Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 23: Computer Forensics

Full screen (f)
exit full mode
Question
Only one person is needed to collect and document evidence obtained in performing forensics on a computer system.
Use Space or
up arrow
down arrow
to flip the card.
Question
Generally speaking,you should back up the computer using DOS instead of Windows.
Question
Evidence offered by a witness that is not based on the personal knowledge of the witness,but is being offered to prove the truth of the matter asserted,fall under which rule of evidence?

A)Best evidence rule
B)Exclusionary rule
C)Hearsay rule
D)Relevant evidence rule
Question
When taking photographs for use as evidence,what type should be taken?

A)Digital camera pictures
B)Film with a high speed shutter
C)Film with a low speed shutter
D)Polaroid
Question
Evidence that is convincing or measures up without question is what standard of evidence?

A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Question
Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence?

A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Question
What is a message digest?

A)It is a hash function that can be used to compare two files to see if they are identical.
B)A condensed version of the messages that the computer receives.
C)Messages that the computer sends to other computers
D)Availability protocol that establishes links to other computers.
Question
When performing forensics on a computer system you should use the utilities provided by that system.
Question
Tangible objects that prove or disprove fact are what type of evidence?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Question
When analyzing computer storage components,the original system should be analyzed.
Question
Business records,printouts,and manuals are what type of evidence?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Question
Clusters that are marked by the operating system as usable is referred to as which of the following?

A)Free space
B)Slack space
C)Open space
D)Unused space
Question
The term forensics relates to the application of ____________ knowledge to ___________ problems.

A)legal;computer
B)complete;software
C)scientific;legal
D)familiar;unfamiliar
Question
What is a software bomb?

A)A firework that destroys all the disks and CDs in your library
B)Any commands executed on the computer that have an adverse effect on the data being investigated
C)Screensavers that show fireworks going off
D)Software trying to access a computer
Question
Oral testimony that proves a specific fact with no inferences or presumptions is what type of evidence?

A)Hearsay
B)Real evidence
C)Direct evidence
D)Demonstrative evidence
Question
Which of the following has the least volatile data?

A)CPU storage
B)RAM
C)Hard drive
D)Kernel tables
Question
The recycle bin contains all the deleted files on a computer.
Question
What is the space in a cluster that is not occupied by a file called?

A)Free space
B)Slack space
C)Open space
D)Unused space
Question
What type of evidence is used to aid a jury and may be in the form of a model,experiment,chart,and so on,to indicate that an event occurred?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Question
Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution?

A)Best evidence rule
B)Exclusionary rule
C)Hearsay rule
D)Evidentiary rule
Question
_______________ evidence refers to evidence in the form of business records,printouts,manuals and the like.
Question
What are the considerations when preserving evidence?
Question
The space that is left over in a cluster is called slack space.
Question
Evidence must meet the three standards of being sufficient,competent,and _______________.
Question
The cluster that holds the fragment of the original file is referred to as _______________,because the operating system has marked it as usable when needed.
Question
_______________ evidence refers to oral testimony that proves a specific fact.
Question
A(n)_______________ is the result of applying the hash function to data.
Question
What is the primary difference between free space and slack space?
Question
List at least three important considerations when you are transporting evidence from one location to another.
Question
What are three environmental factors that evidence needs to be protected from?
Question
_______________ performs a function similar to the familiar parity bits,checksum,or cyclical redundancy check (CRC).
Question
Relevant evidence must be convincing or measure up without question.
Question
To be credible in court proceedings,what are the three standards that evidence must meet?
Question
There are four different types of evidence: direct,real,documentary,and _______________.
Question
The _______________ refers to second-hand evidence.
Question
Oral testimony that proves a specific fact is considered real evidence.
Question
_______________ consists of documents,verbal statements,and material objects that are admissible in a court of law.
Question
Minor procedural missteps are not important provided the overall investigation is properly conducted.
Question
Evidence offered by the witness that is not based on the personal knowledge of the witness-but is being offered to prove the truth of the matter asserted-falls under the exclusionary rule.
Question
The term _______________ relates to the application of scientific knowledge to legal problems.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/40
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 23: Computer Forensics
1
Only one person is needed to collect and document evidence obtained in performing forensics on a computer system.
False
2
Generally speaking,you should back up the computer using DOS instead of Windows.
True
3
Evidence offered by a witness that is not based on the personal knowledge of the witness,but is being offered to prove the truth of the matter asserted,fall under which rule of evidence?

A)Best evidence rule
B)Exclusionary rule
C)Hearsay rule
D)Relevant evidence rule
C
4
When taking photographs for use as evidence,what type should be taken?

A)Digital camera pictures
B)Film with a high speed shutter
C)Film with a low speed shutter
D)Polaroid
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
5
Evidence that is convincing or measures up without question is what standard of evidence?

A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
6
Evidence that is material to the case or has bearing on the matter at hand is what standard of evidence?

A)Sufficient evidence
B)Competent evidence
C)Relevant evidence
D)Real evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
7
What is a message digest?

A)It is a hash function that can be used to compare two files to see if they are identical.
B)A condensed version of the messages that the computer receives.
C)Messages that the computer sends to other computers
D)Availability protocol that establishes links to other computers.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
8
When performing forensics on a computer system you should use the utilities provided by that system.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
9
Tangible objects that prove or disprove fact are what type of evidence?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
10
When analyzing computer storage components,the original system should be analyzed.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
11
Business records,printouts,and manuals are what type of evidence?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
12
Clusters that are marked by the operating system as usable is referred to as which of the following?

A)Free space
B)Slack space
C)Open space
D)Unused space
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
13
The term forensics relates to the application of ____________ knowledge to ___________ problems.

A)legal;computer
B)complete;software
C)scientific;legal
D)familiar;unfamiliar
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
14
What is a software bomb?

A)A firework that destroys all the disks and CDs in your library
B)Any commands executed on the computer that have an adverse effect on the data being investigated
C)Screensavers that show fireworks going off
D)Software trying to access a computer
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
15
Oral testimony that proves a specific fact with no inferences or presumptions is what type of evidence?

A)Hearsay
B)Real evidence
C)Direct evidence
D)Demonstrative evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following has the least volatile data?

A)CPU storage
B)RAM
C)Hard drive
D)Kernel tables
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
17
The recycle bin contains all the deleted files on a computer.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
18
What is the space in a cluster that is not occupied by a file called?

A)Free space
B)Slack space
C)Open space
D)Unused space
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
19
What type of evidence is used to aid a jury and may be in the form of a model,experiment,chart,and so on,to indicate that an event occurred?

A)Direct evidence
B)Real evidence
C)Documentary evidence
D)Demonstrative evidence
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following rules applies to evidence obtained in violation of the Fourth Amendment of the Constitution?

A)Best evidence rule
B)Exclusionary rule
C)Hearsay rule
D)Evidentiary rule
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
21
_______________ evidence refers to evidence in the form of business records,printouts,manuals and the like.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
22
What are the considerations when preserving evidence?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
23
The space that is left over in a cluster is called slack space.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
24
Evidence must meet the three standards of being sufficient,competent,and _______________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
25
The cluster that holds the fragment of the original file is referred to as _______________,because the operating system has marked it as usable when needed.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
26
_______________ evidence refers to oral testimony that proves a specific fact.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
27
A(n)_______________ is the result of applying the hash function to data.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
28
What is the primary difference between free space and slack space?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
29
List at least three important considerations when you are transporting evidence from one location to another.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
30
What are three environmental factors that evidence needs to be protected from?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
31
_______________ performs a function similar to the familiar parity bits,checksum,or cyclical redundancy check (CRC).
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
32
Relevant evidence must be convincing or measure up without question.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
33
To be credible in court proceedings,what are the three standards that evidence must meet?
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
34
There are four different types of evidence: direct,real,documentary,and _______________.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
35
The _______________ refers to second-hand evidence.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
36
Oral testimony that proves a specific fact is considered real evidence.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
37
_______________ consists of documents,verbal statements,and material objects that are admissible in a court of law.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
38
Minor procedural missteps are not important provided the overall investigation is properly conducted.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
39
Evidence offered by the witness that is not based on the personal knowledge of the witness-but is being offered to prove the truth of the matter asserted-falls under the exclusionary rule.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
40
The term _______________ relates to the application of scientific knowledge to legal problems.
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 40 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree