Chapter 2: Computer Forensics and Digital Detective Work

Chapter 2: Computer Forensics and Digital Detective Work

download instant at

Chapter 2: Computer Forensics and
Digital detective work

  1. In 2005, the estimated number of e-mail users in the United States was

A.105 million

B.105 billion

C.1.5 million

D.1.5 billion

Answer: AReference:IntroductionDifficulty:Easy

  1. What type of program is available to delete and overwrite data on a computer?

A.File-overwriting software

B.File-deleting software

C.File-wiping software

D.All of the above

Answer: CReference:E-Evidence TrailsDifficulty:Easy

  1. In what manner were e-commerce employees caught making online purchases using clients’ credit card numbers?

A.Copies of credit card numbers were found in their desks.

B.Copies of transactions were found at their homes.

C.Saved files were stored in a hidden directory.

D.Credit card numbers, along with the name and address of person who placed order, were found in a hidden HTML coded file.

Answer: DReference:Knowing What to Look ForDifficulty:Moderate

  1. Robert Hanssen stored documents he was stealing from the FBI and selling to the Russians on a(n)

A.MP3 player

B.Palm III PDA

C.Laptop computer

D.Cell phone

Answer: BReference:Answering the 5 W'sDifficulty:Easy

  1. In order to be legally defensible, methods used in the recovery of data must ensure that

A.The original evidence was not altered.

B.No data was added to the original.

C.No data was deleted from the original.

D.All of the above

Answer: DReference:Caution: PreservingEvidenceDifficulty:Moderate

  1. Which of the following is NOT considered one of the five stages of a computer investigation?

A.Intelligence

B.Hypothesis

C.Conviction

D.Conclusion

Answer: CReference:ComputerForensics ScienceDifficulty:Moderate

  1. The chain of custody must include which of the following items?

A.Where the evidence was stored

B.The size of the containers used to store the evidence

C.How heavy the evidence was when acquired

D.The relevance of the evidence

Answer: AReference:Admissibility of EvidenceDifficulty:Easy

  1. In the case in which a hacker named Maxim broke into CD Universe credit card files, the FBI and company employees accessed original files to determine how the intrusion had occurred. What was the impact on the case of working with original files?

A.There was no impact on the case, because a correct chain of custody form was produced.

B.The case was nullified,because the last-access dates on the original files were changed.

C.There was no impact on the case, because the original files were copied correctly.

D.The case was nullified, because the FBI did not have permission to open the original files.

Answer: BReference:IP: CD Universe Prosecution FailureDifficulty:Difficult

  1. What unique piece of evidence finally gave police the break they’d needed in order to solve the BTK serial murderer case?

A.A phone number located within a computer

B.A USB drive with his deleted address

C.A floppy disk with his deleted address

D.A floppy disk with a deleted address of a church

Answer: DReference:Digital Signature Left by Serial KillerDifficulty:Moderate

  1. Which of the following is NOT considered one of the items e-evidence is currently being used for?

A.To prove intent

B.To imply motive

C.To provide alibis

D.All listed are currently being used

Answer: CReference:Digital Profiling of Crime SuspectsDifficulty:Difficult

  1. Which of the following is NOT considered an objective in ensuring probative information is recovered?

A.To protect the computer system during the actual investigation

B.To search for any and all malware that may have infected the system

C.To recover deleted, existing, hidden, and password protected files

D.To determine if steganography was used

Answer: BReference:ComputerForensics and the E-Evidence Collection ProcessDifficulty:Difficult

  1. Evidence may be suppressed if which of the following occurs?

A.If the officer exceeds the limited right or scope

B.If the police do not have a warrant

C.If the officer takes more than is on the warrant

D.All of the above

Answer: DReference:Probable Cause and Search WarrantsDifficulty:Difficult

  1. Evidence collected in violation of which amendment will cause the evidence to be excluded?

A.The Fourth Amendment

B.The First Amendment

C.The Ninth Amendment

D.The Tenth Amendment

Answer: AReference:Proper Procedure and Limitations Built into the LawDifficulty:Easy

  1. Hackers go after valuable content such as

A.Expensive applications

B.Links to terrorist Web sites

C.Pricing data

D.Malware scripts

Answer: CReference:Computer Is the Crime TargetDifficulty:Moderate

  1. Which of the following traditional crimes are easier because of widespread computer access?

A.Breaking and entering

B.Money laundering

C.Armed robbery

D.Assault

Answer: BReference:Computer Is Incidental to Traditional CrimesDifficulty:Moderate

Fill in the Blank:

  1. The emphasis on computer forensics as a(n) ______is important because it recognizes the field as a discipline with set principles.

Answer: scienceReference: Computer Forensics ScienceDifficulty:Moderate

  1. The ______is documentation that the evidence was handled and preserved properly.

Answer: chain of custodyReference: Admissibility of EvidenceDifficulty: Moderate

  1. ______is a term generally used to indicate a message is hidden within another file.

Answer: SteganographyReference: Computer Forensics and the Difficulty: Easy

E-Evidence Collection Process

  1. ______is created whena file is created if it does not take up an entire sector.

Answer:File slackReference:Unallocated Space and File SlackDifficulty: Moderate

  1. Criminal trials are often preceded by a(n) ______at which the admissibility of evidence is determined.

Answer:suppression hearing Reference: Withstanding Challenges to EvidenceDifficulty: Difficult

  1. A(n) ______is a reasonable belief that a person has committed a crime.

Answer: probable cause Reference: Probable Cause and Search WarrantsDifficulty: Moderate

  1. The ______states that evidence collected in violation of the Fourth Amendment cannot be used in a trial.

Answer:exclusionary ruleReference: Proper Procedure andDifficulty: Moderate

Limitations Built into the Law

  1. Criminals whose purpose is ______need to brag about their exploits because they are motivated by a desire for fame or notoriety.

Answer: trophy huntingReference: Finding the Motive: The “Why” of the CrimeDifficulty: Moderate

  1. ______is theblending of accounting, auditing, and investigative skills.

Answer: Forensic accountingReference: Computer Is the Crime InstrumentDifficulty: Moderate

  1. One of the morepopular theories is that a person could actually commit______by changing a patient's medication data.

Answer: murderReference: Computer Is Incidental to Traditional CrimesDifficulty: Moderate

  1. According to a2003 survey, ______and China had the highest piracy rates.

Answer: VietnamReference: New Crimes Generated by Difficulty: Moderate

the Prevalence of Computers

  1. Care, control, and chain of custody are called the ______of evidence.

Answer: three C’sReference: Forensic Rules and Evidence IssuesDifficulty: Easy

  1. If evidence items are releasedto auditors or authorities, the ______should be recorded.

Answer: release datesReference: Chain of Custody Procedures Difficulty: Moderate

Matching:

  1. Match the criminal with the e-evidence associated with his or her crime.

I.John Allen MohammadA.Evidence of child pornography on computer

IILisa MontgomeryB.GPS data from car and cell phone

III.Scott PetersonC.Digital recordings on a device in car

IV.Alejandro AvilaD.E-mail communication between criminal and victim

Answer: C D B AReference: Digital Signature Left by Serial KillerDifficulty: Moderate

  1. Match the term with its definition.

I.SectorA.Remnant area at the end of a file

II.Unallocated spaceB.Smallest unit that can be accessed on a disk

III.Slack spaceC.Fixed block of data such as 1024 bytes

IV.ClusterD.Space not currently used to store an active file

Answer: B D A CReference: Terms throughout the chapterDifficulty: Moderate

  1. Match the type of cybercrime with its description.

I.SpoofingA.Unauthorized access causes damage

II.Techno-vandalismB.Phony Web sites

III.Techno-trespassC.Criminal trespass

IV.Root access D.Gives the user Admin rights

Answer: B A C DReference: Computer Is the Crime TargetDifficulty: Moderate

  1. Match the type of crime with its motive.

I.Fraud from computer billingsA.Computer is the crime target

II.Software piracyB.Computer is the crime instrument

III.Theft of intellectual propertyC.Computer is incidental to traditional crime

IV.Illegal gamblingD.New crime generated by prevalence of computers

Answer:B D A CReference: Types of Motives and CybercrimesDifficulty: Moderate

download instant at

Top View