CERTIFICATION OBJECTIVES EXAM
#1 QUESTIONS AND ANSWERS
When confidential business data are included with the criminal evidence, what are
they referred to as? - ANSWER-Commingled data
What does Autopsy use to validate an image? - ANSWER-MD5
In addition to FAT16, FAT32, and Resilient File System, which file system can
Windows hard disks also use? - ANSWER-NTFS
Which is the most accurate statement about investigating and controlling computer
incident scenes in private-sector environments as compared to crime scenes? -
ANSWER-Investigating and controlling the scene is much easier in private sector
environments.
What investigator characteristic, which includes ethics, morals, and standards of
behavior, determines the investigator's credibility? - ANSWER-Professional conduct
What type of acquisition is typically done on a computer seized during a police raid?
- ANSWER-Static
What command displays pages from the online help manual for information on Linux
commands and their options? - ANSWER-man
What must be done, under oath, to verify that the information in the affidavit is true? -
ANSWER-It must be notarized.
The most common computer-related crime is check fraud. - ANSWER-True
What term refers to a person using a computer to perform routine tasks other than
systems administration? - ANSWER-End user
What is the most common and flexible data-acquisition method? - ANSWER-Disk-to-
image file copy
A forensics analysis of a 6-TB disk, for example, can take several days or weeks. -
ANSWER-True
Private-sector organizations include small to medium businesses, large corporations,
and non-government organizations (NGOs), which always get funding from the
government or other agencies. - ANSWER-False
What did Microsoft add to its newer operating systems that makes performing static
acquisitions more difficult? - ANSWER-Whole disk encryption
What type of acquisition is used for most remote acquisitions? - ANSWER-Live
, If the computer has an encrypted drive, a live acquisition is done if the password or
passphrase is not available. - ANSWER-False
During the Cold War, defense contractors were required to shield sensitive
computing systems and prevent electronic eavesdropping of any computer
emissions. What did the U.S. Department of Defense call this special computer-
emission shielding? - ANSWER-TEMPEST
By the 1970s, electronic crimes were increasing, especially in the financial sector. -
ANSWER-True
Which group often works as part of a team to secure an organization's computers
and networks? - ANSWER-Forensics investigators
The police blotter provides a record of clues to crimes that have been committed
previously. - ANSWER-True
What term refers to the individual who has the power to conduct digital forensic
investigations? - ANSWER-Authorized requester
The most common and time-consuming technique for preserving evidence is
creating a duplicate copy of your disk-to-image file. - ANSWER-True
Which RAID configuration, also called mirrored striping, is a combination of RAID 1
and RAID 0? - ANSWER-RAID 10
When seizing computer evidence in criminal investigations, which organization's
standards should be followed? - ANSWER-U.S. DOJ
What HTCN certification level requires candidates have three years of experience in
computing investigations for law enforcement or corporate cases? - ANSWER-
Certified Computer Forensic Technician, Basic
If you follow police instructions to gather additional evidence without a search
warrant after you have reported the crime, you run the risk of becoming an agent of
law enforcement. - ANSWER-True
ISPs can investigate computer abuse committed by their customers. - ANSWER-
False
The law of search and seizure protects the rights of all people, excluding people
suspected of crimes. - ANSWER-False
Maintaining credibility means you must form and sustain unbiased opinions of your
cases. - ANSWER-True
What do law enforcement investigators need in order to remove computers from a
crime scene and transport them to a lab? - ANSWER-A warrant
#1 QUESTIONS AND ANSWERS
When confidential business data are included with the criminal evidence, what are
they referred to as? - ANSWER-Commingled data
What does Autopsy use to validate an image? - ANSWER-MD5
In addition to FAT16, FAT32, and Resilient File System, which file system can
Windows hard disks also use? - ANSWER-NTFS
Which is the most accurate statement about investigating and controlling computer
incident scenes in private-sector environments as compared to crime scenes? -
ANSWER-Investigating and controlling the scene is much easier in private sector
environments.
What investigator characteristic, which includes ethics, morals, and standards of
behavior, determines the investigator's credibility? - ANSWER-Professional conduct
What type of acquisition is typically done on a computer seized during a police raid?
- ANSWER-Static
What command displays pages from the online help manual for information on Linux
commands and their options? - ANSWER-man
What must be done, under oath, to verify that the information in the affidavit is true? -
ANSWER-It must be notarized.
The most common computer-related crime is check fraud. - ANSWER-True
What term refers to a person using a computer to perform routine tasks other than
systems administration? - ANSWER-End user
What is the most common and flexible data-acquisition method? - ANSWER-Disk-to-
image file copy
A forensics analysis of a 6-TB disk, for example, can take several days or weeks. -
ANSWER-True
Private-sector organizations include small to medium businesses, large corporations,
and non-government organizations (NGOs), which always get funding from the
government or other agencies. - ANSWER-False
What did Microsoft add to its newer operating systems that makes performing static
acquisitions more difficult? - ANSWER-Whole disk encryption
What type of acquisition is used for most remote acquisitions? - ANSWER-Live
, If the computer has an encrypted drive, a live acquisition is done if the password or
passphrase is not available. - ANSWER-False
During the Cold War, defense contractors were required to shield sensitive
computing systems and prevent electronic eavesdropping of any computer
emissions. What did the U.S. Department of Defense call this special computer-
emission shielding? - ANSWER-TEMPEST
By the 1970s, electronic crimes were increasing, especially in the financial sector. -
ANSWER-True
Which group often works as part of a team to secure an organization's computers
and networks? - ANSWER-Forensics investigators
The police blotter provides a record of clues to crimes that have been committed
previously. - ANSWER-True
What term refers to the individual who has the power to conduct digital forensic
investigations? - ANSWER-Authorized requester
The most common and time-consuming technique for preserving evidence is
creating a duplicate copy of your disk-to-image file. - ANSWER-True
Which RAID configuration, also called mirrored striping, is a combination of RAID 1
and RAID 0? - ANSWER-RAID 10
When seizing computer evidence in criminal investigations, which organization's
standards should be followed? - ANSWER-U.S. DOJ
What HTCN certification level requires candidates have three years of experience in
computing investigations for law enforcement or corporate cases? - ANSWER-
Certified Computer Forensic Technician, Basic
If you follow police instructions to gather additional evidence without a search
warrant after you have reported the crime, you run the risk of becoming an agent of
law enforcement. - ANSWER-True
ISPs can investigate computer abuse committed by their customers. - ANSWER-
False
The law of search and seizure protects the rights of all people, excluding people
suspected of crimes. - ANSWER-False
Maintaining credibility means you must form and sustain unbiased opinions of your
cases. - ANSWER-True
What do law enforcement investigators need in order to remove computers from a
crime scene and transport them to a lab? - ANSWER-A warrant
