Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 7: Handling a Digital Crime Scene

Full screen (f)
exit full mode
Question
When a piece of evidence has both a biological and a digital component, who should process it first?

A) The crime scene technician, because biological artifacts are much more fragile
B) The digital investigator, because processing the biological artifacts will destroy digital evidence
C) Neither; the evidence should be preserved and transported to the lab for processing
D) Both the crime scene technician and the digital investigator, in a cooperative effort, assuring that the biological evidence is collected in a way that does not damage the digital component
Use Space or
up arrow
down arrow
to flip the card.
Question
Why is the first step to secure the physical crime scene by removing everyone from the immediate area?

A) To prevent them from contaminating evidence
B) To prevent them from asking questions about the case before they can be interviewed
C) To give them time to fill out a personal information survey
D) To keep them from blocking the view when photographs are being taken
Question
Since crime scenes are typically pretty much the same, very little planning needs to take place prior to first entering the scene.
Question
A thorough crime scene survey should include:

A) Manuals for software applications
B) Removable media
C) Mobile devices
D) All of the above
Question
Digital investigators like to preserve every potential source of digital evidence; however, they are constrained by:

A) The law
B) Resources
C) The interests of business
D) All of the above
Question
Examples of data that should be immediately preserved include:

A) USB drives
B) Digital picture frames
C) System and network information
D) USB bracelets
Question
When first entering a crime scene, the first responder should immediately focus on the computers and technology.
Question
The challenge to controlling access to a digital crime scene is that:

A) Information may be stored on Internet servers in different locations.
B) The computer may be shared.
C) The computer case may be locked.
D) None of the above.
Question
In the case where digital investigators dealing with distributed systems need to collect data from remote sites, the following procedure is recommended:

A) Notify personnel at the remote sites to leave everything as is, and arrange for travel to the remote locations
B) Notify personnel at the remote sites to shut down all systems and send the hard drives to the forensic lab
C) Utilize remote forensics tools to acquire data from the remote sites' RAM as well as the hard drives
D) None of the above
Question
When a first responder encounters technology or equipment that he is not familiar with, the recommended course of action is to:

A) Seize the equipment as if it were a known device
B) Seek assistance from a more experienced digital investigator
C) Leave that particular piece of equipment at the crime scene
D) Ask the suspect for details on the equipment
Question
In most situations, it is advisable to let the physical crime scene technicians, under the direction of the forensic investigator, process the scene first.
Question
During the initial survey of a crime scene, why it is necessary to photograph or videotape the area and items of potential interest in their current state?

A) This simplifies inventorying the crime scene.
B) Photographing items to be seized records their actual condition, and precludes damage claims when the items are returned to the offender.
C) To record the fact that a particular item was actually found at the crime scene.
D) None of the above.
Question
On entering a crime scene, an investigator notes that a piece of equipment with antennas attached is connected to one of the target computers. Since this indicates a wireless connection, it is advisable to either disconnect or disable the piece of equipment.
Question
The crime scene preservation process includes all but which of the following:

A) Protecting against unauthorized alterations
B) Acquiring digital evidence
C) Confirming system date and time
D) Controlling access to the crime scene
Question
The following organizations have published guidelines for handling digital crime scenes:

A) US Secret Service
B) Association of Chief Police Officers
C) US Department of Justice
D) All of the above
Question
When entering a crime scene, the initial survey should:

A) Include user manuals
B) Involve tracing cables
C) Collect relevant data such as passwords and account details
D) All of the above
Question
The likelihood of collecting notable information from a running computer is relatively small, so it is safe to shut down any running computer to preserve the data on the hard drive.
Question
When presenting evidence on an organizational network, the digital investigator may require the assistance of:

A) System administrators
B) The CEO of the organization
C) The CSO (Chief Security Officer)
D) Additional forensic investigators
Question
When preparing a questionnaire for interviewing individuals of the crime scene which of the following should NOT be requested:

A) Passwords
B) Encryption keys
C) Admission of guilt
D) Details on removable storage
Question
Which of the following is not a safety consideration for a first responder?

A) Additional personnel to control those present at the crime scene
B) Protection against ELF emanations from monitors
C) Proper tools for disassembling and reassembling computer cases
D) Protective gloves and eyewear
Question
The contents of volatile memory are becoming more and more important.
Question
Computer security professionals should obtain instructions and written authorization from their attorneys before gathering digital evidence relating to an investigation with an organization.
Question
What considerations are there when developing a crime scene plan?
Question
The proper collection of evidence at a crime scene is crucial in terms of admissibility in court.
Question
When seizing a computer, it is advisable to remove the computer's case and to unplug power cables from hard drives.
Question
The Fourth Amendment, like ECPA, only applies to the government, not the private sector.
Question
When shutting down a live system it is generally recommended to unplug the power from the back of the computer.
Question
What information would you provide when preparing a search warrant?
Question
When performing triage at a crime scene, an important first step is to turn on any computers that are off and immediately look for items of evidence.
Question
Capturing volatile data or specific files from a live system is a straightforward process usually handled by the first responder.
Question
When an organization itself is under investigation, it is always feasible to collect all the data for every system.
Question
The decision to seize an entire computer versus create a forensic duplicate of the internal hard drive will be influenced by the role of the computer.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/32
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 7: Handling a Digital Crime Scene
1
When a piece of evidence has both a biological and a digital component, who should process it first?

A) The crime scene technician, because biological artifacts are much more fragile
B) The digital investigator, because processing the biological artifacts will destroy digital evidence
C) Neither; the evidence should be preserved and transported to the lab for processing
D) Both the crime scene technician and the digital investigator, in a cooperative effort, assuring that the biological evidence is collected in a way that does not damage the digital component
D
2
Why is the first step to secure the physical crime scene by removing everyone from the immediate area?

A) To prevent them from contaminating evidence
B) To prevent them from asking questions about the case before they can be interviewed
C) To give them time to fill out a personal information survey
D) To keep them from blocking the view when photographs are being taken
A
3
Since crime scenes are typically pretty much the same, very little planning needs to take place prior to first entering the scene.
False
4
A thorough crime scene survey should include:

A) Manuals for software applications
B) Removable media
C) Mobile devices
D) All of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
5
Digital investigators like to preserve every potential source of digital evidence; however, they are constrained by:

A) The law
B) Resources
C) The interests of business
D) All of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
6
Examples of data that should be immediately preserved include:

A) USB drives
B) Digital picture frames
C) System and network information
D) USB bracelets
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
7
When first entering a crime scene, the first responder should immediately focus on the computers and technology.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
8
The challenge to controlling access to a digital crime scene is that:

A) Information may be stored on Internet servers in different locations.
B) The computer may be shared.
C) The computer case may be locked.
D) None of the above.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
9
In the case where digital investigators dealing with distributed systems need to collect data from remote sites, the following procedure is recommended:

A) Notify personnel at the remote sites to leave everything as is, and arrange for travel to the remote locations
B) Notify personnel at the remote sites to shut down all systems and send the hard drives to the forensic lab
C) Utilize remote forensics tools to acquire data from the remote sites' RAM as well as the hard drives
D) None of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
10
When a first responder encounters technology or equipment that he is not familiar with, the recommended course of action is to:

A) Seize the equipment as if it were a known device
B) Seek assistance from a more experienced digital investigator
C) Leave that particular piece of equipment at the crime scene
D) Ask the suspect for details on the equipment
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
11
In most situations, it is advisable to let the physical crime scene technicians, under the direction of the forensic investigator, process the scene first.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
12
During the initial survey of a crime scene, why it is necessary to photograph or videotape the area and items of potential interest in their current state?

A) This simplifies inventorying the crime scene.
B) Photographing items to be seized records their actual condition, and precludes damage claims when the items are returned to the offender.
C) To record the fact that a particular item was actually found at the crime scene.
D) None of the above.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
13
On entering a crime scene, an investigator notes that a piece of equipment with antennas attached is connected to one of the target computers. Since this indicates a wireless connection, it is advisable to either disconnect or disable the piece of equipment.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
14
The crime scene preservation process includes all but which of the following:

A) Protecting against unauthorized alterations
B) Acquiring digital evidence
C) Confirming system date and time
D) Controlling access to the crime scene
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
15
The following organizations have published guidelines for handling digital crime scenes:

A) US Secret Service
B) Association of Chief Police Officers
C) US Department of Justice
D) All of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
16
When entering a crime scene, the initial survey should:

A) Include user manuals
B) Involve tracing cables
C) Collect relevant data such as passwords and account details
D) All of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
17
The likelihood of collecting notable information from a running computer is relatively small, so it is safe to shut down any running computer to preserve the data on the hard drive.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
18
When presenting evidence on an organizational network, the digital investigator may require the assistance of:

A) System administrators
B) The CEO of the organization
C) The CSO (Chief Security Officer)
D) Additional forensic investigators
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
19
When preparing a questionnaire for interviewing individuals of the crime scene which of the following should NOT be requested:

A) Passwords
B) Encryption keys
C) Admission of guilt
D) Details on removable storage
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following is not a safety consideration for a first responder?

A) Additional personnel to control those present at the crime scene
B) Protection against ELF emanations from monitors
C) Proper tools for disassembling and reassembling computer cases
D) Protective gloves and eyewear
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
21
The contents of volatile memory are becoming more and more important.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
22
Computer security professionals should obtain instructions and written authorization from their attorneys before gathering digital evidence relating to an investigation with an organization.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
23
What considerations are there when developing a crime scene plan?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
24
The proper collection of evidence at a crime scene is crucial in terms of admissibility in court.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
25
When seizing a computer, it is advisable to remove the computer's case and to unplug power cables from hard drives.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
26
The Fourth Amendment, like ECPA, only applies to the government, not the private sector.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
27
When shutting down a live system it is generally recommended to unplug the power from the back of the computer.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
28
What information would you provide when preparing a search warrant?
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
29
When performing triage at a crime scene, an important first step is to turn on any computers that are off and immediately look for items of evidence.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
30
Capturing volatile data or specific files from a live system is a straightforward process usually handled by the first responder.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
31
When an organization itself is under investigation, it is always feasible to collect all the data for every system.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
32
The decision to seize an entire computer versus create a forensic duplicate of the internal hard drive will be influenced by the role of the computer.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree