1.

Because digital evidence is easily portable and transferable through removable media devices, chain of evidence procedures do not need to be followed to preserve the integrity and reliability of digital evidence.

True

False

2.

Most computer frauds against a business are committed by someone internal to the business (i.e., an employee).

True

False

3.

Because computer forensics is a relatively new area and few laws specifically address its investigative procedures, nearly all digital evidence collected in any manner will be considered admissible by the courts.

True

False

4.

When collecting evidence involving computers, photographing the computer under investigation is only needed when the computer is on and something other than a screen saver is displayed on the computer monitor.

True

False

5.

When packing up digital evidence, cardboard boxes are usually better to use than plastic bins or bags.

True

False

6.

Computer forensic investigators need to act fast in most instances because once a file is deleted, damaged, or encrypted on a computer by a suspect, it cannot be recovered.

True

False

7.

"Pass through" electronic devices (e.g., printers, cables, web cameras) that do not store data can generally be ignored as evidence and need not be collected as part of an investigation.

True

False

8.

When a suspect's computer is on and attached to a network, the best advice for an investigator securing the area is to immediately turn off the computer.

True

False

9.

Because of its chronological structure, any company's e-mail messages are usually quick and easy to access and analyze in an investigation.

True

False

10.

Instant messaging (IM) messages sent and received on company computer systems may be considered admissible evidence by the courts.

True

False

11.

A good Electronic Records Management (ERM) system should contain both retention and destruction schedules for electronic records.

True

False

12.

A magnet is one of the best tools a computer forensics investigator can have as a evidence collection tool because small data storage devices, such as thumb drives, can be easily picked up and placed in an evidence bag without inflicting any damage to the latent, trace, or biological evidence.

True

False

13.

For some digital evidence requests, the defendant could get the courts to require the plaintiff to bear the costs associated with obtaining this evidence.

True

False

14.

Since digital evidence is easily portable, there is usually little reason to confiscate a suspect's computer or other electronic devices in an investigation.

True

False

15.

Even though they were written before computers were invented, the protections provided by the Fourth and Fifth Amendments to the U.S. Constitution do apply to identifying and collecting digital evidence from computers.

True

False

16.

Computer forensics can be thought of as a "reactive cost" in that you would only implement computer forensic data collection and analysis procedures once you know a fraud or other irregularity has occurred.

True

False

17.

When collecting digital evidence, even if an investigator is prohibited from collecting some electronic devices at an investigation scene, he or she should still document that these devices were present at the scene.

True

False

18.

According to a study done by Flynn and Kahn (2003), e-mail is rarely useful as digital evidence because people tend not to openly discuss potentially incriminating activities in an e-mail.

True

False

19.

One advantage of digital evidence is that is is not required to be revealed during the pre-trial discovery process.

True

False

20.

If collected and analyzed properly, which of the following has the potential to be admissible as evidence in a court?

A.The SIM (Subscriber Identity Module) card in a cellular phone.

B.The memory card in a digital camera.

C.a telephone's caller identification record.

D.Both A and B above.

E.All of the above

21.

When securing and documenting digital evidence involving a computer, it is recommended to shut down and/or disconnect the computer's power source:

A.before moving the computer to document its serial number.

b.immediately if you notice the computer in an active chat room.

C.immediately if onscreen information or activity indicates that data is being deleted or overwritten.

D.in the situations described in both A and C above.

E.in the situations described in all of the above.

22.

Which of the following is good advice for someone initially securing an area in a company that contains digital evidence on computers and other electronic devices?

A.Carefully sanitize the outside of all electronic devices, especially keyboards, with a mild anti-bacterial spray.

B.Wrap aluminum foil around any cell phones found in the area.

C.Turn on all electronic devices to see if they are operational.

D.To speed up the process, ask to have the company's Information Technology (IT) personnel provide assistance.

23.

Which of the following is good advice for an investigator collecting and storing digital evidence?

A.Before shutting down a computer found in the investigation area, bring up every software program to see the files created and/or changed by the computer.

B.Immediately listen to all voice mail messages on any cell phone found in the investigation area.

C.To help preserve data integrity, store confiscated digital evidence in a refrigerated storeroom with a below freezing temperature (i.e., below 32 degrees Fahrenheit).

D.None of the above