1
WGU C702 FINAL EXAMS WITH VERIFIED AND CORRECT
QUESTIONS AND ANSWERS ALREADY APPROVED 2025
EDITION AND BEST GRADED
Administrative Cases - -answer--An internal investigation by an organization to discover if its
employees/clients/partners are abiding by the rules or policies (Violation of company policies).
Non-criminal in nature and are related to misconduct or activities of an employee
Authentic Evidence - -answer--Evidence that is in its original or genuine state.
Investigators must provide supporting documents regarding the authenticity, accuracy, and
integrity of the evidence
Complete Evidence - -answer--Evidence must either prove or disprove the fact
Reliable Evidence - -answer--evidence that possesses a sufficient degree of likelihood that it is
true and accurate
Evidence must be proven dependable when the evidence was extracted
Computer Forensics - -answer--A set of methodological procedures and techniques that help
identify, gather, preserve, extract, interpret, document, and present evidence from computers in
a way that is legally admissible
Cyber Crime - -answer--Any illegal act involving a computing device, network, its systems, or its
applications. Both internal and external
Enterprise Theory of Investigation (ETI) - -answer--Methodology for investigating criminal
activity
, 2
Types of Cyber Crime - -answer--Civil, Criminal, Administrative
Civil Cases - -answer--Involve disputes between two parties. Brought for violation of contracts
and lawsuits where a guilty outcome generally results in monetary damages to the plaintiff
Criminal Cases - -answer--Brought by law enforcement agencies in response to a suspected
violation of law where a guilty outcome results in monetary damages, imprisonment, or both
Rules of Forensic Investigation - -answer--Safeguard the integrity of the evidence and render it
acceptable in a court of law. The forensic examiner must make duplicate copies of the original
evidence. The duplicate copies must be accurate replications of the originals, and the forensic
examiner must also authenticate the duplicate copies to avoid questions about the integrity of
the evidence. Must not continue with the investigation if the examination is going to be beyond
his or her knowledge level or skill level.
Cyber Crime Investigation Methodology/Steps - -answer--1. Identify the computer crime 2.
Collect preliminary evidence 3.Obtain court warrant dor discovery/seizure of evidence
4.Perform first responder procedures 5. Seize evidence at the crime scene 6. Transport evidence
to lab 7. Create two bitstream copies of the evidence 8. Generate MD5 checksum of the images
9. Maintain chain of custody 10. Store original evidence in secure location 11. Analyze the image
copy for evidence 12. Prepare a forensic report 13. Submit a report to client 14. Testify in course
as an expert witness
Locard's Exchange Principle - -answer--Anyone of anything, entering a crime scene takes
something of the scene with them and leaves something of themselves behind when they
leave.
Types of Digital Data - -answer--Volatile Data
Non-volatile Data
Volatile Data - -answer--Temporary information on a device that requires a constant power
supply and is deleted if the power supply is interrupted
, 3
Non-Volatile Data - -answer--Secondary storage of data. Long-term, persistent data.
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
Characteristics of Digital Evidence - -answer--1. Be Relevant
2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
6. Be convincing
7. Be admissible
Admissible evidence - -answer--Evidence that can be legally and properly introduced in a civil or
criminal trial.
Evidence is relevant to the case
Believable Evidence - -answer--Evidence must be presented in a clear manner and expert
opinions must be obtained where necessary
Rules of Evidence - -answer--Rules governing the admissibility of evidence in trial courts.
Best Evidence Rule - -answer--states that secondary evidence, or a copy, is inadmissible in court
when the original exists.
Duplicate evidence will suffice under the following conditions:
-Original evidence is destroyed due to fire or flood
-Original evidence is destroyed in the normal course of business
-Original evidence is in possession of a third party
, 4
Forensic Readiness - -answer--An organization's ability to make optimal use of digital evidence
in a limited period and with minimal investigation costs.
Fourth Amendment - -answer--Protects against unreasonable search and seizure. Government
agents may not search or seize areas or things in which a person has reasonable expectation of
privacy, without a search warrant.
Chain of Custody - -answer--a written record of all people who have had possession of an item
of evidence
Rule 101: Scope - -answer--These rules govern proceedings in the courts of the United States
and before United States bankruptcy judges and United States magistrate judges, to the extent
and with the exceptions stated in rule 1101.
Rule 102: Purpose and Construction - -answer--These rules shall be construed to secure fairness
in administration, elimination of unjustifiable expense and delay, and promotion of growth and
development of the law of evidence to the end that the truth may be ascertained and
proceedings justly determined.
Rule 105: Limited Admissibility - -answer--When evidence that is admissible as to one party or
for one purpose but not admissible as to another party or for another purpose is admitted, the
court, upon ITProTV Video Notes for CHFI v9 request, shall restrict the evidence to its proper
scope and instruct the jury accordingly
Rule 801: Hearsay - -answer--"Hearsay" means a statement that:
(1) the declarant does not make while testifying at the current trial or hearing; and
(2) a party offers in evidence to prove the truth of the matter asserted in the statement.
WGU C702 FINAL EXAMS WITH VERIFIED AND CORRECT
QUESTIONS AND ANSWERS ALREADY APPROVED 2025
EDITION AND BEST GRADED
Administrative Cases - -answer--An internal investigation by an organization to discover if its
employees/clients/partners are abiding by the rules or policies (Violation of company policies).
Non-criminal in nature and are related to misconduct or activities of an employee
Authentic Evidence - -answer--Evidence that is in its original or genuine state.
Investigators must provide supporting documents regarding the authenticity, accuracy, and
integrity of the evidence
Complete Evidence - -answer--Evidence must either prove or disprove the fact
Reliable Evidence - -answer--evidence that possesses a sufficient degree of likelihood that it is
true and accurate
Evidence must be proven dependable when the evidence was extracted
Computer Forensics - -answer--A set of methodological procedures and techniques that help
identify, gather, preserve, extract, interpret, document, and present evidence from computers in
a way that is legally admissible
Cyber Crime - -answer--Any illegal act involving a computing device, network, its systems, or its
applications. Both internal and external
Enterprise Theory of Investigation (ETI) - -answer--Methodology for investigating criminal
activity
, 2
Types of Cyber Crime - -answer--Civil, Criminal, Administrative
Civil Cases - -answer--Involve disputes between two parties. Brought for violation of contracts
and lawsuits where a guilty outcome generally results in monetary damages to the plaintiff
Criminal Cases - -answer--Brought by law enforcement agencies in response to a suspected
violation of law where a guilty outcome results in monetary damages, imprisonment, or both
Rules of Forensic Investigation - -answer--Safeguard the integrity of the evidence and render it
acceptable in a court of law. The forensic examiner must make duplicate copies of the original
evidence. The duplicate copies must be accurate replications of the originals, and the forensic
examiner must also authenticate the duplicate copies to avoid questions about the integrity of
the evidence. Must not continue with the investigation if the examination is going to be beyond
his or her knowledge level or skill level.
Cyber Crime Investigation Methodology/Steps - -answer--1. Identify the computer crime 2.
Collect preliminary evidence 3.Obtain court warrant dor discovery/seizure of evidence
4.Perform first responder procedures 5. Seize evidence at the crime scene 6. Transport evidence
to lab 7. Create two bitstream copies of the evidence 8. Generate MD5 checksum of the images
9. Maintain chain of custody 10. Store original evidence in secure location 11. Analyze the image
copy for evidence 12. Prepare a forensic report 13. Submit a report to client 14. Testify in course
as an expert witness
Locard's Exchange Principle - -answer--Anyone of anything, entering a crime scene takes
something of the scene with them and leaves something of themselves behind when they
leave.
Types of Digital Data - -answer--Volatile Data
Non-volatile Data
Volatile Data - -answer--Temporary information on a device that requires a constant power
supply and is deleted if the power supply is interrupted
, 3
Non-Volatile Data - -answer--Secondary storage of data. Long-term, persistent data.
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
Characteristics of Digital Evidence - -answer--1. Be Relevant
2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
6. Be convincing
7. Be admissible
Admissible evidence - -answer--Evidence that can be legally and properly introduced in a civil or
criminal trial.
Evidence is relevant to the case
Believable Evidence - -answer--Evidence must be presented in a clear manner and expert
opinions must be obtained where necessary
Rules of Evidence - -answer--Rules governing the admissibility of evidence in trial courts.
Best Evidence Rule - -answer--states that secondary evidence, or a copy, is inadmissible in court
when the original exists.
Duplicate evidence will suffice under the following conditions:
-Original evidence is destroyed due to fire or flood
-Original evidence is destroyed in the normal course of business
-Original evidence is in possession of a third party
, 4
Forensic Readiness - -answer--An organization's ability to make optimal use of digital evidence
in a limited period and with minimal investigation costs.
Fourth Amendment - -answer--Protects against unreasonable search and seizure. Government
agents may not search or seize areas or things in which a person has reasonable expectation of
privacy, without a search warrant.
Chain of Custody - -answer--a written record of all people who have had possession of an item
of evidence
Rule 101: Scope - -answer--These rules govern proceedings in the courts of the United States
and before United States bankruptcy judges and United States magistrate judges, to the extent
and with the exceptions stated in rule 1101.
Rule 102: Purpose and Construction - -answer--These rules shall be construed to secure fairness
in administration, elimination of unjustifiable expense and delay, and promotion of growth and
development of the law of evidence to the end that the truth may be ascertained and
proceedings justly determined.
Rule 105: Limited Admissibility - -answer--When evidence that is admissible as to one party or
for one purpose but not admissible as to another party or for another purpose is admitted, the
court, upon ITProTV Video Notes for CHFI v9 request, shall restrict the evidence to its proper
scope and instruct the jury accordingly
Rule 801: Hearsay - -answer--"Hearsay" means a statement that:
(1) the declarant does not make while testifying at the current trial or hearing; and
(2) a party offers in evidence to prove the truth of the matter asserted in the statement.
