Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 4: Policies and Procedures

Full screen (f)
exit full mode
Question
In order to protect a cellular phone for evidentiary procedures,transport it in a(n)___________.
Use Space or
up arrow
down arrow
to flip the card.
Question
Which of the following is NOT an item generally included in a forensic kit?

A)Flashlight
B)USB external drive
C)General case intake form
D)Latex gloves
Question
?Which of the following is one of the bottom-layer examinations you would make on a suspect computer?

A)Extraction of encrypted files
B)Operating system norms
C)Extraction of unallocated space files of interest
D)All of the above
Question
What is considered to be the best way to preserve the layout of a crime scene?

A)Write down all information.
B)Use a compact cassette recorder.
C)Ask questions.
D)Photograph it.
Question
Include a(n)________ as part of your forensic equipment because it allows you to carry a library of forensic tools and can give you access to the Internet.
Question
A(n)________ needs to be completed when reviewing a potential case and determining whether to accept it.
Question
Common criteria for accepting a case include all of the following EXCEPT

A)Whether it is a criminal or civil case
B)The law enforcement agency in charge of the case
C)The potential impact upon the organization
D)Liability issues
Question
When should the process of documenting e-evidence begin?

A)Upon receipt of the evidence
B)While gathering evidence
C)While forensically investigating the evidence
D)Upon first receiving the call concerning the case
Question
Which of the following is NOT one of the areas to be considered when selecting members of a forensic unit?

A)Experience
B)Team player
C)Mental agility
D)Works well under pressure
Question
You should ask questions about what types of ________ and ________ are involved because you can save time and mistakes if you take the correct equipment with you.
Question
Who has the legal authority to conduct a search in a criminal case?

A)It's decided by the local jurisdiction.
B)It's decided by federal statutes.
C)It's decided by the investigator on site.
D)It's decided by the lead detective on the scene.
Question
?The primary consideration in determining where to do the forensic work is always the

A)Estimation of personnel needed
B)Integrity of the evidence
C)Impact of the investigation on the organization
D)Current number of cases being handled
Question
Forensic investigators establish generally accepted policies and procedures to ensure that

A)They can bill at the correct rate
B)Technical procedures are well documented
C)All cases will go to trial
D)Both B and C
Question
Which of the following would NOT be part of a standard report?

A)Brief summary
B)Body of the report
C)Brief biography of the suspect
D)Conclusion section
Question
If you encounter files that have been password protected,one option is to

A)Ask the user to give you the password
B)Reconfigure the BIOS to allow access to the file
C)Try a number of standard passwords to try to find a match
D)Consult a hacker site for help with the password
Question
If you find recent files of a particular application but the application itself is not present on the computer,what can you infer?

A)The computer user is not very experienced.
B)The application file belongs on another computer.
C)The application program has been recently installed.
D)The application program is stored on some other storage device.
Question
Why is tagging books and magazines at a crime scene considered important?

A)You might wish to subscribe to a few yourself.
B)It isn't important.
C)It allows the investigator to get to know how the person thinks.
D)You might find passwords hidden in the articles.
Question
The system BIOS can tell you

A)Hard drive geometry settings
B)What Web sites the user has visited recently
C)The computer's operating system
D)What applications are installed on the computer
Question
Training of forensic personnel might include which of the following?

A)Psychological profiling
B)Medical forensics
C)Ballistics
D)iPOD data retrieval
Question
The ________ allows police to seize evidence if they see it while lawfully engaged in searching for other evidence.
Question
A(n)________ examination is where most of the computer forensic work is performed.
Question
The ________ determines which of the computer's media is used to start the computer.
Question
Your best bet for decrypting a file is to find out what program was used to encrypt it and obtain the ________ for that software.
Question
The ________ of a report contains as much detail and documentation as you can include.
Question
The computer's time and date should be compared against a known standard,such as ________.
Question
The main reason for file compression is to ________.
Question
The ________ of the extraction model is primarily concerned with developing a picture of how the system is set up.
Question
A(n)________ examination involves searches of the areas the operating system does not recognize as being normally used.
Question
You can use ________ analysis to eliminate common files by comparing them to the same files on your system.
Question
With the original evidence safely stored,you should make a(n)________ of the forensic image.
Question
Match between columns
Premises:
Responses:
Password protected
Uses an algorithm to make readable
Password protected
Needs a word or phrase to unlock the file
Password protected
Data hides in another file
Password protected
Usually mail files
Question
Match between columns
Premises:
Responses:
What am I looking for?
Identify the operating system or network topology
What am I looking for?
There may be fingerprints or other trace evidence
What am I looking for?
You would use different tools to locate different items such as photographs or spreadsheets
What am I looking for?
This determines how you will extract the data
What am I looking for?
The more skilled the user, the more likely it is that he can alter or destroy evidence
Question
Match between columns
Premises:
Responses:
Hardware toolkit
Useful for transferring large amounts of data or images
Hardware toolkit
Necessary if there are no convenient plugs
Hardware toolkit
Startup disks, CDs, or USB drives
Hardware toolkit
Used to keep notes or upload photographs
Hardware toolkit
Screwdrivers, pliers, duct tape
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/33
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 4: Policies and Procedures
1
In order to protect a cellular phone for evidentiary procedures,transport it in a(n)___________.
Faraday bag
2
Which of the following is NOT an item generally included in a forensic kit?

A)Flashlight
B)USB external drive
C)General case intake form
D)Latex gloves
C
3
?Which of the following is one of the bottom-layer examinations you would make on a suspect computer?

A)Extraction of encrypted files
B)Operating system norms
C)Extraction of unallocated space files of interest
D)All of the above
B
4
What is considered to be the best way to preserve the layout of a crime scene?

A)Write down all information.
B)Use a compact cassette recorder.
C)Ask questions.
D)Photograph it.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
5
Include a(n)________ as part of your forensic equipment because it allows you to carry a library of forensic tools and can give you access to the Internet.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
6
A(n)________ needs to be completed when reviewing a potential case and determining whether to accept it.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
7
Common criteria for accepting a case include all of the following EXCEPT

A)Whether it is a criminal or civil case
B)The law enforcement agency in charge of the case
C)The potential impact upon the organization
D)Liability issues
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
8
When should the process of documenting e-evidence begin?

A)Upon receipt of the evidence
B)While gathering evidence
C)While forensically investigating the evidence
D)Upon first receiving the call concerning the case
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following is NOT one of the areas to be considered when selecting members of a forensic unit?

A)Experience
B)Team player
C)Mental agility
D)Works well under pressure
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
10
You should ask questions about what types of ________ and ________ are involved because you can save time and mistakes if you take the correct equipment with you.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
11
Who has the legal authority to conduct a search in a criminal case?

A)It's decided by the local jurisdiction.
B)It's decided by federal statutes.
C)It's decided by the investigator on site.
D)It's decided by the lead detective on the scene.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
12
?The primary consideration in determining where to do the forensic work is always the

A)Estimation of personnel needed
B)Integrity of the evidence
C)Impact of the investigation on the organization
D)Current number of cases being handled
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
13
Forensic investigators establish generally accepted policies and procedures to ensure that

A)They can bill at the correct rate
B)Technical procedures are well documented
C)All cases will go to trial
D)Both B and C
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following would NOT be part of a standard report?

A)Brief summary
B)Body of the report
C)Brief biography of the suspect
D)Conclusion section
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
15
If you encounter files that have been password protected,one option is to

A)Ask the user to give you the password
B)Reconfigure the BIOS to allow access to the file
C)Try a number of standard passwords to try to find a match
D)Consult a hacker site for help with the password
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
16
If you find recent files of a particular application but the application itself is not present on the computer,what can you infer?

A)The computer user is not very experienced.
B)The application file belongs on another computer.
C)The application program has been recently installed.
D)The application program is stored on some other storage device.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
17
Why is tagging books and magazines at a crime scene considered important?

A)You might wish to subscribe to a few yourself.
B)It isn't important.
C)It allows the investigator to get to know how the person thinks.
D)You might find passwords hidden in the articles.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
18
The system BIOS can tell you

A)Hard drive geometry settings
B)What Web sites the user has visited recently
C)The computer's operating system
D)What applications are installed on the computer
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
19
Training of forensic personnel might include which of the following?

A)Psychological profiling
B)Medical forensics
C)Ballistics
D)iPOD data retrieval
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
20
The ________ allows police to seize evidence if they see it while lawfully engaged in searching for other evidence.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
21
A(n)________ examination is where most of the computer forensic work is performed.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
22
The ________ determines which of the computer's media is used to start the computer.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
23
Your best bet for decrypting a file is to find out what program was used to encrypt it and obtain the ________ for that software.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
24
The ________ of a report contains as much detail and documentation as you can include.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
25
The computer's time and date should be compared against a known standard,such as ________.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
26
The main reason for file compression is to ________.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
27
The ________ of the extraction model is primarily concerned with developing a picture of how the system is set up.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
28
A(n)________ examination involves searches of the areas the operating system does not recognize as being normally used.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
29
You can use ________ analysis to eliminate common files by comparing them to the same files on your system.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
30
With the original evidence safely stored,you should make a(n)________ of the forensic image.
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
31
Match between columns
Premises:
Responses:
Password protected
Uses an algorithm to make readable
Password protected
Needs a word or phrase to unlock the file
Password protected
Data hides in another file
Password protected
Usually mail files
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
41
Match between columns
Premises:
Responses:
What am I looking for?
Identify the operating system or network topology
What am I looking for?
There may be fingerprints or other trace evidence
What am I looking for?
You would use different tools to locate different items such as photographs or spreadsheets
What am I looking for?
This determines how you will extract the data
What am I looking for?
The more skilled the user, the more likely it is that he can alter or destroy evidence
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
59
Match between columns
Premises:
Responses:
Hardware toolkit
Useful for transferring large amounts of data or images
Hardware toolkit
Necessary if there are no convenient plugs
Hardware toolkit
Startup disks, CDs, or USB drives
Hardware toolkit
Used to keep notes or upload photographs
Hardware toolkit
Screwdrivers, pliers, duct tape
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 33 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree