Deck 11: Searching and Seizing Computer-Related Evidence

A) not susceptible to
B) not damaged in
C) especially vulnerable to
D) slightly susceptible to

A) Final preraid briefings do not include cautionary admonitions.
B) It is unacceptable to compile more equipment than necessary.
C) Traditional procedures for crime-scene investigation remain sacrosanct.
D) Officer safety generally takes a backseat during investigations.

A) hex editors
B) color scanner
C) multiple boot disks
D) evidence tape

A) digital protocol
B) SMEAC
C) the Electronic Communication Privacy Act
D) business ethics

A) It enables investigators to view files in hexadecimal formats.
B) It enables investigators to quickly scan the contents of large numbers of computer files.
C) It enables investigators to quickly search for keywords applicable to the current investigation.
D) It enables investigators to capture potential evidence residing in print buffers.

A) Investigators need not substantiate any request for seizure of equipment.
B) Permission is implicit for seizing all hardware and storage devices.
C) Explicit permission is preferred for seizing all hardware and storage devices.
D) Criminal contraband can be seized only with judicial authority.

A) cash
B) passwords
C) pornography
D) wiping programs

A) warrant preparation
B) knock, notice, and document
C) scene processing
D) securing the crime scene

A) They are legally required for the related hardware to be admitted as evidence.
B) They can alert investigators to hidden programs.
C) They are often a popular place for hiding passwords.
D) They can provide clues about the relative sophistication of the user.

A) probable cause that a crime has been committed
B) probable cause that the criminal has escaped
C) probable cause that evidence of a crime exists
D) probable cause that extant evidence resides in a particular location

A) investigators processing any trash
B) reconnaissance outside a suspect scene
C) deleting all data onto an external hard drive
D) criminals throwing into the trash any hardware

A) electric
B) battery-operated
C) magnetic
D) manual

A) execution
B) mission
C) communications
D) situation

A) potential for evidence destruction
B) presence of resident
C) immaturity of target
D) no prior knowledge of search

A) enabling investigators to fully document to the court the manner in which the scene was processed
B) serving as a refresher for investigators called to testify months or years after the fact
C) enabling investigators to duplicate the original state of the computer in court
D) enabling investigators to apply for a no-knock warrant

A) forensic software
B) labeling materials
C) mobile carts
D) photographic equipment

A) interrogating them
B) transporting them in custody
C) physically searching them for evidence
D) seizing their belongings

A) boardroom
B) police station
C) fire department
D) forensic laboratory

A) Recovery tools
B) Wiping programs
C) Locking programs
D) Fuzzy logic tools

A) exceptional sketching skills
B) exceptional communication skills
C) bagging and tagging skills
D) supervisory skills

A) investigator
B) suspect
C) computer
D) police

A) Use the suspect's cell phone to take photos.
B) Borrow film from another investigator.
C) Request the scene photographer to take additional photos.
D) Use the investigator's cell phone to take pictures.

A) ensure data integrity of
B) cause information overload in
C) lead to data overload of
D) cause information erasure in

A) Personnel gathering
B) Warrant preparation
C) Off-site searches
D) On-site searches