Reference no: EM13761945
Part 1
Question 1
Which of the following hardware components has proven to be the most lucrative to steal?
A. Disk drives
B. Ethercards
C. Integrated chips
D. Motherboards
Question 2
Which type of site, used to download software illegally, is extremely popular on the Internet?
A. WareZ
B. Shareware
C. Hacker
D. Network
Question 3
Most of the early hackers were motivated by notoriety and infamy. How are contemporary hackers more likely to be motivated?
A. Revenge
B. Sexual gratification
C. Maliciousness
D. Profit
Question 4
What is the most overlooked danger to informational security at a company?
A. Suppliers or vendors to the IT department
B. Current and former employees
C. Company maintenance personnel
D. A competitor of the company
Question 5
What type of attack could be used to disable a large system without necessarily gaining access to it?
A. A denial of service attack
B. A virus attack
C. An attack on the company's electricity supply
D. An attack on the system through phone lines
Question 6
What program specifically empowered the novice user to create and deploy viruses and worms?
A. A Trojan Horse program
B. A Dropper program
C. A Back Door program
D. The VBS Worm Generator
Question 7
Theft and trafficking of proprietary information is committed mostly by:
A. government employees.
B. corporate employees.
C. hackers.
D. organized criminals.
Question 8
What activity continues to be the most obvious threat to national security and is becoming increasingly sophisticated?
A. Denial of service attacks
B. Hardware and software thefts
C. Interconnectivity of the nation's systems
D. Theft of information
Question 9
Traditional terrorist acts such as using bombs or hijacking airliners are quickly being replaced by:
A. sending anthrax through the U.S. Mail.
B. criminal theft and alteration of hardware components.
C. cyberterrorist acts.
D. recruiting hackers from the United States as spies.
Question 10
What is the easiest and most popular method for stealing passwords?
A. Using a password cracking program
B. Using social engineering techniques
C. Shoulder surfing
D. Looking for posted passwords near computers
Question 11
Traditional laws found in what federal code are the most applicable to computer criminal activity?
A. Title 12 of the United States Code
B. Title 15 of the United States Code
C. Title 14 of the United States Code
D. Title 18 of the United States Code
Question 12
Her employer has been accessing Jane's personal Yahoo e-mail account without her permission. For what criminal activity, covered in Title 18 of the United States Code, could Jane's employer be prosecuted?
A. Illegal wiretapping
B. Breaking and entering
C. Trespassing
D. Access device fraud
Question 13
What computer-specific statute has been the federal government's main weapon in fighting computer crime?
A. Child Pornography Protection Act of 1986
B. Federal Systems Protection Act of 1986
C. Computer Fraud and Abuse Act of 1986
D. Wire and Crime Control Act of 1986
Question 14
Which of the following offenses CANNOT be prosecuted under the Computer Fraud and Abuse Act?
A. Child pornography
B. Data contamination
C. Spreading viruses
D. Unauthorized access of e-mail accounts
Question 15
Among the many federally funded government initiatives created to address the emerging issues of cyber-technology, which of the following has been the least controversial and most successful?
A. Infragard
B. Innocent Images
C. The President's Group on Unlawful Conduct on the Internet
D. The National Infrastructure Protection Act
Question 16
Investigative bulletin boards have been created and used by law enforcement to gather information for prosecuting individuals who share code or load pirated software. One such bulletin board was known as the:
A. Cable Company.
B. Carnivore.
C. Underground Tunnel.
D. Omnivore.
Question 17
Packet-sniffing software is intended to:
A. be a mechanism for gathering evidence.
B. monitor illegal activity on the Internet.
C. be used to filter and sort intelligence.
D. be used to locate pirated software.
Question 18
The most controversial of all packet-sniffing programs is:
A. Coolminer.
B. Omnivore.
C. Carnivore.
D. Packeteer.
Question 19
What country specifically created a reactionary law due to the widely spread Love Bug Virus?
A. Thailand
B. Philippines
C. Australia
D. United Kingdom
Question 20
According to the Select Committee of Experts on Computer-Related Crime of the Council of Europe, all of the following are mandatory offenses which should be criminalized by participating countries EXCEPT:
A. unauthorized reproduction of a protected computer program.
B. computer sabotage and computer fraud.
C. unauthorized use of a protected computer program.
D. damage to computer data or computer programs.
Part 2
Question 1
The court decision that defined obscenity as being a work that "taken as a whole, lacks serious literary, artistic, political, or scientific value" is:
A. Roth v. United States.
B. FCC v. Pacifica Foundation.
C. Miller v. California.
D. Furman v. Georgia.
Question 2
Which of the following Supreme Court cases, affecting all subsequent obscenity rulings since, held that the state has a "compelling interest" in protecting the welfare of children?
A. Roth v. United States
B. FCC v. Pacifica Foundation
C. Miller v. California
D. Regina v. Hicklin
Question 3
Which of the following acts first attempted to protect families and children from online sexually explicit acts?
A. Telecommunications Reform Act of 1996
B. Child Pornography Prevention Act of 1982
C. Child Protection Act of 1984
D. Protection of Children Against Sexual Exploitation Act of 1977
Question 4
In an effort to tighten prohibitions at the Federal level against child pornography, what did Congress introduce that eliminated the obscenity requirement established in Miller v. California?
A. Telecommunications Reform Act of 1996
B. Child Pornography Prevention Act of 1982
C. Child Protection Act of 1984
D. Protection of Children Against Sexual Exploitation Act of 1977
Question 5
Without question, the single most important court decision regarding state prohibitions of child pornography is:
A. New York v. Ferber.
B. Miller v. California.
C. Stanley v. Georgia.
D. Osborne v. Ohio.
Question 6
The Supreme Court has said that states have more leeway in the regulation of pornographic depictions of children than in the regulation of obscenity because:
A. The Supreme Court has no jurisdiction over state lawmaking.
B. The use of children as subjects of pornographic materials is harmful to the mental health of the child.
C. No obscenity statute has ever been upheld by the Supreme Court.
D. Most state constitutions do not allow for freedom of expression.
Question 7
What replaced the "Protection of Children Against Sexual Exploitation of 1977" act?
A. The Omnibus Crime Control Bill
B. Title 18 of the United States Code
C. The three pronged test of Cahill v. Utah
D. The Child Protection Act of 1984
Question 8
Which of the following was enacted in anticipation of an explosion of explicit material emerging on the Internet and specifically targets the issue of virtual child pornography?
A. Telecommunications Reform Act of 1996
B. Child Pornography Prevention Act of 1996
C. Child Protection Act of 1984
D. Protection of Children Against Sexual Exploitation Act
Question 9
What court struck down most of the Child Pornography Prevention Act, saying that it was unconstitutional to the extent that it proscribed computer images that did not involve the use of real children in their production or dissemination?
A. The Eleventh Circuit Court of Appeals
B. The Sixth Circuit Court of Appeals
C. The Eighth Circuit Court of Appeals
D. The Ninth Circuit Court of Appeals
Question 10
What issue, of interest to computer crime prosecutors, has not yet been ruled upon by the United States Supreme Court?
A. Whether the First Amendment will be applicable to Internet communications
B. Legislation dealing with technologically generated computer images
C. The continuation of the exclusionary rule
D. Whether Congress can pass laws prohibiting child pornography
Question 11
The probable cause requirement of the Fourth Amendment:
A. Is based on a "reasonable person" standard.
B. Does not apply if you have a warrant.
C. Does not apply in computer crimes.
D. Applies only when police get a warrant.
Question 12
The Electronic Communications Privacy Act of 1986 gave individuals more protection than the Fourth Amendment because:
A. The Fourth Amendment does not apply to state police, it only applies to federal authorities.
B. Statutory law is more binding than case law.
C. It applies to all individuals, not just those acting on behalf of the government.
D. It makes the "equal protection" clause of the Fourteenth Amendment applicable to the states.
Question 13
One failing of the Electronic Communications Privacy Act of 1986 is that:
A. It was found to be "arbitrary and capricious" by the Ninth Circuit.
B. It only extends to communications which affect interstate or foreign commerce.
C. Jurisdictional issues render it impossible to enforce.
D. It expires by operation of law in 2006.
Question 14
Which act requires manufacturers of telecommunications equipment and service providers to develop systems which provide the capability for surveillance of telephone and cellular communications, advanced paging, satellite-based systems, and specialized mobile radio?
A. CALEA
B. ECPA
C. PPA
D. Harrison Communications Act of 1997
Question 15
Which of the following is TRUE concerning search warrants?
A. Contraband cannot be seized unless it is specifically mentioned in the warrant.
B. Federal law enforcement authorities are not required to get search warrants.
C. The warrant must describe with particularity the places to be searched and the items to be seized.
D. A search warrant can only be obtained from a federal judge.
Question 16
Lawrence decides to have a few friends over for a cookout. While he is outside flipping burgers on the grill, one of his guests goes inside Lawrence's house and starts looking through the files on his computer without Lawrence's permission. He finds pornographic pictures that Lawrence has made of some of the neighborhood kids. Although he is not affiliated with law enforcement in any way, the guest feels it is his civic duty to copy the files onto a disc and turn them over to the police. Lawrence is arrested. Lawrence tells his lawyer that his Fourth Amendment rights have been violated because the search and seizure was unreasonable. This argument is:
A. Not valid. Since computer evidence can be destroyed easily and quickly, exigent circumstances dictated that no warrant was necessary.
B. Valid because there was no probable cause for the guest to have searched the computer prior to his doing so. Any evidence found must be excluded.
C. Valid because a warrant was necessary to seize the files.
D. Not valid because no Fourth Amendment protection exists for searches conducted by someone acting independently absent direction from the government.
Question 17
Not all searches require a search warrant. For example, a consent search does not require a warrant if which of the following requirements is met?
A. The person giving the consent must have the proper authority over the area to be searched and is legally capable of granting such access.
B. It can be shown that a magistrate or judge was unavailable.
C. It can be shown that those conducting the search checked with the U.S. Attorney's office before proceeding.
D. The person giving the consent must be advised beforehand that any evidence seized can be used in a court of law against him and that he has the right to an attorney before the search takes place.
Question 18
The police obtain a search warrant to go to Harry's house and look for stolen computers. They serve the warrant and, once inside, begin their search. While on the scene, one of the officers sees a bag of marijuana in plain view on Harry's coffee table. He immediately knows it is marijuana, based on his 10 years of experience as a drug officer. The evidence is seized, and Harry is charged with possession of marijuana. Was the seizure of the marijuana valid under the Fourth Amendment?
A. Absolutely not. The Fourth Amendment requires that the object of the search be described with particularity. Since the police had no probable cause to search for drugs, and it wasn't mentioned in the warrant, they exceeded the bounds of the warrant, and the exclusionary rule will require that the evidence be thrown out.
B. Absolutely. The police were acting in a lawful manner by being in the house to serve a search warrant. Since they were legally on the scene, anything in plain view which is obviously evidence of any crime can be seized and will be admissible in Harry's trial.
C. Absolutely not. Unless the officer who seized it is a drug identification expert and tested the material, there is no way that the officer can know for certain that the item was in fact marijuana. The motion to suppress this evidence will be granted by the judge.
D. Absolutely. Marijuana is contraband, and it is illegal to possess it. As such, there are no Fourth Amendment protections. Regardless of whether the police were in an area where they were legally entitled to be or not, this evidence can be seized and will be admissible in court at Harry's trial.
Question 19
A computer crime investigator looks for suspected child molesters by going to a live chat room on the Internet. She does not identify herself as a police officer. In fact, she does not say anything at all but remains silent in the chat room. If she is able to obtain enough evidence to use against a molester to build a case against him, what will most courts likely say about her methods? (Assume for the purposes of this question that the court in question is not the Ninth Circuit Court of Appeals.)
A. Most courts will likely say that a wiretap was required prior to obtaining any evidence.
B. Most courts will likely say that the molester had a reasonable expectation of privacy since the officer did not say anything and the molester did not know she was there. Therefore, any evidence collected will be excluded.
C. Most courts will likely say that no warrant was required. Since the officer could read the offending words on her screen, they are considered to be in "plain view" and are thus exempt from the warrant requirement of the Fourth Amendment.
D. Most courts will likely say that there is no expectation of privacy in an Internet chat room since others are likely to visit there. Therefore, no warrant is necessary.
Question 20
Generally, it can be said that because the courts recognize the difficulty of detection and prosecution of cyberspace child pornography, they tend to:
A. Give child pornographers the harshest possible sentences.
B. Rule consistently from court to court.
C. Give child pornographers sentences far less than those provided for under law.
D. Fail to agree on the appropriateness of traditional investigative techniques.
Part 3
Question 1
Corporate computer-related investigations that do not employ computer forensic science may result in:
A. the unsuccessful prosecution of a case.
B. allegations of corruption among company officers.
C. the loss of business as well as reputation.
D. allegations of employee harassment.
Question 2
We've learned that encryption technology makes recovery of digital evidence increasingly complex. Which of the following would be virtually impossible for an investigator to crack?
A. An encryption program found within the Microsoft Word application
B. An encryption program that can store passwords up to 128 characters
C. A 256-bit encryption program that, among other options, includes the ability for the user to develop their own encryption algorithms
D. A 180-bit encryption program that can encrypt an entire drive
Question 3
Sam the investigator searches for digital evidence directly on the hard drive of a suspect computer. Which one of the cardinal rules of computer investigations has he violated?
A. Failing to have a fellow officer present as he works
B. Failing to document his activity
C. Failing to maintain a chain of custody
D. Failing to work from an image of the suspect hard drive
Question 4
Which area of the hard disk is not dependent on a power source for its continued maintenance and can be changed under certain operating conditions?
A. Semi-permanent storage
B. Volatile memory
C. Read-Only Memory (ROM)
D. Random Access Memory (RAM)
Question 5
On a DOS-based system, which of the following drives is loaded first?
A. Logical, or independent level drives
B. Physical, or machine level drives
C. Device drivers
D. Application drivers
Question 6
What area of a hard disk is extremely important for investigators to understand and search because it may contain remnants of older files or other evidence such as passwords?
A. The primary partition
B. The extended partition
C. The Master Boot Record
D. The file slack
Question 7
Once an investigator can articulate the fixed disk structure and identify the units of data, what part of the system contains the information needed to identify and locate where a file resides?
A. The File Allocation Tables (FAT)
B. The Master Partition Table
C. The Master Boot Record
D. The BIOS
Question 8
Every hard disk has a place where key information is stored about the disk. It also contains the program necessary to load the operating system. This information is stored in the:
A. Basic Input Output System (BIOS).
B. File Allocation Tables (FAT).
C. Windows Help File.
D. Master Boot Record (MBR).
Question 9
A user may corrupt the logical size of a drive to confuse investigators by:
A. reformatting the hard drive.
B. using a sabotage program.
C. hiding entire partitions of the disk.
D. renaming the drive letters.
Question 10
Where would a new employee in the computer forensics lab find the proper method to analyze seized digital evidence?
A. In the lab's Standard Operating Procedures
B. On the Internet
C. In the lab's computer library of reference material
D. In a forensics analysis software package
Question 11
Challenges to developing an effective computer forensics science unit include all of the following EXCEPT:
A. developing SOPs that provide valid and legally defensible results.
B. a lack of trained professionals.
C. finding storage for the materials that investigators need.
D. proving the need for such a unit.
Question 12
The allocation of a dedicated space for a lab is needed primarily to:
A. meet the Federal Rules of Evidence.
B. minimize risk of legal issues related to content of some types of digital evidence.
C. protect expensive hardware and other equipment.
D. store digital evidence.
Question 13
Because it enables investigators to bypass the operating system on a suspect hard drive, which of the following is one of the most important forensic software tools in an investigator's evidence kit?
A. Boot disks
B. Data preservation tools
C. Data analysis tools
D. Data duplication tools
Question 14
Which of the following programs enables an investigator to perfectly duplicate a suspect drive, countering many courtroom defense challenges to the examination of digital evidence?
A. Backup utility programs
B. File recovery programs
C. Imaging programs
D. Data recovery programs
Question 15
Which of the following should also be used as part of the data duplication process to further deflect possible defense challenges as well as ensure preservation of the original evidence?
A. Backup utility software
B. Write-blocking programs
C. DOS-based copy commands
D. Verification programs
Question 16
In addition to programs that are capable of restoring deleted and hidden files on a suspect computer, which of the following data recovery utilities is also a necessity for an effective forensics lab?
A. Encryption programs
B. Password cracking programs
C. Diskcopy programs
D. Stenography programs
Question 17
Of the five general categories of data analysis tools, which of the following is most commonly used by local agencies because it allows the investigator to quickly identify questionable graphics files?
A. Text searching tools
B. File viewers
C. File managers
D. Time/date verification tools
Question 18
Which of the following data analysis tools allows an investigator to not only locate files on a suspect system, but also to search them chronologically?
A. Viewers
B. Indexers
C. Time/data verifiers
D. File managers
Question 19
Following the disposition of a case, the forensics lab should permanently remove criminal contraband from the suspect machine by:
A. using the DOS command "erase" on the suspect drive.
B. utilizing a wiping software program.
C. reformatting the suspect hard drive.
D. manually deleting the suspect files on the suspect system.
Question 20
In addition to hardware and software manuals, every computer crime library should include manuals on operating systems. Which of the following operating system manuals is most essential because most computers operate on this platform?
A. Macintosh
B. Windows XP
C. DOS
D. Linux
Part 4
Question 1
According to your text, the Electronic Communications Privacy Act:
A. hinders law enforcement because it strengthens First Amendment protections.
B. aids law enforcement because it requires telephone companies and ISPs to provide technical assistance to law enforcement agencies conducting investigations.
C. hinders law enforcement because a U.S. Supreme Court decision has ruled that it provides greater Fourth Amendment protection to individuals, making search warrants more difficult to obtain.
D. aids law enforcement by granting an exception to federal law enforcement agencies with regard to the warrant requirement of the Fourth Amendment.
Question 2
The term "dumpster diving" means:
A. resting and staying warm in a dumpster.
B. skateboarding or motorcycling over dumpsters.
C. jumping into a dumpster from an elevated area.
D. the processing of trash.
Question 3
Warrant applications for computer search warrants should always include all of the following EXCEPT:
A. operating systems.
B. storage devices.
C. a request for a no-knock warrant.
D. hardware specifications.
Question 4
The three elements of probable cause that are required before a warrant can be issued include all of the following EXCEPT:
A. probable cause that a crime has been committed.
B. probable cause that the accused is guilty beyond a reasonable doubt.
C. probable cause that the evidence is in a particularly described location.
D. probable cause that evidence of a crime exists.
Question 5
Seizure of computer equipment that does not necessarily represent an instrument of the crime:
A. may be allowed under the Fourth Amendment if the seizure can be clearly substantiated by law enforcement.
B. may be allowed because the Fourth Amendment does not protect information stored in computers.
C. may not be allowed unless specifically named in the search warrant.
D. may not be allowed because courts have ruled such a seizure as unreasonable under the Fourth Amendment.
Question 6
If exigent circumstances dictate it, a request for a/an __________ warrant should be included in the application.
A. "no-knock"
B. probable cause
C. off-site
D. seizure
Question 7
Exigent circumstances would include all of the following EXCEPT:
A. the potential for evidence destruction.
B. the nature of the offense (violent v. non-violent).
C. the sophistication and maturity of the target.
D. an off-site search request.
Question 8
In a computer crime investigation, secondary warrants are:
A. impossible or difficult to obtain.
B. common.
C. very rarely necessary.
D. prohibited under the Fourth Amendment.
Question 9
In the five-paragraph military order SMEAC, the "M" stands for:
A. Mission.
B. Manual.
C. Manpower.
D. Mapping.
Question 10
In computer-related investigations, the seven general categories of players include all of the following EXCEPT:
A. case supervisor(s).
B. seizure team.
C. arrest team.
D. design team.
Question 11
When executing a search warrant at a scene where an arrest is possible:
A. taking armed, uniformed police officers is unnecessary because computer crime is mainly a white collar crime.
B. taking armed, uniformed police officers is unnecessary because computer criminals are never violent.
C. armed officers, experienced in arrest situations, should be a part of the team.
D. only the computer crime investigators should serve the warrant to avoid allegations of "excessive force."
Question 12
The responsibilities of the __________ team include diagramming and photographing the entire scene, including criminal evidence.
A. arrest
B. sketch and photo
C. physical search
D. scene security
Question 13
Although they are often perceived as non-dangerous, many computer criminals pose __________ traditional suspects.
A. the same risk as
B. a lower risk than
C. a much greater risk than
D. a slightly higher risk than
Question 14
__________ is used to mark the perimeter of the crime scene.
A. Packing tape
B. Evidence tape
C. Duct tape
D. Painters tape
Question 15
The traditional equipment in a toolkit includes note cards that are usually:
A. 4 x 6.
B. 6 x 9.
C. 2 x 3.
D. 3 x 5.
Question 16
Tape used to mark the perimeter of the crime scene not only prevents entry by individuals external to the investigation, but also:
A. induces caution among on-scene personnel.
B. is the only indicator of the crime scene location for on-scene personnel.
C. indicates the tasks that the on-scene personnel are to perform.
D. preserves fingerprints that are underneath the tape.
Question 17
Sanitary materials used to prevent evidence contamination and to protect investigators from unsanitary environments include all of the following EXCEPT:
A. rubber gloves.
B. bleach.
C. disposable wipes.
D. hair bow clips.
Question 18
To open computer boxes, manual tools are preferred because:
A. electric screwdrivers create too much dust.
B. in rare cases, electric screwdrivers emit enough magnetic fields to erase data.
C. electric hex wrenches are too difficult to use.
D. electric tools are too noisy and distracting.
Question 19
A computer crime investigator's toolkit:
A. should be the same as that used in any criminal investigation because the investigator is already familiar with it.
B. must be the same as that used in any criminal investigation so a criminal defense attorney cannot argue that the investigator used non-standard techniques.
C. needs to have additional computer-specific items, such as boot disks, password crackers, and anti-virus software.
D. is detrimental to the case; everything the investigator needs is already on the seized computer equipment.
Question 20
UPS, used to prevent possible destruction of computer data, stands for:
A. uniform patch source.
B. unified power source.
C. uninterruptible power supply.
D. uniform power supply.
Part 5
Question 1
The first step taken at the majority of crime scenes involves the:
A. execution of the search warrant.
B. securing of the crime scene.
C. request for additional assistance.
D. scene processing.
Question 2
Once a warrant has been served and your team is on the site of a computer-related crime scene:
A. the entire scene should be immediately secured.
B. turn off all computers immediately to avoid losing data.
C. all suspects of the crime should be kept in the same room, because they will be easier to contain and watch.
D. non-suspect employees should be allowed to stay at the scene so as not to disrupt their work.
Question 3
Methods of evidence canvassing include all of the following EXCEPT:
A. circular.
B. grid.
C. sector.
D. squaring.
Question 4
Work spaces littered with food and beverage debris, homemade systems, or an assortment of atypical computer devices may signal:
A. that a teenager owns the computer.
B. the presence of a hacker system.
C. knock, notice, and document.
D. scene processing.
Question 5
Phrack and Activist Times Incorporated are examples of:
A. comic books.
B. hacking literature.
C. political magazines.
D. union publications.
Question 6
Once the scene has been thoroughly secured and all necessary personnel have been employed, the next step in any criminal investigation involves:
A. cross-examination.
B. execution of the search warrant.
C. scene processing.
D. war dialers and software cracking programs.
Question 7
The single most important aspect of scene processing in all cases is:
A. the Miranda warnings.
B. intelligence gathering.
C. securing the crime scene.
D. proper documentation.
Question 8
When conducting your on-scene investigation, it is recommended that:
A. the entire process be videotaped and audiotaped.
B. no cameras be allowed on site to avoid giving criminal defense attorneys insight as to what happened at the scene.
C. the investigator record his impressions on a small tape recorder because this is better than making a report.
D. the process be videotaped only, with no audio.
Question 9
The golden rule for any computer crime investigation is to:
A. make sure you have all your facts before applying for a search warrant.
B. document, document, document.
C. make sure your investigators are trained specifically for investigating this type of crime.
D. protect evidence.
Question 10
Computer-specific things to photograph include all of the following EXCEPT:
A. entire system configuration.
B. desks and the area surrounding the computer.
C. printer status.
D. computer screen.
Question 11
Non-computer-specific things to photograph include all of the following EXCEPT:
A. front, back, and sides of the computer.
B. the entire scene.
C. bookshelves.
D. notes and paper products surrounding the computer.
Question 12
When you are investigating a computer-related crime scene:
A. a sketch of the crime scene is essential.
B. a sketch of the crime scene is not necessary because computer crime scenes are vastly different from most other crime scenes.
C. a sketch of the crime scene is optional.
D. a sketch of the crime scene is not necessary because photographs of the crime scene will be taken instead.
Question 13
When you make a crime scene sketch, you should:
A. make a rough sketch first because it cannot be subpoenaed.
B. make sure that everything is drawn to scale.
C. do the original sketch in pencil and don't worry about drawing it to scale.
D. have your original sketch drawn to scale by a licensed architect; otherwise it will not be admissible.
Question 14
Assuming that the scene has been physically and electronically secured and that there is no immediate threat to human life, investigators should gather __________ evidence prior to seizure of electronic evidence.
A. trace
B. critical
C. sophisticated
D. intellectual
Question 15
The most recognizable of all computer evidence, which includes hard drives, keyboard, monitors, and modems, is categorized as:
A. hard evidence.
B. intellectual property.
C. computer components.
D. magnetic tape storage.
Question 16
Class characteristics of printed material include all of the following EXCEPT:
A. laser.
B. ink jet.
C. dot matrix.
D. hard drives.
Question 17
A good rule of thumb in all computer investigations, especially during the warrant preparation, is to include __________ in the list of items to be searched and/or seized.
A. "computer evidence"
B. "hard drives"
C. "magnetic tape storage units"
D. "assorted media"
Question 18
To locate passwords on a seized computer, try all of the following EXCEPT:
A. looking on the monitor.
B. checking underneath the keyboard.
C. searching wallets or purses.
D. listening to voicemail messages.
Question 19
When you are searching for evidence at a computer-related crime scene:
A. you can skip peripherals such as scanners and printers.
B. don't overlook printers, which may contain information that can be retrieved.
C. your search warrant will only allow you to seize the computer itself.
D. you may seize and take everything in the room, regardless of what it is or to whom it belongs.
Question 20
When preserving evidence seized from a computer related crime scene:
A. remember that traditional methods are best, so adhere to them strictly.
B. try to keep computer evidence where it will receive heat or direct sunlight because this will inhibit deterioration.
C. chain of custody does not have to be proven because any damaging evidence is safe on the computer's hard drive.
D. don't put evidence in plastic bags, which may generate static electricity and ruin the evidence.
Part 6
Question 1
Every computer investigation is different, but one rule remains the same:
A. memorize, memorize, memorize!
B. document, document, document!
C. study, study, study!
D. analyze, analyze, analyze!
Question 2
As with traditional criminal investigations, any investigator or individual wishing access to evidence must:
A. promise to return it within a certain number of hours.
B. have a friend bring it back promptly.
C. sign the evidence out.
D. show identification.
Question 3
All media used in the analysis of computer evidence must be __________ for courtroom purposes.
A. forensically sterile
B. refurbished
C. forensically clustered
D. legally analyzed
Question 4
__________ for all forensic software that is expected to be employed in the analysis of suspect media should be verified prior to actual analysis.
A. Enhancement
B. Storage
C. Licenses
D. Write-blocking
Question 5
A computer crime investigator with another law enforcement agency has obtained some great "password cracker" software and has offered to send you a copy. With regard to the copy, you should:
A. accept it to help foster better cooperation between agencies.
B. accept it because one problem faced by investigators is lack of money to buy investigative tools and equipment.
C. not accept it because copying software is illegal.
D. accept it but be sure it is formatted for your equipment.
Question 6
All examinations and analysis should be conducted on the __________, ideally created on forensic machines.
A. original
B. BIOS password
C. storage enhancement program
D. image
Question 7
__________ prevents the destruction, contamination, or corruption of original media and can be accomplished with many of the popular imaging programs.
A. Licensing
B. Write-blocking
C. Peripherals
D. Short-circuiting the chip
Question 8
Jumping the CMOS involves the manipulation of hardware in which the password is cleared after the __________ has been reset.
A. clock
B. chip
C. jumper
D. operating system
Question 9
After pulling the CMOS battery, the battery should be disconnected for at least __________ hours or longer.
A. 24
B. 12
C. 4
D. 8
Question 10
By far, the most time-consuming and exasperating method of circumventing CMOS passwords involves the use of:
A. social engineering and brute force.
B. partition tables.
C. image verification.
D. compressed files.
Question 11
Steganographic messages have two parts: the container, which is the file that conceals data, and the __________, which is the actual data.
A. sound file
B. compressor
C. message
D. DOS
Question 12
__________ are identifiers located after the period which indicate the type of file included therein.
A. File manuals
B. File clusters
C. File applications
D. File extensions
Question 13
It is often surprising how individuals will use __________ password for a variety of files.
A. a different
B. the same
C. a short
D. a difficult
Question 14
To figure out a password, investigators may try developing a profile of the suspect or the suspect computer and manually attempt password cracking. This is called:
A. stealing.
B. social cracking.
C. social engineering.
D. encrypting.
Question 15
__________ allow investigators to view the front page of all documents.
A. File viewers
B. Front searchers
C. File extensions
D. Text searching utilities
Question 16
__________ enable investigators to search through innumerable documents for words or phrases consistent with their evidentiary expectations.
A. File viewers
B. Parameters
C. Text searching utilities
D. Social engineers
Question 17
With regard to DOS, you should:
A. forget about it since everything is now Windows-based.
B. realize that it is an old system no longer being taught.
C. know that it could damage your computer.
D. learn to use it since most computers use its operating system.
Question 18
DOS __________ will default to the drive in use unless otherwise specified.
A. modifications
B. photographs
C. commands
D. alphabets
Question 19
DOS internal commands are loaded into memory from the __________ file upon startup.
A. COMMAND.COM
B. START.COM
C. STARTUP.COM
D. DIRECTORY.COM
Question 20
DOS __________ commands must be stored on the disk in order to be executed.
A. external
B. integral
C. standardized
D. engineering
Part 7
Question 1
The advent of __________ has vastly changed the modus operandi of certain criminal elements and the very physical environment in which crime occurs.
A. education
B. technology
C. industrialism
D. religion
Question 2
Universal __________ of computer-related crime must be established.
A. definitions
B. creation
C. development
D. inventions
Question 3
Emerging legislation must be __________ enough to encompass advances in technology.
A. brand-specific
B. biased
C. generic
D. clever
Question 4
Most sectors of society fail to recognize the __________ nature of computer-related crime.
A. insidious
B. positive
C. adventurous
D. efficient
Question 5
The two empirical measures of crime are the FBI's Uniform Crime Report (UCR) and the:
A. National Criminals Docket (NCD).
B. American Crime Survey (ACS).
C. National Crime Survey (NCS).
D. National Criminal Statistics (NCS).
Question 6
Which of the following would NOT aid law enforcement in fighting computer crimes?
A. Make investigating computer crimes the sole responsibility of federal law enforcement since they have greater capabilities and resources.
B. Increase public awareness of the magnitude of this problem.
C. Foster better cooperation between law enforcement agencies.
D. Foster better international cooperation to minimize jurisdictional disputes.
Question 7
One of the problems in developing better international cooperation to fight computer-related crimes is the:
A. refusal of the United Nations to see this as a major problem.
B. failure of the World Court to implement strong laws against computer-related crimes.
C. lack of extradition and mutual assistance treaties.
D. inexperience of INTERPOL in investigating these crimes.
Question 8
A request from one country's judicial authority for assistance from another country is best met through the use of a/an:
A. extradition order.
B. Multi-Lingual Assistance Treaty.
C. Multi-Media Examination Agreement.
D. search warrant from INTERPOL.
Question 9
Due to the inexperience of legislative authorities and the inconsistency of judicial estimation, law-enforcement authorities must establish:
A. increasing globalization of the electronic marketplace.
B. cultural stereotypes.
C. a lack of extradition and mutual assistance treaties.
D. a standard of accreditation and/or expertise of forensic methodologies and examiners.
Question 10
A letter rogatory is:
A. an illegal chain letter.
B. a letter request for assistance from one country's judicial authority to that of another country.
C. a letter sent to the president of a country from the vice president of another country.
D. an invitation that includes an R.S.V.P.
Question 11
The positive benefits to law enforcement of establishing a visible presence on the Web includes all of the following EXCEPT:
A. providing a mechanism for community input.
B. allowing departments to publicize their mission statements.
C. allowing departments to publicize their mistakes.
D. providing a mechanism for communication in emergency situations, such as severe weather.
Question 12
The identification, investigation, and __________ of computer-related crime are accompanied by a myriad of unique problems.
A. publication
B. encryption
C. prosecution
D. defense
Question 13
The increasing convergence of audio, video, and __________ data will present new challenges for criminal investigators.
A. digital
B. visual
C. auditory
D. creative
Question 14
Fortunately for law enforcement, tapping into wireless communications has proven far easier than traditional telephone exchanges because:
A. the approval for warrants is easier in our current "get tough" atmosphere.
B. cell phone towers are geographically close together.
C. it is easier to identify a suspect's cellular provider than to predict which pay phone he or she will use.
D. routers make tapping into wireless communications relatively easy.
Question 15
One difficulty faced by police tracking down criminals using wireless communication is that:
A. the decreasing cost of cellular service has given rise to "disposable phones."
B. courts have generally given greater First Amendment protection to persons using cellular telephones.
C. search warrants are almost impossible to obtain because of the difficulty in describing the "place to be searched."
D. calls made from cellular phones cannot be traced.
Question 16
Fragmenting data and placing it on various servers is known as:
A. remote data.
B. non-particularized data.
C. data stripping.
D. obscure data.
Question 17
Software that captures every action undertaken by an individual user of a suspect machine is known as:
A. key logging software.
B. typer logging software.
C. shadowing software.
D. encryption software.
Question 18
Some authors suggest that individual users may utilize advances in technology to engage in __________ behavior which in the real world may be felonious.
A. bad
B. risky
C. pretend
D. virtual
Question 19
Some individuals argue that the use of __________ actors may be the wave of the future as the technology becomes more available and less expensive.
A. lower paid
B. non-union
C. synthetic
D. plastic
Question 20
While legislation must be created to establish acceptable parameters of computer activity, civil libertarians will continue to argue that virtual victimization is:
A. the wave of the future.
B. a legal impossibility.
C. a felony.
D. morally and legally wrong.