C
on
From Digital Chapter 1
Archaeology, by Review
fid
Michael Graves Questions
en
1. In Eoghan Casey’s model of an investigation there are multiple steps. Which of these is not one of those steps?
a. Examination
tia
*b. Interrogation
c. Identification/Assessment
d. Preservation
l
e. Reporting
2. The process of documentation begins in the Identification/Assessment phase.
*a. True
b. False
3. Which of the following would not likely be a stakeholder in a civil lawsuit against a major automobile manufacturer?
a. Government regulatory agencies
b. The United Autoworkers Union
c. The judge assigned to the case
d. Owners of that company’s products
*e. All of these would be interested parties.
4. Collecting exculpatory evidence is exclusively the responsibility of the defense counsel.
a. True
*b. False
5. How many steps are there in Eoghan Casey’s Investigation Model?
Correct Answer(s):
a. 6
b. six
c. six.
d. 6.
6. Bob Smith is suspected of using his company’s Internet facilities as a conduit for sending large quantities of SPAM to
millions of users. You are called in to examine his computer to see if there is evidence to support this claim. This is initially
a form of what type of investigation?
a. Civil
*b. Internal
c. Criminal
d. This is not something you would do.
7. You suspect that there are a number of deleted files that can still be salvaged in the unallocated space of a drive
image. During which phase of the investigation would you use a data carving utility?
*a. Examination
b. Acquisition
c. Identification/Assessment
d. Analysis
e. Reporting
8. During which phase of an investigation do you make your first entries into a chain of custody log?
a. Examination
*b. Acquisition
c. Identification/Assessment
VERIFIEDBRAINBOOSTER
, C
on
d. Analysis
e. Reporting
fid
9. Criminal cases have more stringent evidence-gathering requirements because ________________.
en
a. Only civil cases fall under constitutional guidelines.
b. Criminal cases are generally handled by Federal judges.
*c. The Constitution protects the rights of citizens being tried in criminal proceedings.
tia
d. Civil cases do not involve jail time or possible capital punishment.
e. They don’t. Civil cases have the most stringent requirements.
l
10. A person has been sued by her neighbor for building a fence on the wrong side of the property line. She tries to act as
her own defense attorney and is battered in court. She can appeal the case on Constitutional grounds, since she was
never advised of her right to be represented by counsel.
???What does this one have to do with the book? Could this be reworded as a computer related case? -Michael
a. True
*b. False
11. When qualifying an incident as a computer crime, which of the following characteristics would not be considered a
valid description?
a. The data in the computer are the objects of the act.
b. The computer is the instrument or the tool of the act.
*c. The computer is one of the objects stolen during a burglary.
d. The computer is the target of an act.
12. What is the purpose of having a model for investigations? How does it help the investigator or the student learning to
be an investigator?
Correct Answer:
A model acts as a blueprint for how an investigation should be structured. It allows students to break an investigation
down into basic steps, making it easier to learn the process. It allows the seasoned professional to make sure that nothing
is missed in the course of the project.
13. Why is it necessary to calculate hash values on the primary image made from a suspect’s hard drive? How many
hash calculations do you make?
Correct Answer:
You calculate the hash value for the original volume and compare it to the value you get from the copy. They must match.
If not, you need to figure out why it doesn’t and document the reason. How many do you make? That’s kind of a trick
question. Ideally, you will make two calculations for each copy. If you have both MDA5 and a SHA-256 calculations for
each copy, and each version matches, it will be very difficult for the opposition to challenge the validity of your copies.
14. Collecting the legal authorizations to begin an investigation are part of the ___________ stage of the model.
*a. Identification/Assessment
b. Analysis
c. Collection/Acquisition
d. Reporting
15. You work for a private organization that contracts out forensic investigations. In the process of examining a suspect’s
hard drive in the course of an internal investigation, you come across numerous files that are quite obviously child
pornography. You turn them over to the local law enforcement, which obtains a warrant and seizes the computer. Which
document applies to this situation?
*a. FRCP
b. FRE
c. PMBOX
d. None. You were acting privately.
16. What is the first thing that you should do upon acquiring a new tool for your forensic department?
VERIFIEDBRAINBOOSTER
, C
on
Correct Answer:
fid
Test it.
en
17. How many steps are there in Kruse-Heiser Investigation Model?
Correct Answer(s):
a. 4
tia
b. four
c. 4.
d. four.
l
18. You are among the first onto a scene in which multiple computers are being seized. As a part of the festivities, you
make take a number of digital photographs and a video recording tape of the scene. What primary collection of
documentation hosts these images and videos?
a. The Case Timeline
b. Procedural Documentation
c. Chain of Custody
*d. General Case Documentation
e. Process Documentation
19. The FRCP is a set of rules that is relevant to which type of investigation?
a. Internal
*b. Criminal
c. Civil
d. It affects all of them equally.
20. You are about to seize an external hard disk drive that you found in the vicinity of a crime scene. You record the
make, model, and serial number of the drive before you pack it up for shipping. Of which set of documents does the
record become a part?
???The first two answers below were identical. I deleted one of them. -Michael
a. The Case Timeline
b. The Case Timeline
*cb. Chain of Custody
*dc. General Case Documentation
ed. Process Documentation
VERIFIEDBRAINBOOSTER
, C
on
From Digital Chapter 2
Archaeology, by Review
fid
Michael Graves Questions
en
1. Which Constitutional amendment directly addresses the government’s right to search a person’s property?
tia
a. The First Amendment
l
*b. The Fourth Amendment
c. The Fifth Amendment
d. Searches were not specifically defined in the Constitution.
2. Which Constitutional amendment directly addresses a citizen’s right to privacy?
a. The First Amendment
b. The Fourth Amendment
c. The Fifth Amendment
*d. Searches were not specifically defined in the Constitution.
3. If a person is forced, against their will, by a government official to reveal a password, that person may be able to claim that
their Constitutional rights, as defined by ________________________, have been violated.
a. The First Amendment
b. The Fourth Amendment
*c. The Fifth Amendment
d. Searches were not specifically defined in the Constitution.
4. The practice used by the British government to orders searches that was so widely despised by our forefathers was called
__________________.
*a. Writ of Assistance
b. General Warrant
c. Forfeiture of Domain
d. Access Demand
5. Two phrases in the Fourth Amendment that place limitations on the government’s ability to acquire a search warrant are
(select 2)…:
a. The Right of the People
b. Redress of Grievance
*c. Probable Cause
VERIFIEDBRAINBOOSTER
on
From Digital Chapter 1
Archaeology, by Review
fid
Michael Graves Questions
en
1. In Eoghan Casey’s model of an investigation there are multiple steps. Which of these is not one of those steps?
a. Examination
tia
*b. Interrogation
c. Identification/Assessment
d. Preservation
l
e. Reporting
2. The process of documentation begins in the Identification/Assessment phase.
*a. True
b. False
3. Which of the following would not likely be a stakeholder in a civil lawsuit against a major automobile manufacturer?
a. Government regulatory agencies
b. The United Autoworkers Union
c. The judge assigned to the case
d. Owners of that company’s products
*e. All of these would be interested parties.
4. Collecting exculpatory evidence is exclusively the responsibility of the defense counsel.
a. True
*b. False
5. How many steps are there in Eoghan Casey’s Investigation Model?
Correct Answer(s):
a. 6
b. six
c. six.
d. 6.
6. Bob Smith is suspected of using his company’s Internet facilities as a conduit for sending large quantities of SPAM to
millions of users. You are called in to examine his computer to see if there is evidence to support this claim. This is initially
a form of what type of investigation?
a. Civil
*b. Internal
c. Criminal
d. This is not something you would do.
7. You suspect that there are a number of deleted files that can still be salvaged in the unallocated space of a drive
image. During which phase of the investigation would you use a data carving utility?
*a. Examination
b. Acquisition
c. Identification/Assessment
d. Analysis
e. Reporting
8. During which phase of an investigation do you make your first entries into a chain of custody log?
a. Examination
*b. Acquisition
c. Identification/Assessment
VERIFIEDBRAINBOOSTER
, C
on
d. Analysis
e. Reporting
fid
9. Criminal cases have more stringent evidence-gathering requirements because ________________.
en
a. Only civil cases fall under constitutional guidelines.
b. Criminal cases are generally handled by Federal judges.
*c. The Constitution protects the rights of citizens being tried in criminal proceedings.
tia
d. Civil cases do not involve jail time or possible capital punishment.
e. They don’t. Civil cases have the most stringent requirements.
l
10. A person has been sued by her neighbor for building a fence on the wrong side of the property line. She tries to act as
her own defense attorney and is battered in court. She can appeal the case on Constitutional grounds, since she was
never advised of her right to be represented by counsel.
???What does this one have to do with the book? Could this be reworded as a computer related case? -Michael
a. True
*b. False
11. When qualifying an incident as a computer crime, which of the following characteristics would not be considered a
valid description?
a. The data in the computer are the objects of the act.
b. The computer is the instrument or the tool of the act.
*c. The computer is one of the objects stolen during a burglary.
d. The computer is the target of an act.
12. What is the purpose of having a model for investigations? How does it help the investigator or the student learning to
be an investigator?
Correct Answer:
A model acts as a blueprint for how an investigation should be structured. It allows students to break an investigation
down into basic steps, making it easier to learn the process. It allows the seasoned professional to make sure that nothing
is missed in the course of the project.
13. Why is it necessary to calculate hash values on the primary image made from a suspect’s hard drive? How many
hash calculations do you make?
Correct Answer:
You calculate the hash value for the original volume and compare it to the value you get from the copy. They must match.
If not, you need to figure out why it doesn’t and document the reason. How many do you make? That’s kind of a trick
question. Ideally, you will make two calculations for each copy. If you have both MDA5 and a SHA-256 calculations for
each copy, and each version matches, it will be very difficult for the opposition to challenge the validity of your copies.
14. Collecting the legal authorizations to begin an investigation are part of the ___________ stage of the model.
*a. Identification/Assessment
b. Analysis
c. Collection/Acquisition
d. Reporting
15. You work for a private organization that contracts out forensic investigations. In the process of examining a suspect’s
hard drive in the course of an internal investigation, you come across numerous files that are quite obviously child
pornography. You turn them over to the local law enforcement, which obtains a warrant and seizes the computer. Which
document applies to this situation?
*a. FRCP
b. FRE
c. PMBOX
d. None. You were acting privately.
16. What is the first thing that you should do upon acquiring a new tool for your forensic department?
VERIFIEDBRAINBOOSTER
, C
on
Correct Answer:
fid
Test it.
en
17. How many steps are there in Kruse-Heiser Investigation Model?
Correct Answer(s):
a. 4
tia
b. four
c. 4.
d. four.
l
18. You are among the first onto a scene in which multiple computers are being seized. As a part of the festivities, you
make take a number of digital photographs and a video recording tape of the scene. What primary collection of
documentation hosts these images and videos?
a. The Case Timeline
b. Procedural Documentation
c. Chain of Custody
*d. General Case Documentation
e. Process Documentation
19. The FRCP is a set of rules that is relevant to which type of investigation?
a. Internal
*b. Criminal
c. Civil
d. It affects all of them equally.
20. You are about to seize an external hard disk drive that you found in the vicinity of a crime scene. You record the
make, model, and serial number of the drive before you pack it up for shipping. Of which set of documents does the
record become a part?
???The first two answers below were identical. I deleted one of them. -Michael
a. The Case Timeline
b. The Case Timeline
*cb. Chain of Custody
*dc. General Case Documentation
ed. Process Documentation
VERIFIEDBRAINBOOSTER
, C
on
From Digital Chapter 2
Archaeology, by Review
fid
Michael Graves Questions
en
1. Which Constitutional amendment directly addresses the government’s right to search a person’s property?
tia
a. The First Amendment
l
*b. The Fourth Amendment
c. The Fifth Amendment
d. Searches were not specifically defined in the Constitution.
2. Which Constitutional amendment directly addresses a citizen’s right to privacy?
a. The First Amendment
b. The Fourth Amendment
c. The Fifth Amendment
*d. Searches were not specifically defined in the Constitution.
3. If a person is forced, against their will, by a government official to reveal a password, that person may be able to claim that
their Constitutional rights, as defined by ________________________, have been violated.
a. The First Amendment
b. The Fourth Amendment
*c. The Fifth Amendment
d. Searches were not specifically defined in the Constitution.
4. The practice used by the British government to orders searches that was so widely despised by our forefathers was called
__________________.
*a. Writ of Assistance
b. General Warrant
c. Forfeiture of Domain
d. Access Demand
5. Two phrases in the Fourth Amendment that place limitations on the government’s ability to acquire a search warrant are
(select 2)…:
a. The Right of the People
b. Redress of Grievance
*c. Probable Cause
VERIFIEDBRAINBOOSTER
