CJUS 363 Quiz 3

CJUS 363 Quiz 3 Liberty University

  1. State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies.
  2. Computer­stored records are data the system maintains, such as system log files and proxy server logs.
  3. An emergency situation under the PATRIOT Act is defined as the immediate risk of death or personal injury, such as finding a bomb threat in an e­mail.
  4. To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.
  5. The Fourth Amendment states that only warrants “particularly describing the place to be searched and the persons or things to be seized” can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for
  6. Physically copying the entire drive is the only type of data­copying method used in software acquisitions.
  7. A keyword search is part of the analysis process within what forensic function?
  8. What program serves as the GUI front end for accessing Sleuth Kit’s tools?
  9. Software forensics tools are grouped into command­line applications and GUI applications
  10. What hex value is the standard indicator for jpeg graphics files?
  11. In general, what would a lightweight forensics workstation consist of?
  12. When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command.
  13. Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America.
  14. What tool below was written for MS­DOS and was commonly used for manual digital investigations?
  15. Passwords are typically stored as one­way _____________ rather than in plaintext.
  16. Making a logical acquisition of a drive with whole disk encryption can result in unreadable files.
  17. In what mode do most write­blockers run?
  18. What option below is an example of a platform specific encryption tool?
  19. All forensics acquisition tools have a method for verification of the data­copying process that compares the original drive with the image.
  20. Which of the following options is not a subfunction of extraction?
  21. What algorithm is used to decompress Windows files?
  22. What is the goal of the NSRL project, created by NIST?
  23. The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.
  24. The physical data copy subfunction exists under the ______________ function.
  25. What is the purpose of the reconstruction function in a forensics investigation?
Buy Answer Key
  • Find by class