download instant at www.easysemester.com
CHAPTER 2: COMPUTER FORENSICS AND
DIGITAL DETECTIVE WORK
1.
In 2005, the estimated number of e-mail users in the United States was
A. 105 million
B. 105 billion
C. 1.5 million
D. 1.5 billion
Answer: A
2.
Reference: Introduction
Difficulty: Easy
What type of program is available to delete and overwrite data on a computer?
A. File-overwriting software
B. File-deleting software
C. File-wiping software
D. All of the above
Answer: C
3.
Reference: E-Evidence Trails
Difficulty: Easy
In what manner were e-commerce employees caught making online purchases using clients’ credit card
numbers?
A. Copies of credit card numbers were found in their desks.
B. Copies of transactions were found at their homes.
C. Saved files were stored in a hidden directory.
D. Credit card numbers, along with the name and address of person who placed order, were found in
a hidden HTML coded file.
Answer: D
4.
Reference: Knowing What to Look For
Difficulty: Moderate
Robert Hanssen stored documents he was stealing from the FBI and selling to the Russians on a(n)
A. MP3 player
B. Palm III PDA
C. Laptop computer
D. Cell phone
Answer: B
Reference: Answering the 5 W's
download instant at www.easysemester.com
Difficulty: Easy
download instant at www.easysemester.com
5.
In order to be legally defensible, methods used in the recovery of data must ensure that
A. The original evidence was not altered.
B. No data was added to the original.
C. No data was deleted from the original.
D. All of the above
Answer: D
6.
Reference: Caution: Preserving Evidence
Difficulty: Moderate
Which of the following is NOT considered one of the five stages of a computer investigation?
A. Intelligence
B. Hypothesis
C. Conviction
D. Conclusion
Answer: C
7.
Reference: Computer Forensics Science
Difficulty: Moderate
The chain of custody must include which of the following items?
A. Where the evidence was stored
B. The size of the containers used to store the evidence
C. How heavy the evidence was when acquired
D. The relevance of the evidence
Answer: A
8.
Reference: Admissibility of Evidence
Difficulty: Easy
In the case in which a hacker named Maxim broke into CD Universe credit card files, the FBI and company
employees accessed original files to determine how the intrusion had occurred. What was the impact on the
case of working with original files?
A. There was no impact on the case, because a correct chain of custody form was produced.
B. The case was nullified, because the last-access dates on the original files were changed.
C. There was no impact on the case, because the original files were copied correctly.
D. The case was nullified, because the FBI did not have permission to open the original files.
Answer: B
Reference: IP: CD Universe Prosecution Failure
download instant at www.easysemester.com
Difficulty: Difficult
download instant at www.easysemester.com
9.
What unique piece of evidence finally gave police the break they’d needed in order to solve the BTK serial
murderer case?
A. A phone number located within a computer
B. A USB drive with his deleted address
C. A floppy disk with his deleted address
D. A floppy disk with a deleted address of a church
Answer: D
10.
Reference: Digital Signature Left by Serial Killer
Difficulty: Moderate
Which of the following is NOT considered one of the items e-evidence is currently being used for?
A. To prove intent
B. To imply motive
C. To provide alibis
D. All listed are currently being used
Answer: C
11.
Reference: Digital Profiling of Crime Suspects
Difficulty: Difficult
Which of the following is NOT considered an objective in ensuring probative information is recovered?
A. To protect the computer system during the actual investigation
B. To search for any and all malware that may have infected the system
C. To recover deleted, existing, hidden, and password protected files
D. To determine if steganography was used
Answer: B
12.
Reference: Computer Forensics and the E-Evidence Collection Process Difficulty: Difficult
Evidence may be suppressed if which of the following occurs?
A. If the officer exceeds the limited right or scope
B. If the police do not have a warrant
C. If the officer takes more than is on the warrant
D. All of the above
Answer: D
Reference: Probable Cause and Search Warrants
download instant at www.easysemester.com
Difficulty: Difficult
download instant at www.easysemester.com
13.
Evidence collected in violation of which amendment will cause the evidence to be excluded?
A. The Fourth Amendment
B. The First Amendment
C. The Ninth Amendment
D. The Tenth Amendment
Answer: A
14.
Reference: Proper Procedure and Limitations Built into the Law
Difficulty: Easy
Hackers go after valuable content such as
A. Expensive applications
B. Links to terrorist Web sites
C. Pricing data
D. Malware scripts
Answer: C
15.
Reference: Computer Is the Crime Target
Difficulty: Moderate
Which of the following traditional crimes are easier because of widespread computer access?
A. Breaking and entering
B. Money laundering
C. Armed robbery
D. Assault
Answer: B
Reference: Computer Is Incidental to Traditional Crimes
Difficulty: Moderate
Fill in the Blank:
16.
The emphasis on computer forensics as a(n) ________ is important because it recognizes the field as a
discipline with set principles.
Answer: science
17.
Difficulty: Moderate
The ________ is documentation that the evidence was handled and preserved properly.
Answer: chain of custody
18.
Reference: Computer Forensics Science
Reference: Admissibility of Evidence
Difficulty: Moderate
________ is a term generally used to indicate a message is hidden within another file.
Answer: Steganography
Reference: Computer Forensics and the
E-Evidence Collection Process
download instant at www.easysemester.com
Difficulty: Easy
download instant at www.easysemester.com
19.
________ is created when a file is created if it does not take up an entire sector.
Answer: File slack
20.
Reference: Unallocated Space and File Slack
Criminal trials are often preceded by a(n) ________ at which the admissibility of evidence is determined.
Answer: suppression hearing
21.
Reference: Probable Cause and Search Warrants
Reference: Proper Procedure and
Limitations Built into the Law
Reference: Finding the Motive: The “Why” of the Crime
Difficulty: Moderate
Reference: Computer Is Incidental to Traditional Crimes
Difficulty: Moderate
Reference: New Crimes Generated by
the Prevalence of Computers
Difficulty: Moderate
Care, control, and chain of custody are called the ________ of evidence.
Answer: three C’s
28.
Reference: Computer Is the Crime Instrument
According to a 2003 survey, ________ and China had the highest piracy rates.
Answer: Vietnam
27.
Difficulty: Moderate
One of the more popular theories is that a person could actually commit ________ by changing a patient's
medication data.
Answer: murder
26.
Difficulty: Moderate
________ is the blending of accounting, auditing, and investigative skills.
Answer: Forensic accounting
25.
Difficulty: Moderate
Criminals whose purpose is ________ need to brag about their exploits because they are motivated by a
desire for fame or notoriety.
Answer: trophy hunting
24.
Difficulty: Difficult
The ________ states that evidence collected in violation of the Fourth Amendment cannot be used in a trial.
Answer: exclusionary rule
23.
Reference: Withstanding Challenges to Evidence
A(n) ________ is a reasonable belief that a person has committed a crime.
Answer: probable cause
22.
Difficulty: Moderate
Reference: Forensic Rules and Evidence Issues
Difficulty: Easy
If evidence items are released to auditors or authorities, the ________ should be recorded.
Answer: release dates
Reference: Chain of Custody Procedures
download instant at www.easysemester.com
Difficulty: Moderate
download instant at www.easysemester.com
Matching:
29.
Match the criminal with the e-evidence associated with his or her crime.
I. John Allen Mohammad
A. Evidence of child pornography on computer
II Lisa Montgomery
B. GPS data from car and cell phone
III. Scott Peterson
C. Digital recordings on a device in car
IV. Alejandro Avila
D. E-mail communication between criminal and victim
Answer: C D B A
30.
Reference: Digital Signature Left by Serial Killer
Match the term with its definition.
I. Sector
A. Remnant area at the end of a file
II. Unallocated space
B. Smallest unit that can be accessed on a disk
III. Slack space
C. Fixed block of data such as 1024 bytes
IV. Cluster
D. Space not currently used to store an active file
Answer: B D A C
31.
Reference: Terms throughout the chapter
Difficulty: Moderate
Match the type of cybercrime with its description.
I. Spoofing
A. Unauthorized access causes damage
II. Techno-vandalism
B. Phony Web sites
III. Techno-trespass
C. Criminal trespass
IV. Root access
D. Gives the user Admin rights
Answer: B A C D
32.
Difficulty: Moderate
Reference: Computer Is the Crime Target
Difficulty: Moderate
Match the type of crime with its motive.
I. Fraud from computer billings
II. Software piracy
A. Computer is the crime target
B. Computer is the crime instrument
III. Theft of intellectual property
C. Computer is incidental to traditional crime
IV. Illegal gambling
D. New crime generated by prevalence of computers
Answer: B D A C
Reference: Types of Motives and Cybercrimes
download instant at www.easysemester.com
Difficulty: Moderate