Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
1. Mahmood is examining a device for digital evidence. There are two types of evidence he is looking for.
Which type of evidence will prove that his client is not guilty?
a. Inculpatory evidence
b. Exculpatory evidence
c. Miaculpatory evidence
d. Discretionary evidence
ANSWER: b
RATIONALE: Mahmood is looking for exculpatory evidence which is evidence that tends to show
that a defendant is not guilty of the crime they have been charged with. This type of
evidence can help to exonerate or clear the defendant of the charges. Exculpatory
evidence can include physical evidence, witness statements, or other types of
evidence that support the defendant's innocence.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.1 - Describe the field of digital forensics
TOPICS: An Overview of Digital Forensics
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
2. What are the main differences between public-sector investigations and private-sector investigations?
a. Private-sector investigations involve government agencies responsible for criminal investigations and
prosecution. Public-sector investigations focus more on policy violations.
b. Private-sector investigations can become criminal investigations and public-sector investigations can
become civil investigation depending upon the circumstances.
c. Public-sector investigations involve government agencies responsible for criminal investigations and
prosecution. Private-sector investigations focus more on policy violations.
d. The private sector can ignore criminal investigations, and the public sector can ignore civil
investigations.
ANSWER: b, c
RATIONALE: In general, the main difference between public-sector and private sector
investigations is that the public-sector investigations involve government agencies
responsible for criminal investigations and prosecution. Government agencies range
from municipal, county, and state or provincial police departments to federal law
enforcement agencies. These organizations must observe legal guidelines of their
jurisdictions. Private-sector investigations focus more on policy violations. However,
criminal acts, such as corporate espionage, can also occur. So, although private-sector
investigations often start as civil cases, they can develop into criminal cases;
likewise, a criminal case can have implications leading to a civil case.
POINTS: 1
QUESTION TYPE: Multiple Response
Page 1
,Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
3. When conducting a computer investigation for potential criminal violations of the law, the legal processes
you follow depend on local customs, legislative standards, and rules of evidence. In general, however, a
criminal case follows three stages. What are those three stages?
a. Complaint, the investigation, and the prosecution
b. Complaint, discovery, and the trial
c. Complaint, service of process, and motions
d. Complaint, answer, discovery, and trial
ANSWER: a
RATIONALE: If it has been determined that a crime has been committed, it is sent to the prosecutor
to prosecute the case. Hence, there is a complaint, an investigation, and then the
prosecution.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
4. You're the head of the executive management committee and as part of your corporate governance duties you
must implement a policy to define and limit who has authorization to request a computer investigation and
forensics analysis (authorized requestor). Which group or groups should have the authority to request a
computer investigation?
a. The human resources department
b. The corporate ethics office
c. The general counsel or legal department
d. The accounting department
ANSWER: b, c
RATIONALE: The reason the corporate ethics office and general counsel's office should only be
involved in authorizing investigations is that other groups within the organization
might create false allegations of misconduct to prevent competing departments from
delivering a proposal for the same source of funds.
Page 2
,Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Apply
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
5. Allen works for a small newspaper. There is no corporate security investigations group, no written or verbal
acceptable use policy, and the publisher (owner) owns the rights to all the computer hardware and software.
One day, the publisher calls him into the office and asks him to help them with an email problem. Upon fixing
the problem Allen discovers that there are illicit photos (no one was underage) on the publisher's laptop. The
publisher later asks Allen to sanitize the laptop because the publisher wants to give it to their grandson. Allen
must go through the laptop to find all the photos. What can Allen do to stop this work behavior?
a. Report the publisher to Human Resources
b. File a hostile work environment claim
c. Sanitize the laptop and do nothing else
d. Refuse to do the job
ANSWER: b
RATIONALE: In this situation, no laws are broken. There is no written or verbal acceptable use
policy so there is no legal recourse for the publisher's actions other than Allen filing a
claim citing a hostile work environment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Apply
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
6. As head of Zenon's corporate IT department, Naya is tasked with analyzing the corporate mobile device
policy. She needs to decide which is better, company owned mobile devices or BYOD? As a member of the
corporate security team, Naya asks you for advice on which you think will be more appropriate. When you
examine all options, which environment do you think works best for Zenon?
a. With company owned devices, it falls on the employee to keep them updated.
b. With company owned devices, all apps, files, and email can be secured.
c. With BYOD employees own the devices so companies are not liable if anything happens to the
device.
Page 3
, Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
d. With BYOD, the employee buys the device, and the company can lock it down (mobile device
management).
ANSWER: b, d
RATIONALE: The issues relating to BYOD versus company owned devices have been argued
amongst corporate IT managers for years. On the one hand, having a BYOD policy
frees companies from having to purchase smart phones for employees and saves them
money. But on the other hand, having a corporate owned device means a more
secure environment. It is a matter of corporate policy that determines what the smart
phone policy is.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Analyze/Create/Evaluate
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
7. Thanks to the dark web, anybody can access computer programs that will help users exfiltrate (remove) data
from any type of computer or network. Because of this activity, white-collar crime and industrial espionage are
on the rise. How does white-collar-crime compare to industrial espionage?
a. White-collar crime refers to financial crimes committed in a business or professional setting, while
espionage refers to the unauthorized sharing of confidential information to a competitor or foreign
entity.
b. Espionage refers to financial crimes committed in a business or professional setting, while white
collar crime refers to the unauthorized sharing of confidential information to a competitor or foreign
entity.
c. White-collar crime is the same as espionage and are both punishable offenses.
d. White-collar crime and espionage are victimless crimes.
ANSWER: a
RATIONALE: The cost of white-collar crime and espionage to companies can vary greatly and is
difficult to quantify with precision. However, the fiscal impact can be substantial and
goes far beyond financial losses. However, in general white-collar crime refers to
financial crimes committed in a business or professional setting, while espionage
refers to the unauthorized sharing of confidential information to a competitor or
foreign entity.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
Page 4
Mod 01: Understanding the Digital Forensics Profession and Investigations
1. Mahmood is examining a device for digital evidence. There are two types of evidence he is looking for.
Which type of evidence will prove that his client is not guilty?
a. Inculpatory evidence
b. Exculpatory evidence
c. Miaculpatory evidence
d. Discretionary evidence
ANSWER: b
RATIONALE: Mahmood is looking for exculpatory evidence which is evidence that tends to show
that a defendant is not guilty of the crime they have been charged with. This type of
evidence can help to exonerate or clear the defendant of the charges. Exculpatory
evidence can include physical evidence, witness statements, or other types of
evidence that support the defendant's innocence.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.1 - Describe the field of digital forensics
TOPICS: An Overview of Digital Forensics
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
2. What are the main differences between public-sector investigations and private-sector investigations?
a. Private-sector investigations involve government agencies responsible for criminal investigations and
prosecution. Public-sector investigations focus more on policy violations.
b. Private-sector investigations can become criminal investigations and public-sector investigations can
become civil investigation depending upon the circumstances.
c. Public-sector investigations involve government agencies responsible for criminal investigations and
prosecution. Private-sector investigations focus more on policy violations.
d. The private sector can ignore criminal investigations, and the public sector can ignore civil
investigations.
ANSWER: b, c
RATIONALE: In general, the main difference between public-sector and private sector
investigations is that the public-sector investigations involve government agencies
responsible for criminal investigations and prosecution. Government agencies range
from municipal, county, and state or provincial police departments to federal law
enforcement agencies. These organizations must observe legal guidelines of their
jurisdictions. Private-sector investigations focus more on policy violations. However,
criminal acts, such as corporate espionage, can also occur. So, although private-sector
investigations often start as civil cases, they can develop into criminal cases;
likewise, a criminal case can have implications leading to a civil case.
POINTS: 1
QUESTION TYPE: Multiple Response
Page 1
,Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
3. When conducting a computer investigation for potential criminal violations of the law, the legal processes
you follow depend on local customs, legislative standards, and rules of evidence. In general, however, a
criminal case follows three stages. What are those three stages?
a. Complaint, the investigation, and the prosecution
b. Complaint, discovery, and the trial
c. Complaint, service of process, and motions
d. Complaint, answer, discovery, and trial
ANSWER: a
RATIONALE: If it has been determined that a crime has been committed, it is sent to the prosecutor
to prosecute the case. Hence, there is a complaint, an investigation, and then the
prosecution.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Remember/Understand
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
4. You're the head of the executive management committee and as part of your corporate governance duties you
must implement a policy to define and limit who has authorization to request a computer investigation and
forensics analysis (authorized requestor). Which group or groups should have the authority to request a
computer investigation?
a. The human resources department
b. The corporate ethics office
c. The general counsel or legal department
d. The accounting department
ANSWER: b, c
RATIONALE: The reason the corporate ethics office and general counsel's office should only be
involved in authorizing investigations is that other groups within the organization
might create false allegations of misconduct to prevent competing departments from
delivering a proposal for the same source of funds.
Page 2
,Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Apply
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
5. Allen works for a small newspaper. There is no corporate security investigations group, no written or verbal
acceptable use policy, and the publisher (owner) owns the rights to all the computer hardware and software.
One day, the publisher calls him into the office and asks him to help them with an email problem. Upon fixing
the problem Allen discovers that there are illicit photos (no one was underage) on the publisher's laptop. The
publisher later asks Allen to sanitize the laptop because the publisher wants to give it to their grandson. Allen
must go through the laptop to find all the photos. What can Allen do to stop this work behavior?
a. Report the publisher to Human Resources
b. File a hostile work environment claim
c. Sanitize the laptop and do nothing else
d. Refuse to do the job
ANSWER: b
RATIONALE: In this situation, no laws are broken. There is no written or verbal acceptable use
policy so there is no legal recourse for the publisher's actions other than Allen filing a
claim citing a hostile work environment.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Apply
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
6. As head of Zenon's corporate IT department, Naya is tasked with analyzing the corporate mobile device
policy. She needs to decide which is better, company owned mobile devices or BYOD? As a member of the
corporate security team, Naya asks you for advice on which you think will be more appropriate. When you
examine all options, which environment do you think works best for Zenon?
a. With company owned devices, it falls on the employee to keep them updated.
b. With company owned devices, all apps, files, and email can be secured.
c. With BYOD employees own the devices so companies are not liable if anything happens to the
device.
Page 3
, Name: Class: Date:
Mod 01: Understanding the Digital Forensics Profession and Investigations
d. With BYOD, the employee buys the device, and the company can lock it down (mobile device
management).
ANSWER: b, d
RATIONALE: The issues relating to BYOD versus company owned devices have been argued
amongst corporate IT managers for years. On the one hand, having a BYOD policy
frees companies from having to purchase smart phones for employees and saves them
money. But on the other hand, having a corporate owned device means a more
secure environment. It is a matter of corporate policy that determines what the smart
phone policy is.
POINTS: 1
QUESTION TYPE: Multiple Response
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
KEYWORDS: Bloom's: Analyze/Create/Evaluate
DATE CREATED: 4/18/2024 2:41 PM
DATE MODIFIED: 4/18/2024 2:41 PM
7. Thanks to the dark web, anybody can access computer programs that will help users exfiltrate (remove) data
from any type of computer or network. Because of this activity, white-collar crime and industrial espionage are
on the rise. How does white-collar-crime compare to industrial espionage?
a. White-collar crime refers to financial crimes committed in a business or professional setting, while
espionage refers to the unauthorized sharing of confidential information to a competitor or foreign
entity.
b. Espionage refers to financial crimes committed in a business or professional setting, while white
collar crime refers to the unauthorized sharing of confidential information to a competitor or foreign
entity.
c. White-collar crime is the same as espionage and are both punishable offenses.
d. White-collar crime and espionage are victimless crimes.
ANSWER: a
RATIONALE: The cost of white-collar crime and espionage to companies can vary greatly and is
difficult to quantify with precision. However, the fiscal impact can be substantial and
goes far beyond financial losses. However, in general white-collar crime refers to
financial crimes committed in a business or professional setting, while espionage
refers to the unauthorized sharing of confidential information to a competitor or
foreign entity.
POINTS: 1
QUESTION TYPE: Multiple Choice
HAS VARIABLES: False
LEARNING OBJECTIVES: Ceng.GuideForens.25.1.2 - Explain how to prepare for computer investigations and
summarize the difference between public-sector and private-sector investigations
TOPICS: Preparing for Digital Investigations
Page 4
