Chapter 1: Computer Forensics and Investigations as a Profession

Similar documents
Policies and Procedures No. 56

Fraud. Original Implementation: January 28, 1997 Last Revision: November 2, 2015 INTRODUCTION

Ethics Policy. Administrative Code under Part 3, Chapter 9, Article 1, Section 1.4

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

GUEST WIFI NETWORK. Terms and Conditions and Acceptable Use Protocol

PUBLIC INFORMATION FUNCTION

PUBLISHED AS A PUBLIC SERVICE BY THE OFFICE OF DISCIPLINARY COUNSEL

Who s who in a Criminal Trial

Law, Investigations, and Ethics. Ed Crowley

RESOLUTION NOW, THEREFORE, the Board of Directors does hereby RESOLVE and ORDER as follows:

GILLESPIE COUNTY FRAUD PREVENTION AND DETECTION POLICY

MC/15/89 Anti-Fraud Policy and Fraud Response Action Plan

Crisis Management Initial Response Checklist

Global Conditions (applies to all components):

Chapter 10 The Criminal Law and Business. Below is a table that highlights the differences between civil law and criminal law:

TERMS & CONDITIONS 1. DEFINITIONS 2. AGREEMENT 3. PLACING AN ORDER 4. PRICING AND PAYMENT

HOW TO VACATE AND EXPUNGE A FELONY CONVICTION

MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY (Department of Information Technology) NOTIFICATION New Delhi, the 11th April, 2011

Bowie City Police Department - General Orders

DEFINITIONS. Accuse To bring a formal charge against a person, to the effect that he is guilty of a crime or punishable offense.

September 1, 2015 Le 1 er septembre 2015 DISCLOSURE

VIDEO RECORDING OF POLICE ACTIVITY. Date Published. By Order of the Police Commissioner

Template Commission pursuant to Section 11 BDSG

National Report Japan

TIPS & STRATEGIES FOR PERFORMING HR INVESTIGATIONS. Presented by Chrys A. Martin

SEIZURE Effective Date: May 9, 2005

NATIONAL INSTRUCTION 2 of 2013 THE MANAGEMENT OF FINGERPRINTS, BODY-PRINTS AND PHOTOGRAPHIC IMAGES

Code of Practice Issued Under Section 377A of the Proceeds of Crime Act 2002

Interstate Commission for Adult Offender Supervision

EXAM TTM2 Information security, advanced. Technical Tools/Aid: None Duration: (3 hours) Contact person: Svein Willassen, ph.

A REPORT BY THE NEW YORK STATE OFFICE OF THE STATE COMPTROLLER

FINAL EXAMINATION DIRECTIONS: Write your answers on the ANSWER SHEET provided.

Laurel Police Department - General Order Chapter 4, Section 100, Order 115 Video Recording of Police Activity August 12, 2012

TERMS OF USE. 1. Background

Title 17-A: MAINE CRIMINAL CODE

Frequently Asked Questions for Municipalities LOCAL GOVERNMENT BODIES RECORDS

END USER LICENSE AGREEMENT. KnowledgePanel - PC

Subpart A General Provisions

The Government of the United States of America and the Government of the Swiss Confederation, hereinafter referred to as "the Contracting Parties";

SIMON READHEAD Q.C. PRIVACY NOTICE

ELUCIDATION OF LAW OF THE REPUBLIC OF INDONESIA NUMBER 8 YEAR 2010 CONCERNING PREVENTION AND ERADICATION THE CRIME OF MONEY LAUNDERING

Terms of Use Agreement

CFE CODE OF PROFESSIONAL STANDARDS INTERPRETATION AND GUIDANCE

TiHo Guidelines for Good Scientific Practice: translation from the German Dec. 2011/Jan. 2012, jmca

Handbook for Strengthening Harmony Between Immigrant Communities and the Edmonton Police Service

Democratic Governance of Policing in Manhattan the Role of Elected Prosecutors. Jessica de Grazia

Security Video Surveillance Policy

OFFICE OF ETHICS, COMPLIANCE AND OVERSIGHT (ECO) INTAKE OVERVIEW AND PROCEDURE

Chapter 10 The Criminal Law and Business. Two elements must exist at the same time for a person to be convicted of a crime:

Why I m here Academic: Law, international studies and policing in Australian and international universities Expert witness in court: Civil: contract,

UACN WHISTLEBLOWING POLICY

CITY OF VANCOUVER BRITISH COLUMBIA

The Global Economic Crime Survey Cybercrime: are you at risk?

Brussels, 16 May 2006 (Case ) 1. Procedure

Policy 5.11 ARREST PROCEDURES

Cybercrime in the spotlight

TERMS OF SERVICE FOR SUPPORT NETWORK COMMUNITY HEART AND STROKE REGISTRY SITE Last Updated: December 2016

Privacy Policy & Terms of Use

Georgia Computer System Protection Act

Page 1 of 9 YALE UNIVERSITY POLICE DEPARTMENT CRIME SCENE PROCESSING GENERAL ORDER JUL 2012 ANNUAL

Ownership of Site; Agreement to Terms of Use

MBTA Transit Police CHAPTER 120. General Order No PAGE 1 OF 8

DESCHUTES COUNTY ADULT JAIL L. Shane Nelson, Sheriff Jail Operations Approved by: February 9, 2016 CRIMINAL ACTS

Policy: Notifiable Data Breach

Subject FIELD INTERVIEWS, INVESTIGATIVE STOPS/DETENTIONS, WEAPONS PAT-DOWNS & SEARCHES. DRAFT 7 April By Order of the Police Commissioner

Southern Oregon High-Tech Crimes Task Force Digital Evidence Forensics Laboratory Administrative Policy Manual / Quality Assurance Manual

Corporate Counsel June 21, 2018

Section 66-A Punishment for sending offensive messages through communication service, etc.

Complaint refers to an allegation by an individual that any Department employee has misused authority, acted illegally or unethically.

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

Internal Oversight Division

Website Standard Terms and Conditions of Use

MEDICAL UNIVERSITY OF SOUTH CAROLINA DEPARTMENT OF PUBLIC SAFETY

Emerging Technology and the Fourth Amendment

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

End User License Agreement

Ministry of Citizenship and Immigration. Follow-Up on VFM Section 3.09, 2014 Annual Report RECOMMENDATION STATUS OVERVIEW

SOFTWARE LICENSE TERMS AND CONDITIONS

Conducting Internal Investigations: Gathering Evidence and Protecting Your Company

Regulations of Digital Information Processing and Communication (I&C) at the Karlsruhe Institute of Technology (KIT) [I&C Regulations]

Fragomen Privacy Notice

DACS DIGITAL PLATFORM LICENCE TERMS AND CONDITIONS 2016

Computer Search and Seizure

A GUIDE TO POLICE SERVICES IN TORONTO

Arizona 2. DRAFT Verified Voting Foundation March 12, 2007 Page 1 of 9

TRUSTEE DUTIES AND RESPONSIBILITIES Robert Hubsher, RCLS

Legal Ethics of Metadata or Mining for Data About Data

SEARCH AND SEIZURE OF DIGITAL EVIDENCE: THRESHOLDS AND MINEFIELDS

Protecting Your Privacy

Business Law Chapter 9 Handout

William A. Tanenbaum Co-Head, Technology Transactions. LA / NY / SF / DC / arentfox.com

SUPPLIER DATA PROCESSING AGREEMENT

Testimony of Kevin S. Bankston, Policy Director of New America s Open Technology Institute

The forensic use of bioinformation: ethical issues

15-6 Investigation Officer Guidelines

End-User Agreement for SwissSign Silver Certificates

When the cartel investigators come calling: Top ten do s, top ten don ts

LIFE UNDER PEP COMM I 247D ICE IMMIGRATION HOLD REQUEST ~~~~ I 247N ICE REQUEST FOR NOTIFICATION OF RELEASE ~~~~ I 247X ICE CATCHALL CUSTODY REQUEST

Statement on Security & Auditability

DATED DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE

Transcription:

Chapter 1: Computer Forensics and Investigations as a Profession Download Full Test Bank for guide to computer forensics and investigations 5th edition at https://getbooksolutions.com/download/test-bank-for-guide-to-computer-forensics-andinvestigations-5th-edition TRUE/FALSE 1. By the 1970s, electronic crimes were increasing, especially in the financial sector. T PTS: 1 REF: 6 2. To be a successful computer forensics investigator, you must be familiar with more than one computing platform. T PTS: 1 REF: 8 3. Computer investigations and forensics fall into the same category: public investigations. F PTS: 1 REF: 10 4. The law of search and seizure protects the rights of all people, excluding people suspected of crimes. F PTS: 1 REF: 11 5. After a judge approves and signs a search warrant, it s ready to be executed, meaning you can collect evidence as defined by the warrant. T PTS: 1 REF: 15 MULTIPLE CHOICE 1. The FBI was formed in 1984 to handle the increasing number of cases involving digital evidence. a. Federal Rules of Evidence (FRE) b. Department of Defense Computer Forensics Laboratory (DCFL) c. DIBS d. Computer Analysis and Response Team (CART) D PTS: 1 REF: 2 2. involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. a. Data recovery c. Computer forensics b. Network forensics d. Disaster recovery A PTS: 1 REF: 4 3. involves preventing data loss by using backups, uninterruptible power supply (UPS) devices, and off-site monitoring. a. Computer forensics c. Disaster recovery b. Data recovery d. Network forensics

C PTS: 1 REF: 4 4. The group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime. a. network intrusion detection c. incident response b. computer investigations d. litigation B PTS: 1 REF: 5 5. By the early 1990s, the introduced training on software for forensics investigations. a. IACIS c. CERT b. FLETC d. DDBIA A PTS: 1 REF: 6 6. In the Pacific Northwest, meets monthly to discuss problems that law enforcement and corporations face. a. IACIS c. FTK b. CTIN d. FLETC B PTS: 1 REF: 8 7. In a case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation. a. corporate c. criminal b. civil d. fourth amendment C PTS: 1 REF: 11 8. In general, a criminal case follows three stages: the complaint, the investigation, and the. a. litigation c. blotter b. allegation d. prosecution D PTS: 1 REF: 12 9. Based on the incident or crime, the complainant makes a(n), an accusation or supposition of fact that a crime has been committed. a. litigation c. blotter b. allegation d. prosecution B PTS: 1 REF: 13 10. In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n). a. blotter c. litigation report b. exhibit report d. affidavit D PTS: 1 REF: 14 11. It s the investigator s responsibility to write the affidavit, which must include (evidence) that support the allegation to justify the warrant. a. litigation c. exhibits b. prosecution d. reports C PTS: 1 REF: 14 12. The affidavit must be under sworn oath to verify that the information in the affidavit is true.

a. notarized c. recorded b. examined d. challenged A PTS: 1 REF: 14 13. Published company policies provide a(n) for a business to conduct internal investigations. a. litigation path c. line of allegation b. allegation resource d. line of authority D PTS: 1 REF: 16 14. A usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. a. warning banner c. line of authority b. right of privacy d. right banner A PTS: 1 REF: 16 15. A(n) is a person using a computer to perform routine tasks other than systems administration. a. complainant c. end user b. user banner d. investigator C PTS: 1 REF: 16 16. Without a warning banner, employees might have an assumed when using a company s computer systems and network accesses. a. line of authority c. line of privacy b. right of privacy d. line of right B PTS: 1 REF: 16 17. In addition to warning banners that state a company s rights of computer ownership, businesses should specify a(n) who has the power to conduct investigations. a. authorized requester c. line of right b. authority of line d. authority of right A PTS: 1 REF: 18 18. Most computer investigations in the private sector involve. a. e-mail abuse c. Internet abuse b. misuse of computing assets d. VPN abuse B PTS: 1 REF: 19 19. Corporations often follow the doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer. a. silver-tree c. silver-platter b. gold-tree d. gold-platter C PTS: 1 REF: 20 20. Your as a computer investigation and forensics analyst is critical because it determines your credibility. a. professional policy c. line of authority b. oath d. professional conduct

D PTS: 1 REF: 21 21. Maintaining means you must form and sustain unbiased opinions of your cases. a. confidentiality c. integrity b. objectivity d. credibility B PTS: 1 REF: 21 COMPLETION 1. involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases. Computer forensics PTS: 1 REF: 2 2. The to the U.S. Constitution (and each state s constitution) protects everyone s rights to be secure in their person, residence, and property from search and seizure. Fourth Amendment PTS: 1 REF: 2 3. The term refers to large corporate computing systems that might include disparate or formerly independent systems. enterprise network environment PTS: 1 REF: 4 4. When you work in the group, you test and verify the integrity of standalone workstations and network servers. vulnerability assessment and risk management PTS: 1 REF: 5 5. The provides a record of clues to crimes that have been committed previously. police blotter PTS: 1 REF: 13 MATCHING Match each item with a statement below: a. Computer forensics f. HTCIA b. Network forensics g. Affidavit c. Litigation h. Industrial espionage d. Xtree Gold i. Line of authority e. Case law

1. the legal process of proving guilt or innocence in court 2. recognizes file types and retrieves lost or deleted files 3. investigates data that can be retrieved from a computer s hard disk or other storage media 4. sworn statement of support of facts about or evidence of a crime that is submitted to a judge to request a search warrant before seizing evidence 5. allows legal counsel to use previous cases similar to the current one because the laws don t yet exist 6. specifies who has the legal right to initiate an investigation, who can take possession of evidence, and who can have access to evidence 7. organization that exchanges information about techniques related to computer investigations and security 8. yields information about how a perpetrator or an attacker gained access to a network 9. involves selling sensitive or confidential company information to a competitor 1. C PTS: 1 REF: 5 2. D PTS: 1 REF: 6 3. A PTS: 1 REF: 3 4. G PTS: 1 REF: 14 5. E PTS: 1 REF: 8 6. I PTS: 1 REF: 16 7. F PTS: 1 REF: 9 8. B PTS: 1 REF: 3 9. H PTS: 1 REF: 15 SHORT ANSWER 1. Briefly describe the triad that makes up computer security. Investigators often work as a team to make computers and networks secure in an organization. The computer investigations function is one of three in a triad that makes up computing security. In an enterprise network environment, the triad consists of the following parts: * Vulnerability assessment and risk management * Network intrusion detection and incident response * Computer investigations PTS: 1 REF: 4 2. Briefly describe the main characteristics of public investigations. Public investigations involve government agencies responsible for criminal investigations and prosecution. Government agencies range from local, county, and state or provincial police departments to federal regulatory enforcement agencies. These organizations must observe legal guidelines such as Article 8 in the Charter of Rights of Canada, the Criminal Procedures Act of the Republic of Namibia, and U.S. Fourth Amendment issues related to search and seizure rules. PTS: 1 REF: 10 11 3. Briefly describe the main characteristics of private investigations.

Private or corporate investigations deal with private companies, non-law-enforcement government agencies, and lawyers. These private organizations aren t governed directly by criminal law or Fourth Amendment issues, but by internal policies that define expected employee behavior and conduct in the workplace. Private corporate investigations also involve litigation disputes. Although private investigations are usually conducted in civil cases, a civil case can escalate into a criminal case, and a criminal case can be reduced to a civil case. If you follow good forensics procedures, the evidence found in your investigations can easily make the transition between civil and criminal cases. PTS: 1 REF: 11 4. What questions should an investigator ask to determine whether a computer crime was committed? In a criminal case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation. To determine whether there was a computer crime, an investigator asks questions such as the following: What was the tool used to commit the crime? Was it a simple trespass? Was it a theft, a burglary, or vandalism? Did the perpetrator infringe on someone else s rights by cyberstalking or e- mail harassment? PTS: 1 REF: 11 12 5. What are the three levels of law enforcement expertise established by CTIN? To differentiate the training and experience law officers have, CTIN has established three levels of law enforcement expertise: * Level 1 Acquiring and seizing digital evidence, normally performed by a street police officer. * Level 2 Managing high-tech investigations, teaching investigators what to ask for, and understanding computer terminology and what can and can t be retrieved from digital evidence. The assigned detectives usually handle the case. * Level 3 Specialist training in retrieving digital evidence, normally performed by a data recovery or computer forensics expert, network forensics expert, or Internet fraud investigator. This person might also be qualified to manage a case, depending on his or her background. PTS: 1 REF: 13 6. What are some of the most common types of corporate computer crime? Corporate computer crimes can involve e-mail harassment, falsification of data, gender and age discrimination, embezzlement, sabotage, and industrial espionage, which involves selling sensitive or confidential company information to a competitor. Anyone with access to a computer can commit these crimes. PTS: 1 REF: 15 7. What is embezzlement? Embezzlement is a common computer crime, particularly in small firms. Typically, the owner is busy and trusts one person, such as the office manager, to handle daily transactions. When the office manager leaves, the owner discovers that some clients were overbilled or others were not billed at all, and money is missing. Rebuilding the paper and electronic trail can be tedious. Collecting enough evidence to press charges might be beyond the owner s capabilities.

PTS: 1 REF: 15 8. Briefly describe corporate sabotage. Corporate sabotage is most often committed by a disgruntled employee. The employee decides to take a job at a competitor s firm and collects critical files on a disk or thumb drive before leaving. This type of crime can also lead to industrial espionage, which increases every year. PTS: 1 REF: 15 9. What text can be used in internal warning banners? Depending on the type of organization, the following text can be used in internal warning banners: * Access to this system and network is restricted. * Use of this system and network is for official business only. * Systems and networks are subject to monitoring at any time by the owner. * Using this system implies consent to monitoring by the owner. * Unauthorized or illegal users of this system or network will be subject to discipline or prosecution. PTS: 1 REF: 17 10. Mention examples of groups that should have direct authority to request computer investigations in the corporate environment. Examples of groups that should have direct authority to request computer investigations in the corporate environment include the following: * Corporate Security Investigations * Corporate Ethics Office * Corporate Equal Employment Opportunity Office * Internal Auditing * The general counsel or Legal Department PTS: 1 REF: 18

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback