Final CTC 328 UPDATED ACTUAL Exam
Questions and CORRECT Answers
The is responsible for analyzing data and determining when another specialist should be called in
to assist with analysis.
a. Digital Evidence Specialist
b. Digital Evidence Analyst
c Digital Evidence Examiner
d. Digital Evidence First Responder - CORRECT ANSWER - Digital Evidence Specialist
What tool, currently maintained by tha IRS Criminal Investigation Division and limited to use by
law enforcement, can analyze and read special files that are copies ot a disk?
a. ILook
b. Photorec
c. DeepScan
d. AccessData Forensic Toolkit - CORRECT ANSWER - ILook
Which option below is not a standard systems analysis step?
a. Mitigate or minimize the risks.
b Obtain and copy an evidence drive
c Share evidence with experts outside of the investigation.
d. Determine a preliminary design or approach to the case. - CORRECT ANSWER - Share
evidence with experts outside of the investigation.
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and forensic copies of the evidence, is also known as a(n)
Answers:
,a. evidence tracking form
b. evidence custody form
c single-evidence form
d. multi-evidence form - CORRECT ANSWER - evidence custody form
All suspected industrial espionage cases should be treated as civil case investigations. True or
False - CORRECT ANSWER - false
must be Included in an affidavit to support an allegation in order to justify a warrant Answers:
a. Exhibits
b. Witnesses
c. Verdicts
d. Subpoenas - CORRECT ANSWER - exhibits
Within a computing investigation, the ability to perform a series of steps again and again to
produce the same results IS known as
a. verifiable reporting
b repeatable findings
c. reloadable steps
d evidence repofiing - CORRECT ANSWER - repeatable findings
Which amendment to the U.S. Constitution protects everyone's right to be secure in their person,
residence, and property from search and seizure?
a Fifth Amendment
b Second Amendment
C First Amendment
d Fourth Amendment - CORRECT ANSWER - Fourth Amendment
,Most digital investigations in the private sector involve misuse of computing assets
True
False - CORRECT ANSWER - true
The sale of sensitive or confidential company information to a competitor is known as
a industrial betrayal
b industrial espionage
c industrial sabotage
d industrial collusion - CORRECT ANSWER - industrial espionage
Which option below is not a standard systems analysis step?
a. Mitigate or minimize the risks
b. Obtain and copy an evidence drive.
c Determine a preliminary design or approach to the case.
d Share evidence with experts outside of the investigation. - CORRECT ANSWER - Share
evidence with experts outside of the investigation.
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and torensic copies ot the evidence, is also known as a(n)
a evidence tracking form
b evidence custody form
c emulti-evidence torm
d.single-evidence torm - CORRECT ANSWER - evidence custody form
, The is not one of the three stages of a typical criminal case
a. complaint
b. prosecution
c investigation
d civil suit - CORRECT ANSWER - civil suit
is not recommended for a digital forensics workstation. Answers:
a A write-blocker device
b Remote access software
C A text editor tool
d An SCSI card - CORRECT ANSWER - Remote access software
According to the national institute of standards and technology (NIST), digital forensics involves
scientifically examimng and analyzing data trom computer storage media so that it can be used
as evidence in court_ tit - CORRECT ANSWER - false
All suspected industrial espionage cases should be treated as civil case investigations.
t/f - CORRECT ANSWER - false
User groups for a specific type of system can be very useful in a forensics investigation.
t/f - CORRECT ANSWER - true
It you turn evidence over to law enforcement and begin working under their direction, you have
become an agent of law enforcement, and are subject to the same restrictions on search and
seizure as a law enforcement agent
t/f - CORRECT ANSWER - true
Questions and CORRECT Answers
The is responsible for analyzing data and determining when another specialist should be called in
to assist with analysis.
a. Digital Evidence Specialist
b. Digital Evidence Analyst
c Digital Evidence Examiner
d. Digital Evidence First Responder - CORRECT ANSWER - Digital Evidence Specialist
What tool, currently maintained by tha IRS Criminal Investigation Division and limited to use by
law enforcement, can analyze and read special files that are copies ot a disk?
a. ILook
b. Photorec
c. DeepScan
d. AccessData Forensic Toolkit - CORRECT ANSWER - ILook
Which option below is not a standard systems analysis step?
a. Mitigate or minimize the risks.
b Obtain and copy an evidence drive
c Share evidence with experts outside of the investigation.
d. Determine a preliminary design or approach to the case. - CORRECT ANSWER - Share
evidence with experts outside of the investigation.
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and forensic copies of the evidence, is also known as a(n)
Answers:
,a. evidence tracking form
b. evidence custody form
c single-evidence form
d. multi-evidence form - CORRECT ANSWER - evidence custody form
All suspected industrial espionage cases should be treated as civil case investigations. True or
False - CORRECT ANSWER - false
must be Included in an affidavit to support an allegation in order to justify a warrant Answers:
a. Exhibits
b. Witnesses
c. Verdicts
d. Subpoenas - CORRECT ANSWER - exhibits
Within a computing investigation, the ability to perform a series of steps again and again to
produce the same results IS known as
a. verifiable reporting
b repeatable findings
c. reloadable steps
d evidence repofiing - CORRECT ANSWER - repeatable findings
Which amendment to the U.S. Constitution protects everyone's right to be secure in their person,
residence, and property from search and seizure?
a Fifth Amendment
b Second Amendment
C First Amendment
d Fourth Amendment - CORRECT ANSWER - Fourth Amendment
,Most digital investigations in the private sector involve misuse of computing assets
True
False - CORRECT ANSWER - true
The sale of sensitive or confidential company information to a competitor is known as
a industrial betrayal
b industrial espionage
c industrial sabotage
d industrial collusion - CORRECT ANSWER - industrial espionage
Which option below is not a standard systems analysis step?
a. Mitigate or minimize the risks
b. Obtain and copy an evidence drive.
c Determine a preliminary design or approach to the case.
d Share evidence with experts outside of the investigation. - CORRECT ANSWER - Share
evidence with experts outside of the investigation.
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and torensic copies ot the evidence, is also known as a(n)
a evidence tracking form
b evidence custody form
c emulti-evidence torm
d.single-evidence torm - CORRECT ANSWER - evidence custody form
, The is not one of the three stages of a typical criminal case
a. complaint
b. prosecution
c investigation
d civil suit - CORRECT ANSWER - civil suit
is not recommended for a digital forensics workstation. Answers:
a A write-blocker device
b Remote access software
C A text editor tool
d An SCSI card - CORRECT ANSWER - Remote access software
According to the national institute of standards and technology (NIST), digital forensics involves
scientifically examimng and analyzing data trom computer storage media so that it can be used
as evidence in court_ tit - CORRECT ANSWER - false
All suspected industrial espionage cases should be treated as civil case investigations.
t/f - CORRECT ANSWER - false
User groups for a specific type of system can be very useful in a forensics investigation.
t/f - CORRECT ANSWER - true
It you turn evidence over to law enforcement and begin working under their direction, you have
become an agent of law enforcement, and are subject to the same restrictions on search and
seizure as a law enforcement agent
t/f - CORRECT ANSWER - true
