In Eoghan Casey’s model of an investigation there are multiple steps. Which of these is not one of those steps?
Examination
Interrogation
Identification/Assessment
Preservation
Reporting
Interrogation
TF: The process of documentation begins in the Identification/Assessment phase.
True
Which of the following would not likely be a stakeholder in a civil lawsuit against a major automobile manufacturer?
Government regulatory agencies
The United Autoworkers Union
The judge assigned to the case
Owners of that company’s products
All of these would be interested parties.
All of these would be interested parties.
TF: Collecting exculpatory evidence is exclusively the responsibility of the defense counsel.
False
Bob Smith is suspected of using his company’s Internet facilities as a conduit for sending large quantities of SPAM to millions of users. You are called in to examine his computer to see if there is evidence to support this claim. This is initially a form of what type of investigation?
Civil
Internal
Criminal
This is not something you would do.
Internal
You suspect that there are a number of deleted files that can still be salvaged in the unallocated space of a drive image. During which phase of the investigation would you use a data carving utility?
Examination
Acquisition
Identification/Assessment
Analysis
Reporting
Examination
During which phase of an investigation do you make your first entries into a chain of custody log?
Examination
Acquisition
Identification/Assessment
Analysis
Reporting
Acquisition
Criminal cases have more stringent evidence-gathering requirements because ________________.
Only civil cases fall under constitutional guidelines.
Criminal cases are generally handled by Federal judges.
The Constitution protects the rights of citizens being tried in criminal proceedings.
Civil cases do not involve jail time or possible capital punishment.
They don’t. Civil cases have the most stringent requirements.
The Constitution protects the rights of citizens being tried in criminal proceedings.
When qualifying an incident as a computer crime, which of the following characteristics would not be considered a valid description?
The data in the computer are the objects of the act.
The computer is the instrument or the tool of the act.
The computer is one of the objects stolen during a burglary.
The computer is the target of an act.
The computer is one of the objects stolen during a burglary.
Collecting the legal authorizations to begin an investigation are part of the ___________ stage of the model.
Identification/Assessment
Analysis
Collection/Acquisition
Reporting
Identification/Assessment
You are among the first onto a scene in which multiple computers are being seized. As a part of the investigation, you take a number of digital photographs and a video recording of the scene. What primary collection of documentation hosts these images and videos?
The Case Timeline
Procedural Documentation
Chain of Custody
General Case Documentation
Process Documentation
General Case Documentation
You are about to seize an external hard disk drive that you found in the vicinity of a crime scene. You record the make, model, and serial number of the drive before you pack it up for shipping. Of which set of documents does the record become a part?
The Case Timeline
Chain of Custody
General Case Documentation
Process Documentation
Chain of Custody
-
Chapter 1: The Anatomy of a Digital Investigation29
-
Chapter 1 Practice Quiz12
-
Chapter 2: Laws Affecting Forensic Investigations7
-
Chapter 2 Practice Quiz4
-
Chapter 3: Search Warrants and Subpoenas37
-
Chapter 3 Practice Quiz11
-
Chapter 4: Legislated Privacy Concerns16
-
Chapter 4 Practice Quiz10
-
Chapter 7: Data Acquisition21
