Chat with AI
Deck 5: Processing Crime and Incident Scenes
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 5: Processing Crime and Incident Scenes
1
Environmental and ____ issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.
A) legal
B) safety
C) corporate
D) physical
A) legal
B) safety
C) corporate
D) physical
B
2
Every business or organization must have a well defined process that describes when an investigation can be initiated. At a minimum, most corporate policies require that employers have a ____ that a law or policy is being violated.
A) confirmed suspicion
B) proof
C) court order stating
D) reasonable suspicion
A) confirmed suspicion
B) proof
C) court order stating
D) reasonable suspicion
D
3
When recovering evidence from a contaminated crime scene, if the temperature in the contaminated room is higher than ____ degrees, you should take measures to prevent a hard disk from overheating to prevent damage.
A) 80
B) 90
C) 95
D) 105
A) 80
B) 90
C) 95
D) 105
A
4
A(n) ____ should include all the tools you can afford to take to the field.
A) initial-response field kit
B) extensive-response field kit
C) forensic lab
D) forensic workstation
A) initial-response field kit
B) extensive-response field kit
C) forensic lab
D) forensic workstation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Investigating and controlling computer incident scenes in the corporate environment is ____ in the criminal environment.
A) much easier than
B) as easy as
C) as difficult as
D) more difficult than
A) much easier than
B) as easy as
C) as difficult as
D) more difficult than
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
ISPs can investigate computer abuse committed by their customers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
With a(n) ____ you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.
A) bit-stream copy utility
B) extensive-response field kit
C) initial-response field kit
D) seizing order
A) bit-stream copy utility
B) extensive-response field kit
C) initial-response field kit
D) seizing order
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Courts consider evidence data in a computer as ____ evidence.
A) physical
B) invalid
C) virtual
D) logical
A) physical
B) invalid
C) virtual
D) logical
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The reason for the standard practice of securing an incident or crime scene is to expand the area of control beyond the scene's immediate location.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
Confidential business data included with the criminal evidence are referred to as ____ data.
A) commingled
B) exposed
C) public
D) revealed
A) commingled
B) exposed
C) public
D) revealed
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
Evidence is commonly lost or corrupted through ____, which involves police officers and other professionals who aren't part of the crime scene processing team.
A) onlookers
B) HAZMAT teams
C) FOIA laws
D) professional curiosity
A) onlookers
B) HAZMAT teams
C) FOIA laws
D) professional curiosity
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Corporate investigators always have the authority to seize all computers equipments during a corporate investigation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
The FOIA was originally enacted in the ____.
A) 1940s
B) 1950s
C) 1960s
D) 1970s
A) 1940s
B) 1950s
C) 1960s
D) 1970s
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Most federal courts have interpreted computer records as ____ evidence.
A) conclusive
B) regular
C) hearsay
D) direct
A) conclusive
B) regular
C) hearsay
D) direct
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.
A) evidence custody form
B) FOIA form
C) affidavit
D) warrant
A) evidence custody form
B) FOIA form
C) affidavit
D) warrant
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
____ is facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed.
A) Reasonable cause
B) Probable cause
C) A subpoena
D) A warrant
A) Reasonable cause
B) Probable cause
C) A subpoena
D) A warrant
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Generally, computer records are considered admissible if they qualify as a ____ record.
A) hearsay
B) business
C) computer-generated
D) computer-stored
A) hearsay
B) business
C) computer-generated
D) computer-stored
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
____ records are data the system maintains, such as system log files and proxy server logs.
A) Computer-generated
B) Business
C) Computer-stored
D) Hearsay
A) Computer-generated
B) Business
C) Computer-stored
D) Hearsay
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
A judge can exclude evidence obtained from a poorly worded warrant.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
If a corporate investigator follows police instructions to gather additional evidence without a search warrant after you have reported the crime, you run the risk of becoming an agent of law enforcement.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
agencies must comply with these laws and make documents they find and create available as public records
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
agencies must comply with these laws and make documents they find and create available as public records
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
fingerprints can be tested with these systems
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
fingerprints can be tested with these systems
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
The most common computer-related crime is ____.
A) homicide
B) check fraud
C) car stealing
D) sniffing
A) homicide
B) check fraud
C) car stealing
D) sniffing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Some computer cases involve dangerous settings. For these types of investigations, you must rely on the skills of _________________________ teams to recover evidence from the scene.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Real-time surveillance requires ____ data transmissions between a suspect's computer and a network server.
A) poisoning
B) sniffing
C) blocking
D) preventing
A) poisoning
B) sniffing
C) blocking
D) preventing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Certain files, such as the ____ and Security log in Windows XP, might lose essential network activity records if the power is terminated without a proper shutdown.
A) Password log
B) Word log
C) Io.sys
D) Event log
A) Password log
B) Word log
C) Io.sys
D) Event log
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
you should rely on this when dealing with a terrorist attack
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
you should rely on this when dealing with a terrorist attack
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
When an investigator finds a mix of information, judges often issue a(n) _________________________ to the warrant, which allows the police to separate innocent information from evidence.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
covert surveillance product
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
covert surveillance product
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
One technique for extracting evidence from large systems is called ____.
A) RAID copy
B) RAID imaging
C) large evidence file recovery
D) sparse acquisition
A) RAID copy
B) RAID imaging
C) large evidence file recovery
D) sparse acquisition
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
sets standards for recovering, preserving, and examining digital evidence
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
sets standards for recovering, preserving, and examining digital evidence
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
secondhand or indirect evidence, such as an overheard conversation
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
secondhand or indirect evidence, such as an overheard conversation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older ____ or MS-DOS system.
A) Windows XP
B) Windows 9x
C) Windows NT
D) Windows Me
A) Windows XP
B) Windows 9x
C) Windows NT
D) Windows Me
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
what most cases in the corporate environment are considered
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
what most cases in the corporate environment are considered
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
_____________________ can be any information stored or transmitted in digital form.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
a data-collecting tool
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
a data-collecting tool
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
If a company does not publish a policy stating that it reserves the right to inspect computing assets at will or display a warning banner, employees have a(n) _________________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
When seizing computer evidence in criminal investigations, follow the ____ standards for seizing digital data.
A) Homeland Security Department
B) Patriot Act
C) U.S. DoJ
D) U.S. DoD
A) Homeland Security Department
B) Patriot Act
C) U.S. DoJ
D) U.S. DoD
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Private-sector organizations include businesses and _________________________ that aren't involved in law enforcement.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Match each item with a statement below
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
information unrelated to a computing investigation case
a.Innocent information
f.Low-level investigations
b.AFIS
g.Hearsay
c.EnCase Enterprise Edition
h.Spector
d.FOIA
i.HAZMAT
e.IOCE
information unrelated to a computing investigation case
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Give some guidelines on how to video record a computer incident or crime scene.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Illustrate with an example the problems caused by commingled data.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
How can you secure a computer incident or crime scene?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Briefly describe the process of obtaining a search warrant.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What is the plain view doctrine?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Describe how to use a journal when processing a major incident or crime scene.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
Why should companies publish a policy stating their right to inspect computing assets at will?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Describe the process of preparing an investigation team.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What should you do when working on an Internet investigation and the suspect's computer is on?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
How can you determine who is in charge of an investigation?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
