Chat with AI
Deck 3: The Investigators Office and Laboratory
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 3: The Investigators Office and Laboratory
1
Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Windows File System.
A) NTFS
B) ext3
C) FAT24
D) ext2
A) NTFS
B) ext3
C) FAT24
D) ext2
A
2
A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks.
True
3
Defense contractors during the Cold War were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____.
A) TEMPEST
B) RAID
C) NISPOM
D) EMR
A) TEMPEST
B) RAID
C) NISPOM
D) EMR
A
4
If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Computing systems in a forensics lab should be able to process typical cases in a timely manner.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
IACIS requires recertification every ____ years to demonstrate continuing work in the field of computer forensics.
A) 2
B) 3
C) 4
D) 5
A) 2
B) 3
C) 4
D) 5
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
Requirements for taking the EnCE certification exam depend on taking the Guidance Software EnCase training courses.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.
A) gypsum
B) steel
C) wood
D) expanded metal
A) gypsum
B) steel
C) wood
D) expanded metal
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
You should have at least one copy of your backups on site and a duplicate copy or a previous copy of your backups stored in a safe ____ facility.
A) in-site
B) storage
C) off-site
D) online
A) in-site
B) storage
C) off-site
D) online
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
____ was created by police officers who wanted to formalize credentials in computing investigations.
A) HTCN
B) NISPOM
C) TEMPEST
D) IACIS
A) HTCN
B) NISPOM
C) TEMPEST
D) IACIS
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
The EMR from a computer monitor can be picked up as far away as ____ mile.
A) 1/4
B) 1/2
C) 3/4
D) 1
A) 1/4
B) 1/2
C) 3/4
D) 1
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Lab costs can be broken down into daily, ____, and annual expenses.
A) weekly
B) monthly
C) bimonthly
D) quarterly
A) weekly
B) monthly
C) bimonthly
D) quarterly
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
One way to investigate older and unusual computing systems is to keep track of ____ that still use these systems.
A) AICIS lists
B) uniform reports
C) SIGs
D) Minix
A) AICIS lists
B) uniform reports
C) SIGs
D) Minix
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
A ____ is where you conduct your investigations, store evidence, and do most of your work.
A) forensic workstation
B) computer forensics lab
C) storage room
D) workbench
A) forensic workstation
B) computer forensics lab
C) storage room
D) workbench
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
To preserve the integrity of evidence data, your lab should function as an evidence locker or safe, making it a ____ or a secure storage safe.
A) secure workstation
B) secure workbench
C) protected PC
D) secure facility
A) secure workstation
B) secure workbench
C) protected PC
D) secure facility
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
____ are generated at the federal, state, and local levels to show the types and frequency of crimes committed.
A) HTCN reports
B) IDE reports
C) Uniform crime reports
D) ASCLD reports
A) HTCN reports
B) IDE reports
C) Uniform crime reports
D) ASCLD reports
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
A ____ plan also specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.
A) disaster recovery
B) risk management
C) configuration management
D) security
A) disaster recovery
B) risk management
C) configuration management
D) security
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Performing a forensic analysis of a disk 200 GB or larger can take several days and often involves running imaging software overnight and on weekends.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Floors and carpets on your computer forensic lab should be cleaned at least ____ a week to help minimize dust that can cause static electricity.
A) once
B) twice
C) three times
D) four times
A) once
B) twice
C) three times
D) four times
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
What HTCN certification level requires candidates have three years of investigative experience in any discipline from law enforcement or corporate or have a college degree with one year of experience in investigations?
A) Certified Computer Crime Investigator, Basic Level
B) Certified Computer Crime Investigator, Advanced Level
C) Certified Computer Forensic Technician, Basic
D) Certified Computer Forensic Technician, Advanced
A) Certified Computer Crime Investigator, Basic Level
B) Certified Computer Crime Investigator, Advanced Level
C) Certified Computer Forensic Technician, Basic
D) Certified Computer Forensic Technician, Advanced
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
tool for directly restoring files
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
tool for directly restoring files
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
certification program that regulates how crime labs are organized and managed
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
certification program that regulates how crime labs are organized and managed
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
The ______________________________ provides guidelines for managing a forensics lab and for acquiring official crime-lab certification.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
stands for Metropolitan Area Network
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
stands for Metropolitan Area Network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
In the ____, you justify acquiring newer and better resources to investigate computer forensics cases.
A) risk evaluation
B) business case
C) configuration plan
D) upgrade policy
A) risk evaluation
B) business case
C) configuration plan
D) upgrade policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
a plan you can use to sell your services to your management or clients
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
a plan you can use to sell your services to your management or clients
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
For daily work production, several examiners can work together in a large open area, as long as they all have ____________________ level of authority and access need.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
a high-end RAID server from Digital Intelligence
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
a high-end RAID server from Digital Intelligence
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
sponsors the EnCE certification program
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
sponsors the EnCE certification program
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
ruled by the IEEE 1394B standard
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
ruled by the IEEE 1394B standard
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
In addition to performing routine backups, record all the updates you make to your workstation by using a process called ____ when planning for disaster recovery.
A) configuration management
B) risk assessment
C) recovery logging
D) change management
A) configuration management
B) risk assessment
C) recovery logging
D) change management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
addresses how to restore a workstation you reconfigured for a specific investigation
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
addresses how to restore a workstation you reconfigured for a specific investigation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
____________________ Chapter 5, Section 3 (http://nsi.org/Library/Govt/Nispom.html) describes the characteristics of a safe storage container.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
For labs using high-end ____ servers (such as Digital Intelligence F.R.E.D.C. or F.R.E.D.M.), you must consider methods for restoring large data sets.
A) RAID
B) ISDN
C) WAN
D) TEMPEST
A) RAID
B) ISDN
C) WAN
D) TEMPEST
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
The lab ____________________ sets up processes for managing cases and reviews them regularly.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Computing components are designed to last 18 to ____ months in normal business operations.
A) 24
B) 30
C) 36
D) 42
A) 24
B) 30
C) 36
D) 42
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Match each item with a statement below
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
can be a valuable source of support for recovering and analyzing uncommon systems
a.FireWire
f.SIG
b.Guidance Software
g.MAN
c.Business case
h.Norton Ghost
d.F.R.E.D.C.i.Disaster recovery plan
e.ASCLD/LAB
can be a valuable source of support for recovering and analyzing uncommon systems
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
A(n) ____________________ plan ensures that you can restore your workstations and file servers to their original condition if a catastrophic failure occurs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
By using ____ to attract new customers or clients, you can justify future budgets for the lab's operation and staff.
A) pricing
B) marketing
C) budgeting
D) changing
A) pricing
B) marketing
C) budgeting
D) changing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
____ involves determining how much risk is acceptable for any process or operation, such as replacing equipment.
A) Risk configuration
B) Change management
C) Configuration management
D) Risk management
A) Risk configuration
B) Change management
C) Configuration management
D) Risk management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Illustrate a proper way of disposing materials on your computer investigation lab.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Discuss the use of a laptop PC as a forensic workstation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
What are the minimum requirements for a computer investigation and forensics lab?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Briefly outline the process of selecting workstations for a police computer investigation lab.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Provide a brief explanation of how to plan a lab budget.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What are the questions you need to ask when planning the justification step of a business case?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are the four levels of certification offered by HTCN?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What are the duties of a lab manager?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
Give a brief explanation of a computer forensics lab auditing process.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
What peripheral devices should be stocked in your computer forensics lab?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
