After a computer has been compromised by a hacker, which of the following would be most important in forming a
Profiling is a forensics technique for analyzing evidence with the goal of identifying the perpetrator from their various activity. After a computer has been compromised by a hacker, which of the following would be most important in forming a profile of the incident?
Printing under a Windows Computer normally requires which one of the following files types to be created?
Printing under a Windows Computer normally requires which one of the following files types to be created?
An Expert witness give an opinion if:
An Expert witness give an opinion if:
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardw
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to:
What is that code called ?
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called ?
How would you permanently erase the data on the hard disk?
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?
Which of the following are you most interested in when trying to trace the source of the message?
You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source. Which of the following are you most interested in when trying to trace the source of the message?
You inform the officer that you will not be able to comply with that request because doing so would:
You are working as a Computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subjects computer. You inform the officer that you will not be able to
comply with that request because doing so would:
A law enforcement officer may only search for and seize criminal evidence with _______________________, which
A law enforcement officer may only search for and seize criminal evidence with _______________________, which are facts or circumstances that would lead a reasonable person to believe a crime has been committed or is about to be committed, evidence of the
specific crime exists and the evidence of the specific crime exists at the place to be searched.
When cataloging digital evidence, the primary goal is to
When cataloging digital evidence, the primary goal is to