
| Track, locate, and identify the intruder and deny further access to the network | Incident response |
| ____ involves determining how much risk is acceptable for any process or operation, such as replacing equipment | Risk management |
| The U.S. Department of Defense calls the special computer-emission shielding that prevents electronic eavesdropping of any computer emissions____. | TEMPEST |
| ____ are generated at the federal, state, and local levels to show the types and frequency of crimes committed. | Uniform crime reports |
| True or False: Recent developments in computer forensics have made tools available that can acquire data remotely over a network. | False |
| A forensics workstation consisting of a laptop computer with a built-in LCD monitor and almost as many bays and peripherals as a stationary workstation is also known as a ____. | portable workstation |
| Raw data is a direct copy of a disk drive. An example of a Raw image is output from the ____ command. | dd |
| Hardware manufacturers have designed most computer components to last about ____________________ months between failures. | 18 |
| Every business or organization must have a well-defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a ____ that a law or policy is being violated. | reasonable suspicion |
| Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab. | initial-response field kit |
| A(n) ____ should include all the tools you can afford to take to the field. | extensive-response field kit |
| Evidence is commonly lost or corrupted through ____, which involves police officers and other professionals who aren’t part of the crime scene processing team. | professional curiosity |
| One technique for extracting evidence from large systems is called ____. | sparse evidence file recovery |
| Investigating and controlling computer incident scenes in the corporate environment is ____ in the criminal environment. | much easier than |
| If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have a(n) ____________________. | expectation of privacy |
| A computer stores system configuration and date and time information in the ____ when power to the system is off. | CMOS |
| A ____ is an individual section on a disk track, usually made up of 512 bytes. | sector |
| In Microsoft file structures, sectors are grouped to form ____, which are storage allocation units of 512, 1024, 2048, 4096, or more bytes. | clusters |
| The ____ is the file structure database that Microsoft originally designed for floppy disks. | File Allocation Table (FAT) |
| In which of the following files can you define the default path and set environmental variables, such as temporary directories? | Autoexec.bat |
| What is the first file on an NTFS disk? | Master File Table |
| The ____ on an NTFS disk contains information about all files located on the disk, including the system files the OS uses. | MFT |
| When Microsoft introduced Windows 2000, it added built-in encryption to NTFS, referred to as ____. | Encrypted File System |
| On a Windows XP system, the ____ file loads the OS during a startup process. | NTLDR |
| If a system has multiple booting OSs using older systems such as Windows 9x or DOS, NTLDR reads the ____ file, which contains the address, or boot sector location, of each OS. | BootSect.dos |
| On a MS-DOS system, the ____ file resides in RAM and provides basic input/output services. | Io.sys |
| ____________________ density addresses the space between each track on a disk. | Track |
| After deleting a file, the area of the disk where the deleted file resides becomes _________________________. | unallocated disk space or free disk space |
| ________ performs input/output at hardware level. | BIOS |
| ____ is the device that reads/writes data to the disk platter. | the head |
| ____ are individual circles on a disk platter. | the tracks |
| ____ is a file in the boot disk that stores information about partitions (location, size and other critical items) | MBR |
| ____ is bytes not used on the sector by the file | file slack |
| In Windows XP, ____ file displays the boot menu. | boot.ini |
| _____ is a file that manages the virtual memory in Windows XP | pagefile.sys |
| _________ are programs which provide instructions for the OS to handle hardware devices | the device drivers |
| True or False: The Fourth Amendment to the U.S.Constitution (and each state’s constitution) protects everyone’s rights to be secure in their person, residence, and property from search and seizure. | True |
| True or False: Embezzlement is a common computer crime, particularly in small firms. | True |
| Network forensics uses ____ to determine when users logged on or last used their logon IDs. | log files |
| One of the most well-known crimes of the mainframe era is the ____. | one-half cent |
| Computers are involved in many serious crimes. The most notorious are those involving ____. | child molestation |
Created by:
cturpin