What prevents you from discussing the case with the CEO?
You are employed directly by an attorney to help investigate an alleged sexual harassment case at
a large pharmaceutical manufacture. While at the corporate office of the company, the CEO
demands to know the status of the investigation. What prevents you from discussing the case with
the CEO?
What would be the primary reason for you to recommend a disk imaging tool?
Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from
the compromised system. Melanie did a DOS copy of all the files on the system. What would be
the primary reason for you to recommend a disk imaging tool?
you need to recover when searching a victims computer for a crime committed with specific e-mail message?
What information do you need to recover when searching a victims computer for a crime
committed with specific e-mail message?
One way to identify the presence of hidden partitions on a suspects hard drive is to:
One way to identify the presence of hidden partitions on a suspects hard drive is to:
What does mactime, an essential part of the coroners toolkit do?
What does mactime, an essential part of the coroners toolkit do?
What do you think would be the next sequence of events?
Chris has been called upon to investigate a hacking incident reported by one of his clients. The
company suspects the involvement of an insider accomplice in the attack. Upon reaching the
incident scene, Chris secures the physical area, records the scene using visual mediA. He shuts
the system down by pulling the power plug so that he does not disturb the system in any way. He
labels all cables and connectors prior to disconnecting any. What do you think would be the next
sequence of events?
The use of warning banners helps a company avoid litigation by overcoming an employees assumed ____________.
The use of warning banners helps a company avoid litigation by overcoming an employees
assumed
____________ When connecting to the companys intranet, network or Virtual Private
Network(VPN) and will allow the companys investigators to monitor, search and retrieve
information stored within the network.
When investigating a Windows System, it is important to view the contents of the page or swap file because:
When investigating a Windows System, it is important to view the contents of the page or swap file
because:
Where did the incident team go wrong?
A state department site was recently attacked and all the servers had their disks eraseD. The
incident response team sealed the area and commenced investigation. During evidence collection
they came across a zip disks that did not have the standard labeling on it. The incident team ran
the disk on an isolated system and found that the system disk was accidentally eraseD. They
decided to call in the FBI for further investigation. Meanwhile, they short listed possible suspects
including three summer interns. Where did the incident team go wrong?
Which of the following refers to the data that might still exist in a cluster even though the original file ha
Which of the following refers to the data that might still exist in a cluster even though the original
file has been overwritten by another file?