Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 11: Searching and Seizing Computer-Related Evidence

Full screen (f)
exit full mode
Question
________ are usually characterized by drives without covers, unusual connections, various external media, or cluttered work space.

A) Mainframes
B) Specialty and hacker computers
C) Netbooks and tablets
D) Fuzzy logic tools
Use Space or
up arrow
down arrow
to flip the card.
Question
Computer components or media are ________ intemperate environments.

A) not susceptible to
B) not damaged in
C) especially vulnerable to
D) slightly susceptible to
Question
Which of the following statements applies to all on-scene personnel regardless of their assignment?

A) Final preraid briefings do not include cautionary admonitions.
B) It is unacceptable to compile more equipment than necessary.
C) Traditional procedures for crime-scene investigation remain sacrosanct.
D) Officer safety generally takes a backseat during investigations.
Question
Which of the following would be in a traditional criminal investigative toolkit?

A) hex editors
B) color scanner
C) multiple boot disks
D) evidence tape
Question
Capturing the investigative process on videotape and other such documentation is especially important in cases where violations of ________ are alleged.

A) digital protocol
B) SMEAC
C) the Electronic Communication Privacy Act
D) business ethics
Question
Which of the following characterizes viewer forensic software?

A) It enables investigators to view files in hexadecimal formats.
B) It enables investigators to quickly scan the contents of large numbers of computer files.
C) It enables investigators to quickly search for keywords applicable to the current investigation.
D) It enables investigators to capture potential evidence residing in print buffers.
Question
Which of the following is true of seizure of equipment?

A) Investigators need not substantiate any request for seizure of equipment.
B) Permission is implicit for seizing all hardware and storage devices.
C) Explicit permission is preferred for seizing all hardware and storage devices.
D) Criminal contraband can be seized only with judicial authority.
Question
Computer monitors have proven a popular place for hiding ________, especially for multiple system users.

A) cash
B) passwords
C) pornography
D) wiping programs
Question
Which of the following does NOT constitute an on-scene activity in any investigation?

A) warrant preparation
B) knock, notice, and document
C) scene processing
D) securing the crime scene
Question
Computer manuals and packaging materials might be useful for investigators for all of the following reasons EXCEPT which?

A) They are legally required for the related hardware to be admitted as evidence.
B) They can alert investigators to hidden programs.
C) They are often a popular place for hiding passwords.
D) They can provide clues about the relative sophistication of the user.
Question
Which of the following is NOT an element of probable cause that needs to be articulated to a magistrate in order to secure a warrant?

A) probable cause that a crime has been committed
B) probable cause that the criminal has escaped
C) probable cause that evidence of a crime exists
D) probable cause that extant evidence resides in a particular location
Question
Dumpster diving refers to ________ that can provide incriminating digital evidence such as passwords or personal information on suspects.

A) investigators processing any trash
B) reconnaissance outside a suspect scene
C) deleting all data onto an external hard drive
D) criminals throwing into the trash any hardware
Question
Tools such as screwdrivers, hex wrenches, and plyers used to open computer boxes should be ________.

A) electric
B) battery-operated
C) magnetic
D) manual
Question
An investigation plan that details the background of the suspects relates to which aspect of SMEAC?

A) execution
B) mission
C) communications
D) situation
Question
Which of the following circumstances would be considered exigent?

A) potential for evidence destruction
B) presence of resident
C) immaturity of target
D) no prior knowledge of search
Question
Extra attention by investigators to the configuration of computer equipment, including connections, and the back of the computer serves the following purposes EXCEPT ________.

A) enabling investigators to fully document to the court the manner in which the scene was processed
B) serving as a refresher for investigators called to testify months or years after the fact
C) enabling investigators to duplicate the original state of the computer in court
D) enabling investigators to apply for a no-knock warrant
Question
Which of the following would be in a computer-specific criminal investigative toolkit?

A) forensic software
B) labeling materials
C) mobile carts
D) photographic equipment
Question
The arrest team has the responsibility of arresting suspects and ________.

A) interrogating them
B) transporting them in custody
C) physically searching them for evidence
D) seizing their belongings
Question
A ________ is critical for the analysis of computer-related evidence and courtroom presentation.

A) boardroom
B) police station
C) fire department
D) forensic laboratory
Question
________ ensure data integrity, preventing intentional or accidental manipulation of data.

A) Recovery tools
B) Wiping programs
C) Locking programs
D) Fuzzy logic tools
Question
The interview and interrogation team should possess ________.

A) exceptional sketching skills
B) exceptional communication skills
C) bagging and tagging skills
D) supervisory skills
Question
Requests for "no-knock" warrants by investigators are not considered even in exigent circumstances.
Question
The physical search team is responsible for collection of all potential computer evidence.
Question
In the preliminary plan of investigation, the mission paragraph of SMEAC elaborates on how the mission will be accomplished.
Question
Investigators searching a computer for emails exchanged on a terrorist attack inadvertently uncover spreadsheets that establish illegal money laundering.A primary warrant will cover both crimes.
Question
Faraday bags can shield wireless devices from remote corruption or deletion of data from cellular, WiFi, or radio signals.
Question
The first step in the preparation of any warrant application for a computer investigation is the operationalization of the crime and, more specifically, defining the role of the ________ in it.

A) investigator
B) suspect
C) computer
D) police
Question
Investigators wear latex gloves to avoid contamination of fingerprints or other potential trace evidence.
Question
The seizure team is responsible for bagging and tagging.
Question
Which of the following would be least advisable if an investigator's camera ran out of film during a crime-scene investigation?

A) Use the suspect's cell phone to take photos.
B) Borrow film from another investigator.
C) Request the scene photographer to take additional photos.
D) Use the investigator's cell phone to take pictures.
Question
At the majority of crime scenes, the execution of the search warrant involves the first step of knock, arrest, and seize.
Question
Assessment of digital evidence is typically done by analyzing small samples that preserve the totality of the evidence.
Question
Magnetic pulses emitted from car radios and transmitters may ________ computer-related evidence.

A) ensure data integrity of
B) cause information overload in
C) lead to data overload of
D) cause information erasure in
Question
Compared to photographs, sketches represent a more focused illustration of applicable evidence.
Question
Responsibilities of on-scene case supervisors include information dissemination, and interaction with media.
Question
To preserve computer evidence, temperatures should reach no higher than 90° F and no lower than 60° F.
Question
Innocuous material such as Post-it notes, discarded media, or packaging material will not help in proving intent in a criminal court.
Question
Computer criminals pose the same risks to investigators when compared to traditional suspects.
Question
________ allow(s) interviewing of witnesses based on developing evidence, yet may be impossible if there are multiple computers or large drive computers or excessive media.

A) Personnel gathering
B) Warrant preparation
C) Off-site searches
D) On-site searches
Question
At a physically and electronically secured site, investigators should gather trace evidence after seizure of electronic evidence.
Question
Discuss the five-paragraph SMEAC that should ideally find a place in any investigation plan.
Question
The ________ team creates a visible barrier against scene contamination, evidence destruction, and media impropriety.
Question
A detailed chain of custody report forms part of ________ specific documentation.
Question
SMEAC includes situation, mission, ________, avenues of approach and escape, and communications.
Question
Traditional equipment includes evidence tape, used to mark the ________ of the crime scene.
Question
________, conductive, and Faraday bags are especially important in the storage, analysis, and transportation of digital evidence.
Question
Capturing the entire computer investigation process on ________ is highly recommended.
Question
Write-blocking is necessary to negate challenges of corruption or contamination of ________.
Question
What steps must be taken to protect computer evidence from getting destroyed, contaminated, or corrupted?
Question
Traditional plastic evidence bags may generate levels of ________ dangerous to computer media.
Question
________ gathering is critical to the development of a comprehensive warrant for a computer crime.
Question
Hacker computers should be approached with great caution as hackers take pains to protect their own systems from ________.
Question
Password crackers enable investigators to circumvent many ________ measures employed by the suspect.
Question
Computer crime investigations require assessment of ________, which is volatile and voluminous, susceptible to climatic factors as well as human error.
Question
Any type of ________ field poses a potentially calamitous risk to computer media and hardware.
Question
Why is documentation so important for any successful criminal investigation? List the minimum non-computer-specific documentation required for an investigation.
Question
Once evidence has been identified, it is necessary to determine if the evidence is actually ________.
Question
Computer components and media are more fragile than some ________ forms of evidence.
Question
Discuss why it is considered so important for computer experts to assess digital evidence.What risks do you foresee if noncomputer experts were to handle such evidence?
Question
Some investigators proclaim the merits of vagueness and obfuscation in warrant applications.Do you agree that this increases their investigative authority? When are multiple warrants encouraged?
Question
Match between columns
Premises:
Responses:
Case supervisor
scheduling personnel and preparing for the equipment
Case supervisor
identify and mark any and all potential evidence
Case supervisor
create a visible barrier against scene contamination and evidence destruction
Case supervisor
videotape the activities of on-scene investigators
Case supervisor
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Physical search team
scheduling personnel and preparing for the equipment
Physical search team
identify and mark any and all potential evidence
Physical search team
create a visible barrier against scene contamination and evidence destruction
Physical search team
videotape the activities of on-scene investigators
Physical search team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Sketch and photo team
scheduling personnel and preparing for the equipment
Sketch and photo team
identify and mark any and all potential evidence
Sketch and photo team
create a visible barrier against scene contamination and evidence destruction
Sketch and photo team
videotape the activities of on-scene investigators
Sketch and photo team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Seizure team
scheduling personnel and preparing for the equipment
Seizure team
identify and mark any and all potential evidence
Seizure team
create a visible barrier against scene contamination and evidence destruction
Seizure team
videotape the activities of on-scene investigators
Seizure team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Scene security team
scheduling personnel and preparing for the equipment
Scene security team
identify and mark any and all potential evidence
Scene security team
create a visible barrier against scene contamination and evidence destruction
Scene security team
videotape the activities of on-scene investigators
Scene security team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Question
Match between columns
Premises:
Responses:
Antivirus software
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Antivirus software
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Antivirus software
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Antivirus software
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Antivirus software
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Surge protectors and uninterruptible power supply
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Surge protectors and uninterruptible power supply
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Surge protectors and uninterruptible power supply
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Surge protectors and uninterruptible power supply
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Surge protectors and uninterruptible power supply
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Imaging software
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Imaging software
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Imaging software
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Imaging software
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Imaging software
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Multiple boot disks
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Multiple boot disks
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Multiple boot disks
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Multiple boot disks
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Multiple boot disks
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Text editors
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Text editors
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Text editors
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Text editors
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Text editors
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/62
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 11: Searching and Seizing Computer-Related Evidence
1
________ are usually characterized by drives without covers, unusual connections, various external media, or cluttered work space.

A) Mainframes
B) Specialty and hacker computers
C) Netbooks and tablets
D) Fuzzy logic tools
B
2
Computer components or media are ________ intemperate environments.

A) not susceptible to
B) not damaged in
C) especially vulnerable to
D) slightly susceptible to
C
3
Which of the following statements applies to all on-scene personnel regardless of their assignment?

A) Final preraid briefings do not include cautionary admonitions.
B) It is unacceptable to compile more equipment than necessary.
C) Traditional procedures for crime-scene investigation remain sacrosanct.
D) Officer safety generally takes a backseat during investigations.
C
4
Which of the following would be in a traditional criminal investigative toolkit?

A) hex editors
B) color scanner
C) multiple boot disks
D) evidence tape
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
5
Capturing the investigative process on videotape and other such documentation is especially important in cases where violations of ________ are alleged.

A) digital protocol
B) SMEAC
C) the Electronic Communication Privacy Act
D) business ethics
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following characterizes viewer forensic software?

A) It enables investigators to view files in hexadecimal formats.
B) It enables investigators to quickly scan the contents of large numbers of computer files.
C) It enables investigators to quickly search for keywords applicable to the current investigation.
D) It enables investigators to capture potential evidence residing in print buffers.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following is true of seizure of equipment?

A) Investigators need not substantiate any request for seizure of equipment.
B) Permission is implicit for seizing all hardware and storage devices.
C) Explicit permission is preferred for seizing all hardware and storage devices.
D) Criminal contraband can be seized only with judicial authority.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
8
Computer monitors have proven a popular place for hiding ________, especially for multiple system users.

A) cash
B) passwords
C) pornography
D) wiping programs
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following does NOT constitute an on-scene activity in any investigation?

A) warrant preparation
B) knock, notice, and document
C) scene processing
D) securing the crime scene
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
10
Computer manuals and packaging materials might be useful for investigators for all of the following reasons EXCEPT which?

A) They are legally required for the related hardware to be admitted as evidence.
B) They can alert investigators to hidden programs.
C) They are often a popular place for hiding passwords.
D) They can provide clues about the relative sophistication of the user.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is NOT an element of probable cause that needs to be articulated to a magistrate in order to secure a warrant?

A) probable cause that a crime has been committed
B) probable cause that the criminal has escaped
C) probable cause that evidence of a crime exists
D) probable cause that extant evidence resides in a particular location
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
12
Dumpster diving refers to ________ that can provide incriminating digital evidence such as passwords or personal information on suspects.

A) investigators processing any trash
B) reconnaissance outside a suspect scene
C) deleting all data onto an external hard drive
D) criminals throwing into the trash any hardware
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
13
Tools such as screwdrivers, hex wrenches, and plyers used to open computer boxes should be ________.

A) electric
B) battery-operated
C) magnetic
D) manual
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
14
An investigation plan that details the background of the suspects relates to which aspect of SMEAC?

A) execution
B) mission
C) communications
D) situation
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following circumstances would be considered exigent?

A) potential for evidence destruction
B) presence of resident
C) immaturity of target
D) no prior knowledge of search
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
16
Extra attention by investigators to the configuration of computer equipment, including connections, and the back of the computer serves the following purposes EXCEPT ________.

A) enabling investigators to fully document to the court the manner in which the scene was processed
B) serving as a refresher for investigators called to testify months or years after the fact
C) enabling investigators to duplicate the original state of the computer in court
D) enabling investigators to apply for a no-knock warrant
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following would be in a computer-specific criminal investigative toolkit?

A) forensic software
B) labeling materials
C) mobile carts
D) photographic equipment
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
18
The arrest team has the responsibility of arresting suspects and ________.

A) interrogating them
B) transporting them in custody
C) physically searching them for evidence
D) seizing their belongings
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
19
A ________ is critical for the analysis of computer-related evidence and courtroom presentation.

A) boardroom
B) police station
C) fire department
D) forensic laboratory
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
20
________ ensure data integrity, preventing intentional or accidental manipulation of data.

A) Recovery tools
B) Wiping programs
C) Locking programs
D) Fuzzy logic tools
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
21
The interview and interrogation team should possess ________.

A) exceptional sketching skills
B) exceptional communication skills
C) bagging and tagging skills
D) supervisory skills
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
22
Requests for "no-knock" warrants by investigators are not considered even in exigent circumstances.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
23
The physical search team is responsible for collection of all potential computer evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
24
In the preliminary plan of investigation, the mission paragraph of SMEAC elaborates on how the mission will be accomplished.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
25
Investigators searching a computer for emails exchanged on a terrorist attack inadvertently uncover spreadsheets that establish illegal money laundering.A primary warrant will cover both crimes.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
26
Faraday bags can shield wireless devices from remote corruption or deletion of data from cellular, WiFi, or radio signals.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
27
The first step in the preparation of any warrant application for a computer investigation is the operationalization of the crime and, more specifically, defining the role of the ________ in it.

A) investigator
B) suspect
C) computer
D) police
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
28
Investigators wear latex gloves to avoid contamination of fingerprints or other potential trace evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
29
The seizure team is responsible for bagging and tagging.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
30
Which of the following would be least advisable if an investigator's camera ran out of film during a crime-scene investigation?

A) Use the suspect's cell phone to take photos.
B) Borrow film from another investigator.
C) Request the scene photographer to take additional photos.
D) Use the investigator's cell phone to take pictures.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
31
At the majority of crime scenes, the execution of the search warrant involves the first step of knock, arrest, and seize.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
32
Assessment of digital evidence is typically done by analyzing small samples that preserve the totality of the evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
33
Magnetic pulses emitted from car radios and transmitters may ________ computer-related evidence.

A) ensure data integrity of
B) cause information overload in
C) lead to data overload of
D) cause information erasure in
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
34
Compared to photographs, sketches represent a more focused illustration of applicable evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
35
Responsibilities of on-scene case supervisors include information dissemination, and interaction with media.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
36
To preserve computer evidence, temperatures should reach no higher than 90° F and no lower than 60° F.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
37
Innocuous material such as Post-it notes, discarded media, or packaging material will not help in proving intent in a criminal court.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
38
Computer criminals pose the same risks to investigators when compared to traditional suspects.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
39
________ allow(s) interviewing of witnesses based on developing evidence, yet may be impossible if there are multiple computers or large drive computers or excessive media.

A) Personnel gathering
B) Warrant preparation
C) Off-site searches
D) On-site searches
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
40
At a physically and electronically secured site, investigators should gather trace evidence after seizure of electronic evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
41
Discuss the five-paragraph SMEAC that should ideally find a place in any investigation plan.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
42
The ________ team creates a visible barrier against scene contamination, evidence destruction, and media impropriety.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
43
A detailed chain of custody report forms part of ________ specific documentation.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
44
SMEAC includes situation, mission, ________, avenues of approach and escape, and communications.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
45
Traditional equipment includes evidence tape, used to mark the ________ of the crime scene.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
46
________, conductive, and Faraday bags are especially important in the storage, analysis, and transportation of digital evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
47
Capturing the entire computer investigation process on ________ is highly recommended.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
48
Write-blocking is necessary to negate challenges of corruption or contamination of ________.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
49
What steps must be taken to protect computer evidence from getting destroyed, contaminated, or corrupted?
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
50
Traditional plastic evidence bags may generate levels of ________ dangerous to computer media.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
51
________ gathering is critical to the development of a comprehensive warrant for a computer crime.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
52
Hacker computers should be approached with great caution as hackers take pains to protect their own systems from ________.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
53
Password crackers enable investigators to circumvent many ________ measures employed by the suspect.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
54
Computer crime investigations require assessment of ________, which is volatile and voluminous, susceptible to climatic factors as well as human error.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
55
Any type of ________ field poses a potentially calamitous risk to computer media and hardware.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
56
Why is documentation so important for any successful criminal investigation? List the minimum non-computer-specific documentation required for an investigation.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
57
Once evidence has been identified, it is necessary to determine if the evidence is actually ________.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
58
Computer components and media are more fragile than some ________ forms of evidence.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
59
Discuss why it is considered so important for computer experts to assess digital evidence.What risks do you foresee if noncomputer experts were to handle such evidence?
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
60
Some investigators proclaim the merits of vagueness and obfuscation in warrant applications.Do you agree that this increases their investigative authority? When are multiple warrants encouraged?
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
61
Match between columns
Premises:
Responses:
Case supervisor
scheduling personnel and preparing for the equipment
Case supervisor
identify and mark any and all potential evidence
Case supervisor
create a visible barrier against scene contamination and evidence destruction
Case supervisor
videotape the activities of on-scene investigators
Case supervisor
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Physical search team
scheduling personnel and preparing for the equipment
Physical search team
identify and mark any and all potential evidence
Physical search team
create a visible barrier against scene contamination and evidence destruction
Physical search team
videotape the activities of on-scene investigators
Physical search team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Sketch and photo team
scheduling personnel and preparing for the equipment
Sketch and photo team
identify and mark any and all potential evidence
Sketch and photo team
create a visible barrier against scene contamination and evidence destruction
Sketch and photo team
videotape the activities of on-scene investigators
Sketch and photo team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Seizure team
scheduling personnel and preparing for the equipment
Seizure team
identify and mark any and all potential evidence
Seizure team
create a visible barrier against scene contamination and evidence destruction
Seizure team
videotape the activities of on-scene investigators
Seizure team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Scene security team
scheduling personnel and preparing for the equipment
Scene security team
identify and mark any and all potential evidence
Scene security team
create a visible barrier against scene contamination and evidence destruction
Scene security team
videotape the activities of on-scene investigators
Scene security team
imaging the drive, dismantling the computer, and labeling and recording all relevant evidence
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
62
Match between columns
Premises:
Responses:
Antivirus software
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Antivirus software
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Antivirus software
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Antivirus software
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Antivirus software
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Surge protectors and uninterruptible power supply
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Surge protectors and uninterruptible power supply
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Surge protectors and uninterruptible power supply
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Surge protectors and uninterruptible power supply
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Surge protectors and uninterruptible power supply
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Imaging software
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Imaging software
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Imaging software
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Imaging software
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Imaging software
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Multiple boot disks
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Multiple boot disks
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Multiple boot disks
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Multiple boot disks
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Multiple boot disks
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Text editors
used for duplicating original evidence in order to preserve the original evidence and ensure integity of the suspect data
Text editors
used to avoid self-destructive programs employed by the suspect and minimize changes to a suspect drive
Text editors
used to ensure electrical and telephonic continuity to prevent possible destruction of computer data
Text editors
used for the documentation and validation of suspect machines and the prevention of infection of forensic machines
Text editors
used to quickly search for keywords applicable to the current investigation; a forensic software typically used for on-site evidence analysis
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree