Professional Documents
Culture Documents
8. You can lose your job for violating a company policy, even if you
don’t commit a crime. True or False?
True
Page 1 of 4
CNB4313 Principles of Computer Forensics
11. What are some initial assessments you should make for a computing
investigation?
• Talk to others involved in the case and ask about the incident.
• Determine whether law enforcement or company security officers already
seized the computer evidence.
• Determine whether the computer was used to commit a crime or contains
evidence about the crime.
12. What are some ways to determine the resources needed for an
investigation?
• Determine the OS of the suspect computer.
• List the necessary software to use for the examination.
14. You should always prove the allegations made by the person who hired you.
True or False?
False
15. For digital evidence, an evidence bag is typically made of antistatic material.
True or False?
True
16. For employee termination cases, what types of investigations do you typically
encounter?
• hostile work environment caused by inappropriate Internet use
• sending harassing e-mail messages
Page 2 of 4
CNB4313 Principles of Computer Forensics
19. Why should you critique your case after it’s finished?
To improve your work
20. What do you call a list of people who have had physical possession of the
evidence?
Chain of custody
21. If a company publishes a policy stating that it reserves the right to inspect
computing assets at will, a corporate investigator can conduct covert surveillance on an
employee with little cause. True or False?
True
22. If you discover a criminal act, such as murder or child pornography, while
investigating a corporate policy abuse, the case becomes a criminal investigation and
should be referred to law enforcement. True or False?
True
23. Probable cause is not needed for a criminal investigation. True or False?
False
24. If a suspect computer is located in an area that might have toxic chemicals,
how should you react?
Coordinate with the HAZMAT team.
Page 3 of 4
CNB4313 Principles of Computer Forensics
28. Two hashing algorithms commonly used for forensic purposes are
_____________ and ________________
MD5 and SHA-1
30. You have been called to a crime scene where a laptop computer is still
running. What type of field kit should you take with you?
initial-response field kit
32. The police blotter provides a record of clues to crimes that have been
committed previously.
Page 4 of 4