Question 1

Environmental and ____ issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.&#10;A) legal&#10;B) safety&#10;C) corporate&#10;D) physical

Accepted Answer

Safety issues are paramount when gathering information at a crime or incident scene, as they ensure the safety of both the investigator and anyone else in the vicinity. Environmental concerns may also be a consideration to prevent further damage or harm to the environment. Legal and corporate issues may be important but are secondary to safety and environmental concerns. Physical issues may be addressed as part of the investigation but are not the primary concern.

Question 2

Every business or organization must have a well defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a ____ that a law or policy is being violated.

A) confirmed suspicion
B) proof
C) court order stating
D) reasonable suspicion

D

Accepted Answer

Reasonable suspicion is the most commonly used standard for initiating an investigation. It means that the employer has some credible information, based on facts and circumstances, that an employee has violated a law or company policy. A confirmed suspicion or a court order stating a violation may also trigger an investigation, but these are less common scenarios. Proof may be required later in the investigation process, but it is not necessary to initiate an investigation.

Question 3

When recovering evidence from a contaminated crime scene, if the temperature in the contaminated room is higher than ____ degrees, you should take measures to prevent a hard disk from overheating to prevent damage.

A) 80
B) 90
C) 95
D) 105

A

Accepted Answer

A

Question 4

A(n) ____ should include all the tools you can afford to take to the field.&#10;A) initial-response field kit&#10;B) extensive-response field kit&#10;C) forensic lab&#10;D) forensic workstation

Accepted Answer

An extensive-response field kit should include all the tools you can afford to take to the field, as it is designed to provide a comprehensive set of tools and equipment for conducting forensic investigations in the field. Choices A, C, and D are not the best choices as they refer to specific locations or equipment, rather than a set of tools for field investigations.

Question 5

Investigating and controlling computer incident scenes in the corporate environment is ____ in the criminal environment.&#10;A) much easier than&#10;B) as easy as&#10;C) as difficult as&#10;D) more difficult than

Accepted Answer

The answer of Investigating and controlling computer incident scenes in...

Question 6

ISPs can investigate computer abuse committed by their customers.

Accepted Answer

The answer of ISPs can investigate computer abuse committed by...

Question 7

With a(n) ____ you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.&#10;A) bit-stream copy utility&#10;B) extensive-response field kit&#10;C) initial-response field kit&#10;D) seizing order

Accepted Answer

An initial-response field kit is designed for quick and efficient on-scene data acquisition and is meant to be lightweight and easily transportable. It contains basic equipment and supplies needed for evidence collection, such as gloves, swabs, containers, and documentation tools. The kit allows the investigator to collect and document evidence efficiently and then transport it back to the laboratory for further examination. A bit-stream copy utility is a device or software used to create a duplicate of digital data, such as a hard drive, and is not specifically designed for on-scene data acquisition. An extensive-response field kit is a larger kit designed for more in-depth response to a scene, such as a hazardous materials spill or large-scale criminal investigation. A seizing order is a legal document used to authorize law enforcement to seize property or assets associated with criminal activity.

Question 8

Courts consider evidence data in a computer as ____ evidence.&#10;A) physical&#10;B) invalid&#10;C) virtual&#10;D) logical

Accepted Answer

Courts consider evidence data in a computer as physical evidence because it is tangible and can be presented in a court of law, similar to other physical items like documents or objects.

Question 9

The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.

Accepted Answer

Securing an incident or crime scene involves expanding the area of control to preserve and protect the scene from contamination and tampering, which may include securing the outer perimeter and controlling access to the surrounding area.

Question 10

Confidential business data included with the criminal evidence are referred to as ____ data.&#10;A) commingled&#10;B) exposed&#10;C) public&#10;D) revealed

Accepted Answer

Commingled data refers to the mixture of different types of data, such as confidential business information combined with criminal evidence, within the same dataset or storage medium.

Question 11

Evidence is commonly lost or corrupted through ____, which involves police officers and other professionals who aren't part of the crime scene processing team.&#10;A) onlookers&#10;B) HAZMAT teams&#10;C) FOIA laws&#10;D) professional curiosity

Accepted Answer

The answer of Evidence is commonly lost or corrupted through...

Question 12

Corporate investigators always have the authority to seize all computers equipments during a corporate investigation.

Accepted Answer

The answer of Corporate investigators always have the authority to...

Question 13

The FOIA was originally enacted in the ____.&#10;A) 1940s&#10;B) 1950s&#10;C) 1960s&#10;D) 1970s

Accepted Answer

The answer of The FOIA was originally enacted in the...

Question 14

Most federal courts have interpreted computer records as ____ evidence.&#10;A) conclusive&#10;B) regular&#10;C) hearsay&#10;D) direct

Accepted Answer

The answer of Most federal courts have interpreted computer records...

Question 15

Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.&#10;A) evidence custody form&#10;B) FOIA form&#10;C) affidavit&#10;D) warrant

Accepted Answer

The answer of Law enforcement investigators need a(n) ____ to...

Question 16

____ is facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed.&#10;A) Reasonable cause&#10;B) Probable cause&#10;C) A subpoena&#10;D) A warrant

Accepted Answer

The answer of ____ is facts or circumstances that would...

Question 17

Generally, computer records are considered admissible if they qualify as a ____ record.&#10;A) hearsay&#10;B) business&#10;C) computer-generated&#10;D) computer-stored

Accepted Answer

The answer of Generally, computer records are considered admissible if...

Question 18

____ records are data the system maintains, such as system log files and proxy server logs.&#10;A) Computer-generated&#10;B) Business&#10;C) Computer-stored&#10;D) Hearsay

Accepted Answer

The answer of ____ records are data the system maintains,...

Question 19

A judge can exclude evidence obtained from a poorly worded warrant.

Accepted Answer

The answer of A judge can exclude evidence obtained from...

Question 20

If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.

Accepted Answer

The answer of If a corporate investigator follows police instructions...

Question 21

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;agencies must comply with these laws and make documents they find and create available as public records

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 22

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;fingerprints can be tested with these systems

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 23

The most common computer-related crime is ____.&#10;A) homicide&#10;B) check fraud&#10;C) car stealing&#10;D) sniffing

Accepted Answer

The answer of The most common computer-related crime is ____.&#10;A)...

Question 24

Some computer cases involve dangerous settings. For these types of investigations, you must rely on the skills of _________________________ teams to recover evidence from the scene.

Accepted Answer

The answer of Some computer cases involve dangerous settings. For...

Question 25

Real-time surveillance requires ____ data transmissions between a suspect's computer and a network server.&#10;A) poisoning&#10;B) sniffing&#10;C) blocking&#10;D) preventing

Accepted Answer

The answer of Real-time surveillance requires ____ data transmissions between...

Question 26

Certain files, such as the ____ and Security log in Windows XP, might lose essential network activity records if the power is terminated without a proper shutdown.&#10;A) Password log&#10;B) Word log&#10;C) Io.sys&#10;D) Event log

Accepted Answer

The answer of Certain files, such as the ____ and...

Question 27

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;you should rely on this when dealing with a terrorist attack

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 28

When an investigator finds a mix of information, judges often issue a(n) _________________________ to the warrant, which allows the police to separate innocent information from evidence.

Accepted Answer

The answer of When an investigator finds a mix of...

Question 29

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;covert surveillance product

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 30

One technique for extracting evidence from large systems is called ____.&#10;A) RAID copy&#10;B) RAID imaging&#10;C) large evidence file recovery&#10;D) sparse acquisition

Accepted Answer

The answer of One technique for extracting evidence from large...

Question 31

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;sets standards for recovering, preserving, and examining digital evidence

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 32

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;secondhand or indirect evidence, such as an overheard conversation

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 33

During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older ____ or MS-DOS system.&#10;A) Windows XP&#10;B) Windows 9x&#10;C) Windows NT&#10;D) Windows Me

Accepted Answer

The answer of During an investigation involving a live computer,...

Question 34

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;what most cases in the corporate environment are considered

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 35

_____________________ can be any information stored or transmitted in digital form.

Accepted Answer

The answer of _____________________ can be any information stored or...

Question 36

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;a data-collecting tool

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 37

If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have a(n) _________________________.

Accepted Answer

The answer of If a company does not publish a...

Question 38

When seizing computer evidence in criminal investigations, follow the ____ standards for seizing digital data.&#10;A) Homeland Security Department&#10;B) Patriot Act&#10;C) U.S. DoJ&#10;D) U.S. DoD

Accepted Answer

The answer of When seizing computer evidence in criminal investigations,...

Question 39

Private-sector organizations include businesses and _________________________ that aren't involved in law enforcement.

Accepted Answer

The answer of Private-sector organizations include businesses and _________________________ that...

Question 40

Match each item with a statement below&#10;a.Innocent information&#10;f.Low-level investigations&#10;b.AFIS&#10;g.Hearsay&#10;c.EnCase Enterprise Edition&#10;h.Spector&#10;d.FOIA&#10;i.HAZMAT&#10;e.IOCE&#10;information unrelated to a computing investigation case

Accepted Answer

The answer of Match each item with a statement below&#10;a.Innocent...

Question 41

Give some guidelines on how to video record a computer incident or crime scene.

Accepted Answer

The answer of Give some guidelines on how to video...

Question 42

Illustrate with an example the problems caused by commingled data.

Accepted Answer

The answer of Illustrate with an example the problems caused...

Question 43

How can you secure a computer incident or crime scene?

Accepted Answer

The answer of How can you secure a computer incident...

Question 44

Briefly describe the process of obtaining a search warrant.

Accepted Answer

The answer of Briefly describe the process of obtaining a...

Question 45

What is the plain view doctrine?

Accepted Answer

The answer of What is the plain view doctrine?...

Question 46

Describe how to use a journal when processing a major incident or crime scene.

Accepted Answer

The answer of Describe how to use a journal when...

Question 47

Why should companies publish a policy stating their right to inspect computing assets at will?

Accepted Answer

The answer of Why should companies publish a policy stating...

Question 48

Describe the process of preparing an investigation team.

Accepted Answer

The answer of Describe the process of preparing an investigation...

Question 49

What should you do when working on an Internet investigation and the suspect's computer is on?

Accepted Answer

The answer of What should you do when working on...

Question 50

How can you determine who is in charge of an investigation?

Accepted Answer

The answer of How can you determine who is in...

Deck 5: Processing Crime and Incident Scenes