WGU C702 UPDATED ACTUAL Questions and CORRECT Answers
1. Computer Foren- A set of methodological procedures and techniques that help identify, gather,
sics preserve, extract, interpret, document, and present evidence from computers in
a way that is legally admissible
2. Cyber Crime Any illegal act involving a computing device, network, its systems, or its applica-
tions. Both internal and external
3. Enterprise Theo- Methodology for investigating criminal activity
ry of Investiga-
tion (ETI)
4. Types of Cyber Civil, Criminal, Administrative
Crime
5. Civil Cases Involve disputes between two parties. Brought for violation of contracts and
lawsuits where a guilty outcome generally results in monetary damages to the
plaintiff
6. Criminal Cases Brought by law enforcement agencies in response to a suspected violation of law
where a guilty outcome results in monetary damages, imprisonment, or both
7. Administrative An internal investigation by an organization to discover if its employ-
Cases ees/clients/partners are abiding by the rules or policies (Violation of company
policies). Non-criminal in nature and are related to misconduct or activities of an
employee
8. Rules of Forensic Safeguard the integrity of the evidence and render it acceptable in a court of law.
Investigation The forensic examiner must make duplicate copies of the original evidence. The
duplicate copies must be accurate replications of the originals, and the forensic
examiner must also authenticate the duplicate copies to avoid questions about
the integrity of the evidence. Must not continue with the investigation if the
examination is going to be beyond his or her knowledge level or skill level.
, WGU C702 UPDATED ACTUAL Questions and CORRECT Answers
9. Cyber Crime 1.Identify the computer crime 2.Collect preliminary evidence 3.Obtain court war-
Investigation rant dor discovery/seizure of evidence 4.Perform first responder procedures
Methodolo- 5.Seize evidence at the crime scene 6. Transport evidence to lab 7.Create two
gy/Steps bitstream copies of the evidence 8. Generate MD5 checksum of the images
9. Maintain chain of custody 10. Store original evidence in secure location 11.
Analyze the image copy for evidence 12. Prepare a forensic report 13. Submit a
report to client 14. Testify in course as an expert witness
10. Locard's Ex- Anyone of anything, entering a crime scene takes something of the scene with
change Principle them and leaves something of themselves behind when they leave.
11. Types of Digital Volatile Data
Data Non-volatile Data
12. Volatile Data Temporary information on a device that requires a constant power supply and is
deleted if the power supply is interrupted
13. Non-Volatile Secondary storage of data. Long-term, persistent data.
Data Permanent data stored on secondary storage devices, such as hard disks and
memory cards.
14. Characteristics of 1. Be Relevant
Digital Evidence 2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
6. Be convincing
7. Be admissible
15. Admissible evi- Evidence that can be legally and properly introduced in a civil or criminal trial.
dence Evidence is relevant to the case
16.
, WGU C702 UPDATED ACTUAL Questions and CORRECT Answers
Authentic Evi- Evidence that is in its original or genuine state.
dence Investigators must provide supporting documents regarding the authenticity,
accuracy, and integrity of the evidence
17. Complete Evi- Evidence must either prove or disprove the fact
dence
18. Reliable Evidence evidence that possesses a suflcient degree of likelihood that it is true and accu-
rate
Evidence must be proven dependable when the evidence was extracted
19. Believable Evi- Evidence must be presented in a clear manner and expert opinions must be
dence obtained where necessary
20. Rules of Evidence Rules governing the admissibility of evidence in trial courts.
21. Best Evidence states that secondary evidence, or a copy, is inadmissible in court when the
Rule original exists.
Duplicate evidence will suflce under the following conditions:
-Original evidence is destroyed due to fire or flood
-Original evidence is destroyed in the normal course of business
-Original evidence is in possession of a third party
22. Forensic Readi- An organization's ability to make optimal use of digital evidence in a limited period
ness and with minimal investigation costs.
23. Fourth Amend- Protects against unreasonable search and seizure. Government agents may not
ment search or seize areas or things in which a person has reasonable expectation of
privacy, without a search warrant.
24. Chain of Custody a written record of all people who have had possession of an item of evidence
25. Rule 101: Scope
1. Computer Foren- A set of methodological procedures and techniques that help identify, gather,
sics preserve, extract, interpret, document, and present evidence from computers in
a way that is legally admissible
2. Cyber Crime Any illegal act involving a computing device, network, its systems, or its applica-
tions. Both internal and external
3. Enterprise Theo- Methodology for investigating criminal activity
ry of Investiga-
tion (ETI)
4. Types of Cyber Civil, Criminal, Administrative
Crime
5. Civil Cases Involve disputes between two parties. Brought for violation of contracts and
lawsuits where a guilty outcome generally results in monetary damages to the
plaintiff
6. Criminal Cases Brought by law enforcement agencies in response to a suspected violation of law
where a guilty outcome results in monetary damages, imprisonment, or both
7. Administrative An internal investigation by an organization to discover if its employ-
Cases ees/clients/partners are abiding by the rules or policies (Violation of company
policies). Non-criminal in nature and are related to misconduct or activities of an
employee
8. Rules of Forensic Safeguard the integrity of the evidence and render it acceptable in a court of law.
Investigation The forensic examiner must make duplicate copies of the original evidence. The
duplicate copies must be accurate replications of the originals, and the forensic
examiner must also authenticate the duplicate copies to avoid questions about
the integrity of the evidence. Must not continue with the investigation if the
examination is going to be beyond his or her knowledge level or skill level.
, WGU C702 UPDATED ACTUAL Questions and CORRECT Answers
9. Cyber Crime 1.Identify the computer crime 2.Collect preliminary evidence 3.Obtain court war-
Investigation rant dor discovery/seizure of evidence 4.Perform first responder procedures
Methodolo- 5.Seize evidence at the crime scene 6. Transport evidence to lab 7.Create two
gy/Steps bitstream copies of the evidence 8. Generate MD5 checksum of the images
9. Maintain chain of custody 10. Store original evidence in secure location 11.
Analyze the image copy for evidence 12. Prepare a forensic report 13. Submit a
report to client 14. Testify in course as an expert witness
10. Locard's Ex- Anyone of anything, entering a crime scene takes something of the scene with
change Principle them and leaves something of themselves behind when they leave.
11. Types of Digital Volatile Data
Data Non-volatile Data
12. Volatile Data Temporary information on a device that requires a constant power supply and is
deleted if the power supply is interrupted
13. Non-Volatile Secondary storage of data. Long-term, persistent data.
Data Permanent data stored on secondary storage devices, such as hard disks and
memory cards.
14. Characteristics of 1. Be Relevant
Digital Evidence 2. Be probative
3. Be authentic
4. Be accurate
5. Be complete
6. Be convincing
7. Be admissible
15. Admissible evi- Evidence that can be legally and properly introduced in a civil or criminal trial.
dence Evidence is relevant to the case
16.
, WGU C702 UPDATED ACTUAL Questions and CORRECT Answers
Authentic Evi- Evidence that is in its original or genuine state.
dence Investigators must provide supporting documents regarding the authenticity,
accuracy, and integrity of the evidence
17. Complete Evi- Evidence must either prove or disprove the fact
dence
18. Reliable Evidence evidence that possesses a suflcient degree of likelihood that it is true and accu-
rate
Evidence must be proven dependable when the evidence was extracted
19. Believable Evi- Evidence must be presented in a clear manner and expert opinions must be
dence obtained where necessary
20. Rules of Evidence Rules governing the admissibility of evidence in trial courts.
21. Best Evidence states that secondary evidence, or a copy, is inadmissible in court when the
Rule original exists.
Duplicate evidence will suflce under the following conditions:
-Original evidence is destroyed due to fire or flood
-Original evidence is destroyed in the normal course of business
-Original evidence is in possession of a third party
22. Forensic Readi- An organization's ability to make optimal use of digital evidence in a limited period
ness and with minimal investigation costs.
23. Fourth Amend- Protects against unreasonable search and seizure. Government agents may not
ment search or seize areas or things in which a person has reasonable expectation of
privacy, without a search warrant.
24. Chain of Custody a written record of all people who have had possession of an item of evidence
25. Rule 101: Scope
