Topic 1
A chain-of-evidence form, which is used to document what has and has not been done
with the original evidence and forensic copies of the evidence, is also known as a
_______.
a. single-evidence form
b. multi-evidence form
c. evidence custody form
d. evidence tracking form
_______ describes an accusation of fact that a crime has been committed.
a. Attrition
b. Attribution
c. Allegation
d. Assignment
If a police officer or investigator has sufficient cause to support a search warrant, the
prosecuting attorney might direct him or her to submit a _______.
a. exhibit
b. verdict
c. affidavit
d. memo
_______ is not one of the functions of the investigations triad.
a. Digital investigations
b. Data recovery
c. Vulnerability/threat assessment and risk management
d. Network intrusion detection and incident response
_______ is not recommended for a digital forensics workstation.
a. A text editor tool
b. A write-blocker device
c. An SCSI card
d. Remote access software
_______ must be included in an affidavit to support an allegation in order to justify a
warrant.
a. Verdicts
b. Witness
c. Exhibits
d. Subpoenas
The _______ is not one of the three stages of a typical criminal case.
a. complaint
b. investigation
,c. civil suit
d. prosecution
The sale of sensitive or confidential company information to a competitor is known as
_______.
a. industrial espionage
b. industrial sabotage
c. industrial collusion
d. industrial betrayal
The term _______ describes a database containing informational records about crimes
that have been committed previously by a criminal.
a. police ledger
b. police blotter
c. police blogger
d. police recorder
Which Microsoft OS below is the least intrusive to disks in terms of changing data?
a. Windows 95
b. Windows XP
c. Windows 7
d. MS-DOS 6.22
Which option below is not a standard systems analysis step?
a. Determine a preliminary design or approach to the case
b. Obtain and copy an evidence drive
c. Share evidence with experts outside of the investigation
d. Mitigate or minimize the risks
Within a computing investigation, the ability to perform a series of steps again and
again to produce the same results is known as _______.
a. repeatable findings
b. reloadable steps
c. verifiable reporting
d. evidence reporting
According to the National Institute of Standards and Technology (NIST), digital forensics
involves scientifically examining and analyzing data from computer storage media so
that it can be used as evidence in court.
True / False
All suspected industrial espionage cases should be treated as civil case investigations.
True / False
,If you turn evidence over to law enforcement and begin working under their direction,
you have become an agent of law enforcement, and are subject to the same restrictions
on search and seizure as a law enforcement agent.
True / False
Most digital investigations in the private sector involve misuse of computing assets.
True / False
User groups for a specific type of system can be very useful in a forensics investigation.
True / False
, Topic 2
An investigator wants to capture all data on a SATA drive connected to a Linux system.
What should the investigator use for the "if=" portion of the dcfldd command?
a. /dev/hda
b. /dev/hda1
c. /dev/sda
d. /dev/sda1
_______ can be used with the dcfldd command to compare an image file to the original
medium.
a. compare
b. cmp
c. vf
d. imgcheck
The _______ copies evidence of intrusions to an investigation workstation automatically
for further analysis over the network.
a. intrusion detection system
b. active defense mechanism
c. total awareness system
d. intrusion monitoring system
The Linux command _______ can be used to list the current disk devices connected to the
computer.
a. ls -l
b. fdisk -l
c. show drives
d. geom
The Linux command _____ can be used to write bit-stream data to files.
a. write
b. dd
c. cat
d. dump
The _______ switch can be used with the split command to adjust the size of segmented
volumes created by the dd command.
A chain-of-evidence form, which is used to document what has and has not been done
with the original evidence and forensic copies of the evidence, is also known as a
_______.
a. single-evidence form
b. multi-evidence form
c. evidence custody form
d. evidence tracking form
_______ describes an accusation of fact that a crime has been committed.
a. Attrition
b. Attribution
c. Allegation
d. Assignment
If a police officer or investigator has sufficient cause to support a search warrant, the
prosecuting attorney might direct him or her to submit a _______.
a. exhibit
b. verdict
c. affidavit
d. memo
_______ is not one of the functions of the investigations triad.
a. Digital investigations
b. Data recovery
c. Vulnerability/threat assessment and risk management
d. Network intrusion detection and incident response
_______ is not recommended for a digital forensics workstation.
a. A text editor tool
b. A write-blocker device
c. An SCSI card
d. Remote access software
_______ must be included in an affidavit to support an allegation in order to justify a
warrant.
a. Verdicts
b. Witness
c. Exhibits
d. Subpoenas
The _______ is not one of the three stages of a typical criminal case.
a. complaint
b. investigation
,c. civil suit
d. prosecution
The sale of sensitive or confidential company information to a competitor is known as
_______.
a. industrial espionage
b. industrial sabotage
c. industrial collusion
d. industrial betrayal
The term _______ describes a database containing informational records about crimes
that have been committed previously by a criminal.
a. police ledger
b. police blotter
c. police blogger
d. police recorder
Which Microsoft OS below is the least intrusive to disks in terms of changing data?
a. Windows 95
b. Windows XP
c. Windows 7
d. MS-DOS 6.22
Which option below is not a standard systems analysis step?
a. Determine a preliminary design or approach to the case
b. Obtain and copy an evidence drive
c. Share evidence with experts outside of the investigation
d. Mitigate or minimize the risks
Within a computing investigation, the ability to perform a series of steps again and
again to produce the same results is known as _______.
a. repeatable findings
b. reloadable steps
c. verifiable reporting
d. evidence reporting
According to the National Institute of Standards and Technology (NIST), digital forensics
involves scientifically examining and analyzing data from computer storage media so
that it can be used as evidence in court.
True / False
All suspected industrial espionage cases should be treated as civil case investigations.
True / False
,If you turn evidence over to law enforcement and begin working under their direction,
you have become an agent of law enforcement, and are subject to the same restrictions
on search and seizure as a law enforcement agent.
True / False
Most digital investigations in the private sector involve misuse of computing assets.
True / False
User groups for a specific type of system can be very useful in a forensics investigation.
True / False
, Topic 2
An investigator wants to capture all data on a SATA drive connected to a Linux system.
What should the investigator use for the "if=" portion of the dcfldd command?
a. /dev/hda
b. /dev/hda1
c. /dev/sda
d. /dev/sda1
_______ can be used with the dcfldd command to compare an image file to the original
medium.
a. compare
b. cmp
c. vf
d. imgcheck
The _______ copies evidence of intrusions to an investigation workstation automatically
for further analysis over the network.
a. intrusion detection system
b. active defense mechanism
c. total awareness system
d. intrusion monitoring system
The Linux command _______ can be used to list the current disk devices connected to the
computer.
a. ls -l
b. fdisk -l
c. show drives
d. geom
The Linux command _____ can be used to write bit-stream data to files.
a. write
b. dd
c. cat
d. dump
The _______ switch can be used with the split command to adjust the size of segmented
volumes created by the dd command.
