Computer Forensics and Cyber Crime Quiz

Questions and Answers

What is a traditional problem associated with finding digital evidence due to the nature of computer crime investigators playing multiple roles?

Limited knowledge of technological advancements

Restrictions from digital privacy laws

Excessive costs of investigative tools

Lack of resources leading to complications (correct)

Why is digital evidence considered fragile in forensic investigations?

It is heavily regulated by law

It is manufactured and not original

It requires special equipment to collect

It is susceptible to various external factors (correct)

What is a significant challenge when analyzing digital evidence in cyber crime investigations?

The need to analyze all potential evidence (correct)

The use of outdated technology in investigations

Having too much irrelevant data available

Abundance of centralized databases

What issue is raised by the expensive nature of conducting proper digital evidence investigations?

Risk of lawsuits if investigations fail

What complicates the retrieval of potential evidence in today’s cyber crime investigations?

Rapidity of technological advancement and criminal sophistication

What must be demonstrated to establish probable cause for a search warrant?

Evidence of a crime exists at a specific location

What is necessary for seizing equipment during an investigation?

A documented justification for the seizure

In what scenario might a no-knock warrant be justified?

There is a potential for evidence destruction

What type of evidence can be seized without judicial authority?

Criminal contraband and fruits of the crime

Why is it important to involve computer experts in the warrant application process?

To ensure the use of appropriate legal language

What is the first step involved in serving a warrant?

Knock

Which of the following is NOT included in the process of securing a crime scene?

Assessing the evidence's legal value

What should be documented at a minimum when processing the scene?

Date, time, and description of the computer

Why should photograph/video documentation be performed at a crime scene?

To weaken defense arguments about evidence contamination

When might external specialists be needed during a warrant execution?

When searching large mainframes and specialty computers

What is the purpose of preparing a tool kit for a search scene?

To gather evidence and secure data

Which team is responsible for the final handling of evidence during a search?

Seizure Team

What does SMEAC stand for in the context of planning?

Situation, Mission, Execution, Avenues of approach and escape, Communications

Which type of bags is specifically designed to prevent loss of data due to static electricity?

Antistatic bags

What equipment is essential for creating backups during a forensic examination?

Backup hardware

Multiple roles for computer crime investigators can complicate forensic investigations due to resource limitations.

True

Digital evidence is considered stable and unaffected by environmental factors.

False

The complexity of cyber crime investigations is increasing due to the growing sophistication of criminals.

True

The costs associated with correctly conducting digital evidence investigations can lead to potential lawsuits.

True

Legislation regarding cyber crime is advancing at a faster rate than technology.

False

Application for a search warrant should be reviewed by computer experts and legal counsel.

True

A no-knock warrant is justified only for minor offenses regardless of circumstances.

False

Criminal contraband may be seized without judicial authority.

True

Probable cause requires demonstrating that a crime has been committed and evidence exists in a particular location.

True

Dumpster-diving for potential evidence is an unacceptable practice in computer forensics.

False

Multiple boot disks are considered computer-specific equipment.

True

Evidence tape is not considered traditional equipment in law enforcement.

False

Antistatic bags help prevent data loss due to static electricity.

True

The Scene Security Team is responsible for document preparation.

False

The SMEAC planning model includes an Avenues of approach and escape component.

True

Dealing immediately with dangerous individuals is not part of securing the crime scene.

False

Photograph/video documentation can strengthen defense arguments that officers corrupted evidence.

False

Locating and securing all computers is one of the initial steps when serving a warrant.

True

Removing all personnel from the immediate area of evidence is not necessary.

False

Collecting literature related to the offenses is unnecessary during the scene processing.

False

Study Notes

Computer Forensics and Cyber Crime: Searching and Seizing Evidence

• Computer forensics involves a legal approach to finding digital evidence in cybercrime scenes.
• Pre-search activities include:
  • Gathering information to prepare for scene arrival.
  • Determining the number, type, and size of computers present.
  • Assessing risks from personnel affecting evidence.
  • Recognizing the volatility of evidence.
  • Obtaining judicial authority for data gathering.
  • Seeking expertise from non-departmental experts.
  • Engaging in social engineering.
  • Conducting dumpster diving for potential evidence.
• Warrant preparation and application:
  • Warrants need review by legal counsel and computer experts before submission.
  • Probable cause is mandatory to demonstrate a committed crime at the specific location.
• Seizing equipment:
  • Justification for seizing equipment is required (not just the search).
  • Explicit permission is needed to seize all hardware and storage devices to ensure constitutional justification.
  • Criminal contraband, fruits of the crime, or evidence may be seized without a warrant.
• No-knock warrants:
  • No-knock warrants might be used in exigent circumstances:
    • Nature of the crime.
    • Potential for evidence destruction.
    • Sophistication and maturity of the target.
    • Absence of the resident.
• Secondary/multiple warrants:
  • Secondary warrants may be needed in cases dealing with complex crimes, such as identity theft related to drug trafficking. This could also be true for networked computers with off-site storage.
• Plan Preparation and Personnel Gathering:
• Use SMEAC (Situation, Mission, Execution, Avenues of approach and escape, Communications) for pre-investigation planning.
• On-scene personnel:
  • On-scene personnel may play various roles (e.g., case supervisor, arrest team, scene security, interview team, sketch/photo team, physical search team, seizure team).
  • Seizing team would be responsible for bagging/tagging evidence.
• Traditional equipment:
  • Evidence tape, packing tape, evidence storage containers and labels.
  • Anti-static bags, conductive bags, and Faraday bags to prevent loss of data and shield wireless devices.
• Computer-specific Equipment:
  • Multiple boot disks, backup hardware, new hard drives, color scanners, color printers, anti-virus software (must be the most up-to-date), imaging software, and application software.
• On-scene activities:
  • Steps involved in serving a warrant: Knock, Notice, Document.
  • Securing the crime scene, including dealing with dangerous individuals, hazards, and removing personnel from the area.
  • Ascertaining network connections for appropriate actions.
  • Disabling network access (ideally by a network administrator) and protecting computers.
  • Collecting literature related to the underlying activities or offenses.
  • Determining the need for external specialists (e.g., mainframes, minicomputers, hacker computers).
  • Documenting date, time, description of computer (including damage), identifying information for investigators and personnel, finding all present persons, all available clues & leads, & any investigative software used.
  • Photos/videos used as evidence to counter corruption and contamination efforts by opposing sides.
  • Identifying potential evidence (non-digital, trace evidence, like hair, fibers, and fingerprints), as well as any other computer components (external hard drives, peripherals).
  • Documentation of circumstantial connections include post-its, printouts, & paper types.
  • Investigating potential evidence like desktops, monitors, keyboards, phones, wallets/purses, clothing, trash cans/bins, printers, and the computer itself.
  • Seizure and documentation of evidence for the warrant scope. All annotation is done in ink. Comprehensive notes are taken.
  • Seizing computer steps: Document the status (photos, sketches, etc.) before powering off the computer, include back of computer and connections. Place evidence tape over disk openings after powering off and label all cords & empty slots.
• Bagging and tagging:
  • Use chain of custody logs to track all evidence.
  • Labels should contain investigator initials, date found, and location of evidence.
• Transport and packaging:
  • Use protective measures to avoid damage from temperature, oil, dirt/dust, magnetic fields, and other environmental factors.
• Post-Seizure activities:
  • Who controlled the digital evidence, when and how was it collected/stored, where was it when collected, what kind of device held the evidence, who had access to equipment, and who owned the equipment.
  • Rely on traditional transport to exit the crime scene and properly record the contents being transferred, review shipping manifests, and enter into appropriate evidence control systems for analysis.

Description

Test your knowledge on the role of computer forensics in cybercrime investigations, including pre-search activities and warrant preparation. This quiz covers essential concepts related to gathering digital evidence and the legal aspects involved in seizing equipment. Assess your understanding of how evidence is handled in cybercrime scenes.