Question 1

In order to protect a cellular phone for evidentiary procedures,transport it in a(n)___________.

Accepted Answer

Faraday bag

Question 2

Which of the following is NOT an item generally included in a forensic kit?&#10;A)Flashlight&#10;B)USB external drive&#10;C)General case intake form&#10;D)Latex gloves

Accepted Answer

A general case intake form is typically part of administrative procedures, not a physical item in a forensic kit.

Question 3

?Which of the following is one of the bottom-layer examinations you would make on a suspect computer?&#10;A)Extraction of encrypted files&#10;B)Operating system norms&#10;C)Extraction of unallocated space files of interest&#10;D)All of the above

Accepted Answer

The examination of operating system norms is one of the basic examinations to be conducted on a suspect computer in order to understand its baseline behavior and identify any anomalies or deviations. Extraction of encrypted files and unallocated space files of interest are more advanced examinations that may come later in the investigation process.

Question 4

What is considered to be the best way to preserve the layout of a crime scene?&#10;A)Write down all information.&#10;B)Use a compact cassette recorder.&#10;C)Ask questions.&#10;D)Photograph it.

Accepted Answer

Photographs offer a visual record of the crime scene, which helps investigators recall details about the position of objects, location of evidence, and other aspects of the scene. This can help preserve the layout of a crime scene accurately. While writing down information, asking questions, and using a compact cassette recorder can also capture important details, they don't necessarily provide a visual depiction of the scene.

Question 5

Include a(n)________ as part of your forensic equipment because it allows you to carry a library of forensic tools and can give you access to the Internet.

Accepted Answer

The answer of Include a(n)________ as part of your forensic...

Question 6

A(n)________ needs to be completed when reviewing a potential case and determining whether to accept it.

Accepted Answer

The answer of A(n)________ needs to be completed when reviewing...

Question 7

Common criteria for accepting a case include all of the following EXCEPT&#10;A)Whether it is a criminal or civil case&#10;B)The law enforcement agency in charge of the case&#10;C)The potential impact upon the organization&#10;D)Liability issues

Accepted Answer

The law enforcement agency in charge of the case is not a common criterion for accepting a case. The other options listed are common criteria for accepting a case.

Question 8

When should the process of documenting e-evidence begin?&#10;A)Upon receipt of the evidence&#10;B)While gathering evidence&#10;C)While forensically investigating the evidence&#10;D)Upon first receiving the call concerning the case

Accepted Answer

The process of documenting electronic evidence should begin as soon as one receives the initial call concerning the case. This ensures that all actions and findings are recorded from the very beginning, maintaining the integrity and chain of custody of the evidence.

Question 9

Which of the following is NOT one of the areas to be considered when selecting members of a forensic unit?&#10;A)Experience&#10;B)Team player&#10;C)Mental agility&#10;D)Works well under pressure

Accepted Answer

Mental agility is not typically listed as a specific area to consider when selecting members of a forensic unit. Instead, experience, ability to work well in a team, and the ability to work well under pressure are more commonly emphasized criteria.

Question 10

You should ask questions about what types of ________ and ________ are involved because you can save time and mistakes if you take the correct equipment with you.

Accepted Answer

The answer of You should ask questions about what types...

Question 11

Who has the legal authority to conduct a search in a criminal case?&#10;A)It's decided by the local jurisdiction.&#10;B)It's decided by federal statutes.&#10;C)It's decided by the investigator on site.&#10;D)It's decided by the lead detective on the scene.

Accepted Answer

The answer of Who has the legal authority to conduct...

Question 12

?The primary consideration in determining where to do the forensic work is always the&#10;A)Estimation of personnel needed&#10;B)Integrity of the evidence&#10;C)Impact of the investigation on the organization&#10;D)Current number of cases being handled

Accepted Answer

The answer of ?The primary consideration in determining where to...

Question 13

Forensic investigators establish generally accepted policies and procedures to ensure that&#10;A)They can bill at the correct rate&#10;B)Technical procedures are well documented&#10;C)All cases will go to trial&#10;D)Both B and C

Accepted Answer

The answer of Forensic investigators establish generally accepted policies and...

Question 14

Which of the following would NOT be part of a standard report?&#10;A)Brief summary&#10;B)Body of the report&#10;C)Brief biography of the suspect&#10;D)Conclusion section

Accepted Answer

The answer of Which of the following would NOT be...

Question 15

If you encounter files that have been password protected,one option is to&#10;A)Ask the user to give you the password&#10;B)Reconfigure the BIOS to allow access to the file&#10;C)Try a number of standard passwords to try to find a match&#10;D)Consult a hacker site for help with the password

Accepted Answer

The answer of If you encounter files that have been...

Question 16

If you find recent files of a particular application but the application itself is not present on the computer,what can you infer?&#10;A)The computer user is not very experienced.&#10;B)The application file belongs on another computer.&#10;C)The application program has been recently installed.&#10;D)The application program is stored on some other storage device.

Accepted Answer

The answer of If you find recent files of a...

Question 17

Why is tagging books and magazines at a crime scene considered important?&#10;A)You might wish to subscribe to a few yourself.&#10;B)It isn't important.&#10;C)It allows the investigator to get to know how the person thinks.&#10;D)You might find passwords hidden in the articles.

Accepted Answer

The answer of Why is tagging books and magazines at...

Question 18

The system BIOS can tell you&#10;A)Hard drive geometry settings&#10;B)What Web sites the user has visited recently&#10;C)The computer's operating system&#10;D)What applications are installed on the computer

Accepted Answer

The answer of The system BIOS can tell you&#10;A)Hard drive...

Question 19

Training of forensic personnel might include which of the following?&#10;A)Psychological profiling&#10;B)Medical forensics&#10;C)Ballistics&#10;D)iPOD data retrieval

Accepted Answer

The answer of Training of forensic personnel might include which...

Question 20

The ________ allows police to seize evidence if they see it while lawfully engaged in searching for other evidence.

Accepted Answer

The answer of The ________ allows police to seize evidence...

Question 21

A(n)________ examination is where most of the computer forensic work is performed.

Accepted Answer

The answer of A(n)________ examination is where most of the...

Question 22

The ________ determines which of the computer's media is used to start the computer.

Accepted Answer

The answer of The ________ determines which of the computer's...

Question 23

Your best bet for decrypting a file is to find out what program was used to encrypt it and obtain the ________ for that software.

Accepted Answer

The answer of Your best bet for decrypting a file...

Question 24

The ________ of a report contains as much detail and documentation as you can include.

Accepted Answer

The answer of The ________ of a report contains as...

Question 25

The computer's time and date should be compared against a known standard,such as ________.

Accepted Answer

The answer of The computer's time and date should be...

Question 26

The main reason for file compression is to ________.

Accepted Answer

The answer of The main reason for file compression is...

Question 27

The ________ of the extraction model is primarily concerned with developing a picture of how the system is set up.

Accepted Answer

The answer of The ________ of the extraction model is...

Question 28

A(n)________ examination involves searches of the areas the operating system does not recognize as being normally used.

Accepted Answer

The answer of A(n)________ examination involves searches of the areas...

Question 29

You can use ________ analysis to eliminate common files by comparing them to the same files on your system.

Accepted Answer

The answer of You can use ________ analysis to eliminate...

Question 30

With the original evidence safely stored,you should make a(n)________ of the forensic image.

Accepted Answer

The answer of With the original evidence safely stored,you should...

Question 31

Match between columns&#10;                        Premises: Password protected&#10;Password protected&#10;Password protected&#10;Password protected

Accepted Answer

The Answer of Uses an algorithm to make readable and is...

Question 32

Match between columns&#10;                        Premises: What am I looking for?&#10;What am I looking for?&#10;What am I looking for?&#10;What am I looking for?&#10;What am I looking for?

Accepted Answer

The Answer of Identify the operating system or network topology is...

Question 33

Match between columns&#10;                        Premises: Hardware toolkit&#10;Hardware toolkit&#10;Hardware toolkit&#10;Hardware toolkit&#10;Hardware toolkit

Accepted Answer

The Answer of Useful for transferring large amounts of data is...

Deck 4: Policies and Procedures