Chapter 4 Flashcards
Corporate investigations are typically easier than law enforcement investigations for which of the following reasons?
a. Most companies keep inventory databases of all hardware and software used.
n the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a corporate investigator can conduct covert surveillance on an employee with little cause.
T
If you discover a criminal act, such as murder or child pornography, while investigating a corporate policy abuse, the case becomes a criminal investigation and should be referred to law enforcement.
T
As a corporate investigator, you can become an agent of law enforcement when which of the following happens? (Choose all that apply.)
a. You begin to take orders from a police detective without a warrant or subpoena.
b. Your internal investigation has concluded, and you have filed a criminal complaint and turned over the evidence to law enforcement.
c. Your internal investigation begins.
A, B
The plain view doctrine in computer searches is well-established law.
F
If a suspect computer is located in an area that might have toxic chemicals, you must do which of the following? (Choose all that apply.)
a. Coordinate with the HAZMAT team.
b. Determine a way to obtain the suspect computer
c. Assume the suspect computer is contaminated.
d. Do not enter alone
a, c
What are the three rules for a forensic hash?
It can’t be predicted, no two files can have the same hash value, and if the file changes, the hash value changes.
In forensic hashes, a collision occurs when ________.
two files have the same hash value
List three items that should be in an initial-response field kit.
Small computer toolkit, large-capacity drive, IDE ribbon cables, forensic boot media, laptop IDE 40-to-44 pin adapter, laptop or portable computer, FireWire or USB dual write-protect external bay, flashlight, digital camera or 35mm camera
When you arrive at the scene, why should you extract only those items that you need to acquire evidence?
To minimize how much you have to keep track of at the scene.
Computer peripherals or attachments can contain DNA evidence. True or False?
T
If a suspect computer is running Windows 2000, which of the following can you perform safely?
Browsing open applications.
Describe what should be videotaped or sketched at a computer crime scene.
Computers, cable connections, overview of scene—anything that might be of interest to the investigation.
Which of the following techniques might be used in covert surveillance?
Keylogging, data sniffing.
Commingling evidence means what in a corporate setting?
Sensitive corporate information being mixed with data collected as evidence.
Two hashing algorithms commonly used for forensic purposes are_____.
MD5 and SHA-1
Small companies rarely need investigators. True or False?
F
If a company doesn’t distribute a computing use policy stating an employer’s rights to inspect employee’s computers freely, including e-mail and web use, employees have an expectation of privacy. True or False?
T
You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?
Initial-response field kit.
You should always answer questions from onlookers at the crime scene? True or False?
F
Automated Fingerprint Identification System (AFIS)
A computerized system for identifying fingerprints that’s connected to a central database; used to identify criminal suspects and review thousands of fingerprint samples at high speed.
A computerized system for identifying fingerprints that’s connected to a central database; used to identify criminal suspects and review thousands of fingerprint samples at high speed.
Automated Fingerprint Identification System (AFIS)
computer-generated records
Digital files generated by a computer
Digital files generated by a computer
computer-generated records
