CJUS 542 Test 1
CJUS 542 Test 1 Liberty University
CJUS 542 Quiz 1 Data Acquisition & Processing Crime
Covers the Textbook material from Module 1: Week 1 – Module 2: Week 2.
- Which term refers to an accusation or supposition of fact that a crime has been committed and is made by the complainant, based on the incident?
- What is most often the focus of digital investigations in the private sector?
- When an investigator seeks a search warrant, which of the following must be included in an affidavit to support the allegation of a crime?
- Maintaining credibility means you must form and sustain unbiased opinions of your cases.
- What is the role of an authorized requester?
- In addition to FAT16, FAT32, and Resilient File System, which file system can Windows hard disks also use?
- What HTCN certification level requires candidates have three years of experience in computing investigations for law enforcement or corporate cases?
- What is the maximum amount of time computing components are designed to last in normal business operations?
- Requirements for taking the EnCE certification exam depend on taking the Guidance Software EnCase training courses.
- Illustrate a proper way of disposing materials on your computer investigation lab.
- If your time is limited, what type of acquisition data copy method should you consider?
- Which RAID configuration offers the greatest access speed and most robust data recovery capability?
- In addition to RAID 0, what type of RAID configuration is available for Windows XP, 2000, and NT servers and workstations?
- Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized.
- Explain the sparse data copy method for acquiring digital evidence.
- At a minimum, what do most company policies require that employers have in order to initiate an investigation?
- What type of files might lose essential network activity records if power is terminated without a proper shutdown?
- What do law enforcement investigators need in order to remove computers from a crime scene and transport them to a lab?
- Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.
- Why should companies publish a policy stating their right to inspect computing assets at will?
Set 1
- What is the plain view doctrine?
- What reports are generated at the local, state, and federal levels to show the types and frequency of crimes committed?
- Which RAID configuration offers the greatest access speed and most robust data recovery capability?
- If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available.
- What does Autopsy use to validate an image?
- Briefly describe the main characteristics of public-sector investigations.
- When seizing computer evidence in criminal investigations, which organization’s standards should be followed?
- Give some guidelines on how to video record a computer incident or crime scene.
- The Fourth Amendment to the U.S. Constitution (and each state’s constitution) protects everyone’s rights to be secure in their person, residence, and property from search and seizure.
- Computer investigations and forensics fall into the same category: public investigations.
- By what percentage can lossless compression reduce image file size?
- Which activity involves determining how much risk is acceptable for any process or operation?
- Which Pacific Northwest agency meets to discuss problems that digital forensics examiners encounter?
- What did Microsoft add to its newer operating systems that makes performing static acquisitions more difficult?
- Describe how to use a journal when processing a major incident or crime scene.
- What is the role of an authorized requester?
- Provide a brief explanation of how to plan a lab budget.
- What command works similarly to the dd command but has many features designed for computer forensics acquisitions?
- Chapter 5, Section 3, of the NISPOM describes the characteristics of a safe storage container.
- What type of acquisition is typically done on a computer seized during a police raid?
Set 2
- Which Pacific Northwest agency meets to discuss problems that digital forensics examiners encounter?
- Briefly describe the main characteristics of private-sector investigations.
- What is the maximum amount of time computing components are designed to last in normal business operations?
- What type of plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you’re analyzing?
- During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. What did the U.S. Department of Defense call this special computer-emission shielding?
- A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks.
- How frequently should floors and carpets in the computer forensic lab be cleaned to help minimize dust that can cause static electricity?
- What organization was created by police officers in order to formalize credentials for digital investigators?
- What peripheral devices should be stocked in your computer forensics lab?
- Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized.
- Under what circumstances are digital records considered admissible?
- By what percentage can lossless compression reduce image file size?
- In addition to environmental issues, what issues are the investigator’s primary concerns when working at the scene to gather information about an incident or a crime?
- Which type of kit should include all the tools the investigator can afford to take to the field?
- The definition of digital forensics has evolved over the years from simply involving securing and analyzing digital information stored on a computer for use as evidence in civil, criminal, or administrative cases.
- Which agency introduced training on software for forensics investigations by the early 1990s?
- What is the most common and flexible data-acquisition method?
- At what location does the forensics investigator conduct investigations, store evidence, and do most of his or her work?
- When an investigator finds a mix of information, judges often issue a limiting phrase to the warrant, which allows the police to present all evidence together.
- To be a successful computer forensics investigator, you must be familiar with more than one computing platform.