Jason is the security administrator of ACMA metal Corporation. One day he notices the companys
Oracle database server has been compromised and the customer information along with financial
data has been stolen. The financial loss will be in millions of dollars if the database gets into the
hands of the competitors. Jason wants to report this crime to the law enforcement agencies

immediately. Which organization coordinates computer crimes investigations throughout the
United States?

Which of the following should a computer forensics lab used for investigations have?

Corporate investigations are typically easier than public investigations because:

Area density refers to:

Sectors in hard disks typically contain how many bytes?

What does the superblock in Linux define?

When obtaining a warrant it is important to:

You are working for a local police department that services a population of 1,000,000 people and
you have been given the task of building a computer forensics laB. How many law-enforcement
computer investigators should you request to staff the lab?

From the following spam mail header, identify the host IP that sent this spam? From
jie02@netvigator.com jie02@netvigator.com Tue Nov 27 17:27:11 2001 Received: from
viruswall.ie.cuhk.edu.hk (viruswall [137.189.96.52]) by eng.ie.cuhk.edu.hk (8.11.6/8.11.6) with
ESMTP id fAR9RAP23061 for ; Tue, 27 Nov 2001 17:27:10 +0800 (HKT) Received: from
mydomain.com (pcd249020.netvigator.com [203.218.39.20]) by viruswall.ie.cuhk.edu.hk
(8.12.1/8.12.1) with SMTP id fAR9QXwZ018431 for ; Tue, 27 Nov 2001 17:26:36 +0800 (HKT)
Message-Id: >200111270926.fAR9QXwZ018431@viruswall.ie.cuhk.edu.hk
From: “china hotel web”
To: “Shlam”
Subject: SHANGHAI (HILTON HOTEL) PACKAGE Date: Tue, 27 Nov 2001 17:25:58 +0800
MIME-Version: 1.0 X-Priority: 3 X-MSMail- Priority: Normal ReplyTo: “china hotel web”

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation,
what can you conclude?