Chat with AI
Deck 1: Foundations of Digital Forensics
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/36
Play
Full screen (f)
Deck 1: Foundations of Digital Forensics
1
The criminological principle which states that, when anyone, or anything, enters a crime scene he/she takes something of the scene with him/her, and leaves something of himself/herself behind, is:
A) Locard's Exchange Principle
B) Differential Association Theory
C) Beccaria's Social Contract
D) None of the above
A) Locard's Exchange Principle
B) Differential Association Theory
C) Beccaria's Social Contract
D) None of the above
A
2
Private networks can be a richer source of evidence than the Internet because:
A) They retain data for longer periods of time.
B) Owners of private networks are more cooperative with law enforcement.
C) Private networks contain a higher concentration of digital evidence.
D) All of the above.
A) They retain data for longer periods of time.
B) Owners of private networks are more cooperative with law enforcement.
C) Private networks contain a higher concentration of digital evidence.
D) All of the above.
C
3
All forensic examinations should be performed on the original digital evidence.
False
4
Video surveillance can be a form of digital evidence.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
5
In terms of digital evidence, a hard drive is an example of:
a. Open computer systems
b. Communication systems
c. Embedded computer systems
d. None of the above
a. Open computer systems
b. Communication systems
c. Embedded computer systems
d. None of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
6
What are the three general categories of computer systems that can contain digital evidence?
A) Desktop, laptop, server
B) Personal computer, Internet, mobile telephone
C) Hardware, software, networks
D) Open computer systems, communication systems, embedded systems
A) Desktop, laptop, server
B) Personal computer, Internet, mobile telephone
C) Hardware, software, networks
D) Open computer systems, communication systems, embedded systems
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
7
Attorneys and police are encountering progressively more digital evidence in their work.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
8
A valid definition of digital evidence is:
A) Data stored or transmitted using a computer
B) Information of probative value
C) Digital data of probative value
D) Any digital evidence on a computer
A) Data stored or transmitted using a computer
B) Information of probative value
C) Digital data of probative value
D) Any digital evidence on a computer
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
9
A logon record tells us that, at a specific time:
A) An unknown person logged into the system using the account
B) The owner of a specific account logged into the system
C) The account was used to log into the system
D) None of the above
A) An unknown person logged into the system using the account
B) The owner of a specific account logged into the system
C) The account was used to log into the system
D) None of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
10
An argument for including computer forensic training computer security specialists is:
A) It provide s an a ddit i onal credential.
B) It provide s the m wit h the t ool s to conduct their own i nvesti g ations.
C) It teaches them wh en it is ti me to call in law enforcement.
D) N o ne of the above.
A) It provide s an a ddit i onal credential.
B) It provide s the m wit h the t ool s to conduct their own i nvesti g ations.
C) It teaches them wh en it is ti me to call in law enforcement.
D) N o ne of the above.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
11
Digital evidence is only useful in a court of law.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
12
Cybertrails are advantageous because:
A) They are not connected to the physical world.
B) Nobody can be harmed by crime on the Internet.
C) They are easy to follow.
D) Offenders who are unaware of them leave behind more clues than they otherwise would have.
A) They are not connected to the physical world.
B) Nobody can be harmed by crime on the Internet.
C) They are easy to follow.
D) Offenders who are unaware of them leave behind more clues than they otherwise would have.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
13
The author of a series of threatening e-mails consistently uses "im" instead of "I'm." This is an example of:
A) An individual characteristic
B) An incidental characteristic
C) A class characteristic
D) An indeterminate characteristic
A) An individual characteristic
B) An incidental characteristic
C) A class characteristic
D) An indeterminate characteristic
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
14
Computers can be involved in which of the following types of crime?
A) Homicide and sexual assault
B) Computer intrusions and intellectual property theft
C) Civil disputes
D) All of the above
A) Homicide and sexual assault
B) Computer intrusions and intellectual property theft
C) Civil disputes
D) All of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
15
Personal computers and networks are often a valuable source of evidence. Those involved with _______ should be comfortable with this technology.
A) Criminal investigation
B) Prosecution
C) Defense work
D) All of t h e above
A) Criminal investigation
B) Prosecution
C) Defense work
D) All of t h e above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
16
In terms of digital evidence, a Smart Card is an example of:
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
17
In terms of digital evidence, the Internet is an example of:
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
18
Due to caseload and budget constraints, often computer security professionals attempt to limit the damage and close each investigation as quickly as possible. Which of the following is NOT a significant drawback to this approach?
A) Each unreported incident robs attorneys and law enforcement personnel of an opportunity to learn about the basics of computer-related crime.
B) Responsibility for incident resolution frequently does not reside with the security professional, but with management.
C) This approach results in under-reporting of criminal activity, deflating statistics that are used to allocate corporate and government spending on
Combating computer-related crime.
D) Computer security professionals develop loose evidence processing habits that can make it more difficult for law enforcement personnel and attorneys to
Prosecute an offender.
A) Each unreported incident robs attorneys and law enforcement personnel of an opportunity to learn about the basics of computer-related crime.
B) Responsibility for incident resolution frequently does not reside with the security professional, but with management.
C) This approach results in under-reporting of criminal activity, deflating statistics that are used to allocate corporate and government spending on
Combating computer-related crime.
D) Computer security professionals develop loose evidence processing habits that can make it more difficult for law enforcement personnel and attorneys to
Prosecute an offender.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
19
In terms of digital evidence, a mobile telephone is an example of:
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
A) Open computer systems
B) Communication systems
C) Embedded computer systems
D) None of the above
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
20
Digital evidence can be duplicated exactly without any changes to the original data.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
21
At what point should computer security professionals stop handling digital evidence and contact law enforcement?
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
22
Forensic science is the application of science to investigation and prosecution of crime or to the just resolution of conflict.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
23
What are the three general categories of computer systems that can contain digital evidence? In each category, give a specific source of digital evidence that interests you and describe the type of evidence that you might find.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
24
Computers can be used by terrorists to detonate bombs.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
25
Digital evidence is always circumstantial.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
26
Computer professionals who take inappropriate actions when they encounter child pornography on their employer's systems can lose their jobs or break the law.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
27
The aim of a forensic examination is to prove with certainty what occurred.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
28
When criminals use computers, what advantages does this have from an investigative standpoint?
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
29
What are the main challenges of investigating computer-related crime?
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
30
Even digital investigations that do not result in legal action can benefit from principles of forensic science.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
31
What is the difference between digital evidence, electronic evidence, and computer evidence?
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
32
Computers were involved in the investigations into both World Trade Center attacks.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
33
Automobiles have computers that record data such as vehicle speed, brake status, and throttle position when an accident occurs.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
34
When a file is deleted from a hard drive, it can often be recovered.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
35
Why is it important for computer security professionals to become familiar with digital evidence?
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
36
Digital evidence alone can be used to build a solid case.
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 36 flashcards in this deck.
