CTC328 Midterm Review Exam 2025
Questions and Answers
Digital forensics and data recovery refer to the same activities. True or False? - ANS False
Police in the United States must use procedures that adhere to which of the following?
a. Third Amendment
b. Fourth Amendment
c. First Amendment
d. None of the above - ANS b. Fourth Amendment
The triad of computing security includes which of the following?
a. Detection, response, and monitroing
b. Vulnerability assessment, detection, monitoring
c. Vulnerability/threat assessment, intrusion detection and incident response, and digital
investigation
d. Vulnerability assessment, intrusion response, and monitoring - ANS Vulnerability/threat
assessment, intrusion detection and incident response, and digital investigation
What's the purpose of maintaining a network of digital forensics specialists? - ANS To
develop a list of colleagues who specialize in areas different from your own specialties in case
you need help on an investigation.
Policies can address rules for which of the following?
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
,a. When you can log on to a company network from home
b.The internet sites you can or can't access
c. The amount of personal e-mail you can send
d. Any of the above - ANS d. Any of the above
List two items that should appear on a warning banner. - ANS Statements that the
organization has the right to monitor what users do, that their e-mail is not personal, and so on
Under normal circumstances, a private-sector investigator is considered an agent of law
enforcement. True or False? - ANS False
List two types of digital investigations typically conducted in a business environment. -
ANS Fraud, embezzlement, insider trading, espionage, and e-mail harassment
What is professional conduct, and why is it important? - ANS Professional conduct includes
ethics, morals, and standards of behavior. It affects your credibility.
What's the purpose of an affidavit? - ANS To provide facts in support of evidence of a crime
to submit to a judge when requesting a search warrant
What are the necessary components of a search warrant? - ANS A search warrant must
specify who, what, when, and where—that is, specifics on place, time, items being searched for,
and so forth—and include any supporting materials (affidavits and exhibits, for example). In
addition, a search warrant must be signed by an impartial judicial officer. In many cases, a
search warrant can limit the scope of what can be seized.
What are some ways to determine the resources needed for an investigation? -
ANS Determine the OS of the suspect computer and list the software needed for the
examination.
Pg. 2 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
, List three items that should be on an evidence custody form. - ANS Answers include case
number, name of the investigator assigned to the case, nature of the case, location where
evidence was obtained, description of the evidence, and so on.
Why should you do a standard risk assessment to prepare for an investigation? - ANS To list
problems that might happen when conducting an investigation, which can help in planning your
case
You should always prove the allegations made by the person who hired you. True or False? -
ANS False
For digital evidence, an evidence bag is typically made of antistatic material. True or False? -
ANS True
Why should evidence media be write-protected? - ANS To make sure data isn't altered
List three items that should be in your case report. - ANS Answers can include an explanation
of basic computer and network processes, a narrative of what steps you took, a description of
your findings, and log files generated from your analysis tools.
Why should you critique your case after it's finished? - ANS To improve your work
What do you call a list of people who have had physical possession of the evidence? -
ANS Chain of custody
Data collected before an attorney issues a memo for an attorney-client privilege case is
protected under the confidential work product rule. True or False? - ANS False. All data
collected before an attorney issues notice of attorney-client privilege is subject to discovery by
opposing counsel.
Pg. 3 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
Questions and Answers
Digital forensics and data recovery refer to the same activities. True or False? - ANS False
Police in the United States must use procedures that adhere to which of the following?
a. Third Amendment
b. Fourth Amendment
c. First Amendment
d. None of the above - ANS b. Fourth Amendment
The triad of computing security includes which of the following?
a. Detection, response, and monitroing
b. Vulnerability assessment, detection, monitoring
c. Vulnerability/threat assessment, intrusion detection and incident response, and digital
investigation
d. Vulnerability assessment, intrusion response, and monitoring - ANS Vulnerability/threat
assessment, intrusion detection and incident response, and digital investigation
What's the purpose of maintaining a network of digital forensics specialists? - ANS To
develop a list of colleagues who specialize in areas different from your own specialties in case
you need help on an investigation.
Policies can address rules for which of the following?
Pg. 1 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
,a. When you can log on to a company network from home
b.The internet sites you can or can't access
c. The amount of personal e-mail you can send
d. Any of the above - ANS d. Any of the above
List two items that should appear on a warning banner. - ANS Statements that the
organization has the right to monitor what users do, that their e-mail is not personal, and so on
Under normal circumstances, a private-sector investigator is considered an agent of law
enforcement. True or False? - ANS False
List two types of digital investigations typically conducted in a business environment. -
ANS Fraud, embezzlement, insider trading, espionage, and e-mail harassment
What is professional conduct, and why is it important? - ANS Professional conduct includes
ethics, morals, and standards of behavior. It affects your credibility.
What's the purpose of an affidavit? - ANS To provide facts in support of evidence of a crime
to submit to a judge when requesting a search warrant
What are the necessary components of a search warrant? - ANS A search warrant must
specify who, what, when, and where—that is, specifics on place, time, items being searched for,
and so forth—and include any supporting materials (affidavits and exhibits, for example). In
addition, a search warrant must be signed by an impartial judicial officer. In many cases, a
search warrant can limit the scope of what can be seized.
What are some ways to determine the resources needed for an investigation? -
ANS Determine the OS of the suspect computer and list the software needed for the
examination.
Pg. 2 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
, List three items that should be on an evidence custody form. - ANS Answers include case
number, name of the investigator assigned to the case, nature of the case, location where
evidence was obtained, description of the evidence, and so on.
Why should you do a standard risk assessment to prepare for an investigation? - ANS To list
problems that might happen when conducting an investigation, which can help in planning your
case
You should always prove the allegations made by the person who hired you. True or False? -
ANS False
For digital evidence, an evidence bag is typically made of antistatic material. True or False? -
ANS True
Why should evidence media be write-protected? - ANS To make sure data isn't altered
List three items that should be in your case report. - ANS Answers can include an explanation
of basic computer and network processes, a narrative of what steps you took, a description of
your findings, and log files generated from your analysis tools.
Why should you critique your case after it's finished? - ANS To improve your work
What do you call a list of people who have had physical possession of the evidence? -
ANS Chain of custody
Data collected before an attorney issues a memo for an attorney-client privilege case is
protected under the confidential work product rule. True or False? - ANS False. All data
collected before an attorney issues notice of attorney-client privilege is subject to discovery by
opposing counsel.
Pg. 3 Copyright © 2025 Jasonmcconell. ALL RIGHTS RESERVED.
