Criminalistics An Introduction To Forensic Science 11th Edition by Saferstein Test Bank

<< Criminological Theory Context and Consequences 6th Edition by J. Robert Lilly Francis T. Test Bank Criminal Investigation 11th Edition by Swanson Test Bank >>
Product Code: 222
Availability: In Stock
Price: $24.99
Qty:     - OR -   Add to Wish List
Add to Compare

Criminalistics An Introduction To Forensic Science 11th Edition by Saferstein Test Bank

Description

WITH ANSWERS
Criminalistics An Introduction To Forensic Science 11th Edition by Saferstein Test Bank

Chapter 2

The Crime Scene

 

 

CHAPTER OVERVIEW

 

  • Physical evidence includes any and all objects that can establish that a crime has been committed or can link crime and victim or victim and perpetrator.

 

  • Forensic science begins at the crime scene, where investigators must recognize and properly preserve evidence for laboratory examination.

 

  • The first officer to arrive must secure the crime scene.

 

  • Investigators record the crime scene by using photographs, sketches, and notes, and make a preliminary examination of the scene as it was left by the perpetrator.

 

  • The search pattern selected at a crime scene depends on the size and locale of the scene and the number of collectors participating in the search.

 

  • Many items of evidence may be detected only through examination at the crime laboratory. For this reason, it is important to collect possible carriers of trace evidence, such as clothing, vacuum sweepings, and fingernail scrapings, in addition to more discernible items.

 

  • Each item of physical evidence collected at a crime scene must be placed in a separate appropriate container to prevent damage through contact or cross-contamination.

 

  • Investigators must maintain the chain of custody, which is a record for denoting the location of the evidence.

 

  • Proper standard/reference samples, such as hairs, blood, and fibers, must be collected at the crime scene and from appropriate subjects for comparison purposes in the laboratory.

 

  • The removal of any evidence from a person or from the scene of a crime must be done in accordance with appropriate search and seizure protocols.

 

 

 

 

 

 

 

LEARNING OBJECTIVES

 

  1. Define physical evidence

 

  1. Discuss the responsibilities of the first police officer who arrives at a crime scene

 

  1. Explain the steps to be taken to thoroughly record the crime scene

 

  1. Describe proper procedures for conducting a systematic search of a crime scene for physical evidence

 

  1. Describe proper techniques for packaging common types of physical evidence

 

  1. Define and understand the concept of chain of custody

 

  1. Relate what steps are typically required to maintain appropriate health and safety standards at the crime scene

 

  1. Understand the implications of the Mincey and Tyler cases

 

 

LECTURE OUTLINE

 

            PROCESSING THE CRIME SCENE

                       

                        Securing and Isolating the Crime Scene

                       

                        Recording the Crime Scene

 

  • Teaching Note: Be sure to cover the importance of protecting the crime scene from the very beginning. Too many critical things can be disturbed or destroyed if people are walking through the scene. Discuss how to control the scene and document who goes in and out.

                       

Conducting a Systematic Search for Evidence

 

                        Collecting and Packaging Physical Evidence

 

                        Maintaining the Chain of Custody

 

                        Obtaining Standard/Reference Samples

 

                        Submitting Evidence to the Laboratory

 

                        Ensuring Crime Scene Safety

 

           

LEGAL CONSIDERATIONS AT THE CRIME SCENE

 

  • Teaching Note: Emphasize the legal consideration of proper evidence-handling. Bring up famous evidence mishap cases, like the O.J. Simpson and the Jon Benet Ramsey cases.

 

 

List of Changes/Transition Guide

 

This chapter has been revised to include expanded coverage of the collection and preservation of DNA evidence, as well as safety protocols required to ensure the well-being of CSI personnel at the crime scene.

 

ADDITIONAL ASSIGNMENTS AND CLASS ACTIVITIES

 

Demonstrations and Lecture-Starters

 

Mock Crime Scene.

A mock crime scene can be set up in a classroom. Students are encouraged to become familiar with proper packaging and handling of common types of physical evidence. Emphasize preparation and use of the druggist fold. All pertinent information should be recorded in a notebook. Sketches may be made of the crime scene. A crime scene sketch kit, which includes an excellent instructional manual on sketching, is available from Sirchie Finger Print Laboratories, 100 Hunter Place, Youngsville, NC 27596.

 

Crime Scene Sketch.

 

Materials:

Graph paper

Notepad

Rulers

Tape measure/meter sticks

Mock crime scene

 

Procedure:

You have been introduced to the appropriate steps to process a crime scene.  An important part of this process is surveying the scene and taking diligent notes of it.  You must also create a sketch of the scene.  With a partner or small group you must create a sketch of the scene presented to you and keep notes of what evidence you find.  In your sketch you must provide an accurate depiction of the entire scene with dimension measurements, as well as location measurements for all pieces of physical evidence.

 

Follow-Up Questions:

  1. Why is it important to take diligent notes when processing the crime scene?
  2. What is the chain of custody?
  3. Why do we sketch the crime scene as well as take photographs of it?

 

Questions

 

  1. How does the textbook define physical evidence?

 

  1. What is the first critical step in crime scene investigation? Why is this step so important?

 

  1. List the three methods of crime scene recording.

 

  1. What is the most important prerequisite for photographing a crime scene? Why is this so critical?

 

  1. What is a rough sketch and what information must it accurately reflect?

 

  1. What information must be included in any notes taken at the crime scene?

 

  1. Besides the crime scene itself, what locations must investigators search?

 

  1. What items from deceased victims must be collected and sent to a forensic laboratory?

 

  1. What is the main objective in collecting and packaging physical evidence?

 

  1. What is the best way to maintain the integrity of evidence that is collected and submitted to the crime laboratory?

 

  1. Why is it important to package items of physical evidence in separate containers?

 

  1. Why should ordinary mailing envelopes not be used for packaging physical evidence?

 

  1. Describe a druggist fold and explain why it is a superior way to package small amounts of trace evidence.

 

  1. Why should bloodstained evidence not be stored in airtight containers? What is the best way to store such evidence?

 

  1. Define chain of custody and explain why maintaining a proper chain of custody is important. What are the possible consequences of failing to maintain a proper chain of custody?

 

  1. What is a standard/reference sample and why is it important to the criminalist?

 

  1. What is a substrate control and why is it important?

 

  1. Why is it important to include a brief description of the case history on an evidence submission form?

 

  1. What two diseases have sensitized the law enforcement community to the potential health hazards that can exist at crime scenes? Name three basic types of protective clothing that investigators use to guard against contamination by infectious materials at a crime scene.

 

  1. List four situations in which a warrantless search may be justified.

 

Answers to Questions

 

  1. Physical evidence is any object that can establish that a crime has been committed, or can link a crime and its victim or a crime and its perpetrator.

 

  1. The first critical step in crime scene investigation is securing and isolating the crime scene. It is critical because anyone who enters a crime scene potentially could destroy physical evidence important to the investigation.

 

  1. The three methods of crime scene recording are photography, sketches, and notes.

 

  1. The most important prerequisite for photographing a crime scene is for the scene to be in an unaltered condition. If objects at the scene have been removed, added, or changed positions, the photographs may not be admissible as evidence at a trial, and their intended value will be lost.

 

  1. A rough sketch is a draft representation of all essential information and measurements at a crime scene. A rough sketch must accurately depict the dimensions of the crime scene, as well as all recovered items of physical evidence and their exact locations.

 

  1. Crime scene notes must include a detailed written description of the scene with the location of items of physical evidence recovered. They must also identify the time at which an item of physical evidence was discovered, by whom, how and by whom it was packaged and marked, and the disposition of the item after it was collected.

 

  1. The areas searched must include all probable points of entry and exit used by the criminal(s).

 

  1. The following items must be sent to the forensic laboratory: the victims clothing, fingernail scrapings, head and pubic hairs, blood, bullets recovered from the body, hand swabs (from shooting victims), and vaginal/anal/oral swabs (in sex-related crimes).

 

  1. The main objective in collecting and packaging physical evidence is to prevent any change in the evidence between the time it is removed from the crime scene and the time it is received by the crime laboratory.

 

  1. The integrity of evidence is best maintained when the item is kept in its original condition as found at the crime site.

 

  1. Packaging evidence separately prevents damage through contact and cross- contamination.

 

  1. Ordinary mailing envelopes should not be used as evidence containers because powders and fine particles will leak out of their corners.

 

  1. A druggist fold consists of folding one end of a piece of paper over one-third, then folding the other end (one-third) over that, and repeating the process from the other two sides. After the paper is folded in this manner, the outside two edges are tucked into each other. A druggist fold produces a closed container that keeps the specimen from falling out.

 

  1. Bloodstained materials should not be stored in airtight containers because the accumulation of moisture in such containers may encourage the growth of mold, which can destroy the evidential value of blood. In these instances, wrapping paper, manila envelopes, and paper bags are recommended packaging materials.

 

  1. The chain of custody is a list of all people who came into possession of an item of evidence. Maintaining a proper chain of custody is the best guarantee that the evidence will withstand inquiries of what happened to it from the time of its finding to its presentation in court. Failure to substantiate the evidences chain of custody may lead to serious questions regarding the authenticity and integrity of the evidence and examinations of it.

 

  1. A standard/reference sample is physical evidence whose origin is known, such as blood or hair from a suspect, which can be compared to crime-scene evidence. Standard/reference samples are important because they allow the criminalist to connect evidence found at the scene of a crime to the suspect and/or victim.

 

  1. A substrate control consists of uncontaminated surface material close to an area where physical evidence has been deposited. A substrate control ensures that the surface on which a sample has been deposited does not interfere with the interpretation of laboratory tests.

 

  1. Providing a case history allows the examiner to analyze specimens in a logical sequence and make the proper comparisons, and it also facilitates the search for trace quantities of evidence.

 

  1. The spread of AIDS and hepatitis B have sensitized the law enforcement community to the potential health hazards that can exist at crime scenes. Three basic types of protective clothing recommended for investigators are latex gloves, shoe covers, and liquid-repellent coveralls.

 

  1. A warrantless search may be justified in the following situations: (1) the existence of emergency circumstances; (2) the need to prevent the immediate loss or destruction of evidence; (3) a search of a person and property within the immediate control of the person, provided it is made incident to a lawful arrest; and (4) a search made by consent of the parties involved.

 

 

SUGGESTED ANSWERS TO END-OF-CHAPTER ASSIGNMENTS

 

Review Questions

 

  1. Physical evidence
  2. False
  3. False
  4. Excluded
  5. True
  6. First responding officer
  7. Medical assistance
  8. False
  9. Log
  10. True
  11. Photography; sketching; notes
  12. True
  13. First responding officer
  14. False
  15. Notes
  16. False
  17. Unaltered
  18. Close-up
  19. False
  20. Single lens reflex
  21. Pixels
  22. True
  23. Overview; close-up
  24. False
  25. Standard operating procedures
  26. Videotaping or digital video
  27. Final sketch
  28. Computer-aided design
  29. Rough
  30. Systematic
  31. Physical evidence
  32. False
  33. False
  34. Carriers
  35. Is not
  36. Separate
  37. False
  38. Is not
  39. Air-dried
  40. False
  41. Chain of custody
  42. Standard/reference
  43. Unwarranted
  44. Arson or fire

 

Application and Critical Thinking

 

  1. While waiting for backup, you should summon medical assistance for the victim, take a statement from the victim, detain any suspects at the scene, establish the boundaries of the crime scene, and ensure no unauthorized personnel enter the crime scene.

 

  1. a) Grid or line search
  2. b) Quadrant (zone) search
  3. c) Spiral or line search

 

  1. Officer Warren made a mistake by opening the window and airing out the house. He should have kept the window closed until an investigation team arrived. From the lack of blood or evidence of a struggle, he concluded that the murder occurred someplace else, and that the room containing the body was a secondary scene.

 

  1. Officer Guajardo should not have removed the scrap of cloth until the photographer had arrived and taken a picture of the evidence. He also should have put on latex gloves or used forceps or another tool to remove the scrap of cloth. Finally, he should have placed the cloth in a paper bag or other container where air could circulate, rather than in a sealed plastic bag where moisture could accumulate and cause mold to grow on the cloth.

 

  1. Officer Gurney should have recorded his initials on the original seal and the date on which the evidence was sealed. The forensic scientist should have opened the package in a different place, not broken the old seal. The forensic scientist also should not have discarded the old seal.

 

  1. The crime scene sketch does not contain dimensions of walls and objects or reference measurements for labeled objects. The sketch does show some case information, but it should be condensed in a title block.

Case Analysis

 

  1. The first challenge investigators faced was destruction of evidence. Mexican authorities autopsied the bodies twice before the corpses had been inspected, which likely destroyed potentially helpful evidence. Authorities also prevented forensic scientists from examining the corpses until the bodies had decomposed significantly. Mexican police removed all of the obvious evidence from the residence where the victims were held before allowing the FBI forensic team to enter the scene. Mexican authorities later seized a license plate found hidden at the scene and would not allow FBI agents to examine it or to conduct any further searches of the property. In addition, Mexican authorities destroyed much of the evidence that had been collected from the crime scene for health reasons. The second main challenge was contamination of crime scenes linked to the murders. The location where the bodies were discovered was not sealed by police, thus allowing both police officers and onlookers to contaminate the scene. Also, the residence at 881 Lope De Vegawhere the victims were believed to have been killedwas cleaned and painted before forensics experts had a chance to examine it. In addition, Mexican federal police officers had been living in the residence since shortly after the time of the murders, further contaminating the scene.

 

  1. Investigators collected reference samples of carpeting from the victims bodies, as well as bits of the victims clothing and the sheets in which the bodies were buried. The carpet samples matched samples taken from the residence at 881 Lope De Vega, where investigators suspected the victims were killed. The samples of burial sheet matched pillowcases found at the residence, and bits of clothing matching that worn by the victims were also found at the residence. In addition, hair and blood samples matching those of the victims were found in the residence at 881 Lope De Vega.

 

Investigators found that soil samples from the victims bodies did not match the soil from the area where the bodies were found. They also found no significant bodily fluids in the area where the bodies were found. This evidence suggested that the bodies originally had been buried elsewhere and later transported to the location where they were found. Investigators later compared soil samples from the victims bodies to samples taken from a park where the bodies of two Americans killed by drug traffickers had been discovered. Soil samples from the bodies of Camarena and Zavala exactly matched the soil found at the location where the Americans bodies were found.

 

Chapter 18

 

Computer Forensics

 

Chapter 18 Multiple Choice

 

  1. Which of the following is NOT considered a hardware device?
  2. The monitor
  3. The hard disk drive
  4. The mouse
  5. The operating system

Answer: d

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. Which of the following is NOT considered a type of software?
  2. Linux
  3. Firefox
  4. Excel
  5. Random Access Memory

Answer: d

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. A motherboard:
  2. Is the main circuit board within a computer.
  3. Has a socket to accept RAM.
  4. Connects to every device used by the system.
  5. All of the above

Answer: d

Objective: List and describe the hardware and software components of a computer.

Page number: 457

Level: Basic

 

  1. The term bit is short for:
  2. Tidbit.
  3. Byte.
  4. Binary digit.
  5. Database.

Answer: c

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 476

Level: Basic

 

  1. The primary form of data storage within a personal computer is:
  2. The CD-ROM.
  3. The hard disk drive.
  4. A zip drive.
  5. The recycle bin.

Answer: b

Objective: Describe how a hard disk drive is partitioned.

Page number: 459

Level: Intermediate

 

  1. A Network Interface Card (NIC) enables a personal computer to communicate with other computers via:
  2. A wired connection.
  3. A wireless connection.
  4. A satellite connection.
  5. a and b

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 460

Level: Intermediate

 

  1. The first thing a crime scene investigator should do when encountering computer forensic evidence is:
  2. Unplug every device from the CPU to preserve the hard disk drive.
  3. Procure a warrant to search.
  4. Remove the system to the laboratory for processing.
  5. Document the scene.

Answer: b

Objective: Describe the proper procedure for preserving computer evidence at a crime scene.

Page number: 462

Level: Intermediate

 

  1. The ultimate goal of obtaining an image of a hard disk drive is to:
  2. Locate as much incriminating information as possible.
  3. Preserve the photographs and video stored on the drive.
  4. Give priority to the text files on the drive.
  5. Obtain information without altering the drive in any way.

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 465

Level: Intermediate

 

  1. One of the most common places to begin to look for evidential data is in:
  2. The spreadsheet files.
  3. A photograph editing program.
  4. A CAD package.
  5. The word processing or text-based document files.

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 466

Level: Intermediate

 

  1. Which of the following is the best definition of latent data?
  2. Anything readily available to the user, also known as visible data
  3. Data that are hidden from view
  4. An automatically saved copy of a file that was recently modified
  5. Data which are typically of little use to forensic investigators

Answer: b

Objective: Understand the difference between and location of visible and latent data.

Page number: 468

Level: Basic

 

  1. Once a file is deleted by a user, it:
  2. Is obliterated from the system and cannot be recovered.
  3. Is retained until the disk space it occupies is allocated for another use.
  4. May be identified using forensic image acquisition software.
  5. b and c

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 470

Level: Intermediate

 

  1. Evidentiary data may be recovered from which of the following?
  2. Slack space on the HDD
  3. Unallocated space on the HDD
  4. RAM swap files
  5. All of the above

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 467

Level: Intermediate

 

  1. One gigabyte can be expressed as:
  2. 1,000 bytes.
  3. 1,000 megabytes (MB).
  4. 1,000 kilobytes (KB).
  5. 8,000 bits.

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Basic

 

  1. A software algorithm used to create a fingerprint of a file or an entire HDD is called:
  2. MD5.
  3. ROM.
  4. RAM.
  5. MAC OS.

Answer: a

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 465

Level: Intermediate

 

  1. Which of the following is NOT associated with the partitioning of a HDD?
  2. Quadrant
  3. Sector
  4. Track
  5. Cluster

Answer: a

Objective: Describe how a hard disk drive is partitioned.

Page number: 476

Level: Basic

 

  1. A cluster is a group of _____ in multiples of _____.
  2. Partitions, two
  3. Disks, four
  4. Cylinders, three
  5. Sectors, two

Answer: d

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 476

Level: Intermediate

 

  1. What keeps track of the location of files and folders on the HDD?
  2. The search engine
  3. The HDD itself
  4. The CPU
  5. The FAT

Answer: d

Objective: Describe how a hard disk drive is partitioned.

Page number: 471

Level: Intermediate

 

  1. When is it necessary to make a fingerprint of a HDD?
  2. In most cases
  3. Only sometimes
  4. Before and after imaging its contents
  5. Rarely

Answer: c

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 465

Level: Intermediate

 

  1. Which of the following is NOT classified as software?
  2. Operating systems
  3. Word processors
  4. Web browsers
  5. Floppy discs

Answer: d

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. The boot (start-up) process for a computer is controlled by:
  2. The hard disk drive.
  3. ROM.
  4. RAM.
  5. USB thumb drives.

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Intermediate

 

  1. The complex of wires located on the motherboard which serves to carry data from one hardware device to another is:
  2. RAM.
  3. ROM.
  4. System bus.
  5. Central processing unit.

Answer: c

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Intermediate

 

  1. Sectors are typically how many bytes in size?
  2. 126 bytes
  3. 256 bytes
  4. 512 bytes
  5. 1024 bytes

Answer: c

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. One should not search for visible data in:
  2. Swap files.
  3. Temporary files.
  4. Unallocated space.
  5. Windows.

Answer: c

Objective: Understand the difference between and location of visible and latent data.

Page number: 466

Level: Intermediate

 

  1. One should not look for latent data in:
  2. RAM slack.
  3. File slack.
  4. Unallocated space.
  5. Temporary files.

Answer: d

Objective: Understand the difference between and location of visible and latent data.

Page number: 468

Level: Intermediate

 

  1. Hard drive partitions are typically divided into:
  2. Sectors.
  3. Clusters.
  4. Tracks.
  5. All of the above

Answer: d

Objective: Describe how a hard disk drive is partitioned.

Page number: 476

Level: Intermediate

 

  1. URL stands for:
  2. Uniform Replacement Listing.
  3. Unlimited Real-time Link.
  4. Uniform Resource Locator.
  5. User-Resource Link.

Answer: c

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Basic

 

  1. Most web browsers use a(n) _____ to expedite and streamline browsing.
  2. Area network
  3. Cable modem
  4. Domain
  5. Caching system

Answer: d

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Intermediate

 

  1. Which of the following is/are potential sources for forensic evidence on a suspects personal computer?
  2. Internet cookies
  3. Internet history
  4. Cache
  5. All of the above

Answer: d

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Basic

 

  1. Unauthorized intrusion into a computer is called:
  2. Crashing.
  3. Whacking.
  4. Hacking.
  5. Spamming.

Answer: c

Objective: List and describe three locations where investigators may pinpoint the origin of a hacker.

Page number: 476

Level: Basic

 

  1. Which source will NOT be useful to investigators seeking to determine a users Internet historyz?
  2. Cookies
  3. Cache
  4. Favorite sites
  5. Slack files

Answer: d

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Intermediate

 

  1. Files containing chat and instant messaging are most likely stored in:
  2. Swap files.
  3. RAM.
  4. ROM.
  5. Slack files.

Answer: b

Objective: Describe how e-mails, chat, and instant messages on the Internet can be traced and recovered.

Page number: 476

Level: Intermediate

 

  1. Which of the following carries data from one hardware device to another?

a. System bus

b. Central processing unit (CPU)

c. Random-access memory (RAM)

d. Network interface card (NIC)

Answer: a

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Intermediate

 

  1. In which of the following places would a computer forensic investigator look for latent data?

a. RAM slack

b. File slack

c. Unallocated space

d. All of the above

Answer: d

Objective: Understand the difference between and location of visible and latent data.

Page number: 468

Level: Intermediate

 

  1. Text messaging is also known as:
  2. SMS.
  3. MMS.
  4. GPS.
  5. RAM.

Answer: a

Objective: Describe services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

  1. The best way to handle a mobile device and preserve data is:
  2. Turn the mobile device off.
  3. Leave the mobile device on.
  4. Leave the mobile device on, but place it in a Faraday shield.
  5. None of the above

Answer: c

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 478

Level: Intermediate

 

  1. Which of the following are NOT considered to be classified as software?
  2. Operating systems
  3. Word processors
  4. Web browsers
  5. Floppy disks

Answer: d

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Intermediate

 

  1. Which of the following is NOT a type of RAM?
  2. SSIM
  3. DDIM
  4. SD
  5. DAB

Answer: d

Objective: Understand the difference between read-only memory and random-access memory.

Page number: 458

Level: Intermediate

 

  1. The most commonly used feature of the Internet is:
  2. E-mail.
  3. Academic research.
  4. Online shopping.
  5. Long-distance phone service.

Answer: a

Objective: Describe how e-mails, chat, and instant messages on the Internet can be traced and recovered.

Page number: 475

Level: Basic

 

  1. A directory or index cataloging the content of the Internet is called:
  2. The World Wide Web.
  3. A search engine.
  4. A web browser.
  5. An IPO.

Answer: b

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 471

Level: Intermediate

 

  1. If a file system defines a cluster as six sectors, how many bytes of information can be stored on each cluster?
  2. 24,576
  3. 512
  4. 3,072
  5. 307.2

Answer: c

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. Which of the following actions taken at the crime scene involving a computer are incorrect?
  2. Upon arrival, sketching the overall layout as well as photographing it
  3. Photographing any running monitors
  4. Removing the plug from the back of the computer, not from the wall
  5. None of the above

Answer: d

Objective: Describe the proper procedure for preserving computer evidence at a crime scene.

Page number: 462

Level: Intermediate

 

  1. The two types of slack space are _____ slack and _____ slack.
  2. File; RAM
  3. RAM; ROM
  4. Cluster; file
  5. IP; TTI

Answer: a

Objective: Understand the difference between read-only memory and random-access memory.

Page number: 458

Level: Intermediate

 

  1. A(n) _____ is placed on a hard disk drive by a website to track certain information about its visitors.
  2. Phish
  3. IP address
  4. E-mail
  5. Cookie

Answer: d

Objective: Describe how e-mails, chat, and instant messages on the Internet can be traced and recovered.

Page number: 472

Level: Intermediate

 

  1. A device that permits only requested traffic to enter a computer system is known as a(n):
  2. Central processing unit (CPU).
  3. Firewall.
  4. Cookie.
  5. Internet cache.

Answer: b

Objective: List and describe three locations where investigators may pinpoint the origin of a hacker.

Page number: 476

Level: Basic

 

  1. Which type of data are readily available to a computer user?
  2. Swap
  3. Latent
  4. Visible
  5. Allocated

Answer: c

Objective: Understand the difference between and location of visible and latent data.

Page number: 466

Level: Basic

 

  1. The _____ is a complex network of wires that carry data from one hardware device to another.
  2. Motherboard
  3. Central processing unit (CPU)
  4. Hard disk drive
  5. Operating system

Answer: a

Objective: List and describe the hardware and software components of a computer.

Page number: 457

Level: Intermediate

 

  1. The definition of software is:
  2. Storage programs used to start the boot process.
  3. A set of instructions compiled into a program that performs a particular task.
  4. A complex network of wires that carry data from one hardware device to another.
  5. A primary component of storage in the personal computer.

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

 

Chapter 18 True-False

 

  1. Software comprises the physical components of the computer.
  2. True
  3. False

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. The central processing unit is the main system board of a computer that delivers power, data, and instructions to the computers components.
  2. True
  3. False

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Basic

 

  1. The central processing unit, or CPU, is the part of the computer that actually computes.
  2. True
  3. False

Answer: a

Objective: List and describe the hardware and software components of a computer.

Page number: 458

Level: Basic

 

  1. ROM stores software programs and instructions while the computer is turned on.
  2. True
  3. False

Answer: b

Objective: Understand the difference between read-only memory and random access memory.

Page number: 458

Level: Basic

 

  1. RAM is not permanent; its contents are lost forever once power is taken away from the computer.
  2. True
  3. False

Answer: a

Objective: Understand the difference between read-only memory and random access memory.

Page number: 458

Level: Basic

 

  1. The primary storage device on most computers is the hard disk drive (HDD).
  2. True
  3. False

Answer: a

Objective: Describe how a hard disk drive is partitioned.

Page number: 460

Level: Intermediate

 

  1. Before an OS can be formatted, it must write to a HDD.
  2. True
  3. False

Answer: b

Objective: Describe how a hard disk drive is partitioned.

Page number: 461

Level: Intermediate

 

  1. A cluster is the smallest unit of data that a hard drive can address.
  2. True
  3. False

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. A bit, or a binary digit, is the smallest unit of information on a computer.
  2. True
  3. False

Answer: a

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. A FAT tracks the location of files and folders on the hard disk drive.
  2. True
  3. False

Answer: a

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. The primary goal in obtaining data from a HDD is to do so without altering even one bit of data.
  2. True
  3. False

Answer: a

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 465

Level: Intermediate

 

  1. Visible data exists in areas of the drive that are, generally speaking, unknown and inaccessible to most end users.
  2. True
  3. False

Answer: b

Objective: Understand the difference between and location of visible and latent data.

Page number: 466

Level: Intermediate

 

  1. The two main types of evidentiary computer data are visible data and latent data.
  2. True
  3. False

Answer: a

Objective: Understand the difference between and location of visible and latent data.

Page number: 479

Level: Basic

 

  1. A computer forensic investigator would most likely look for latent data in temporary files.
  2. True
  3. False

Answer: b

Objective: Understand the difference between and location of visible and latent data.

Page number: 468

Level: Intermediate

 

  1. Swap space is empty space on a hard disk drive (HDD) created because of the way the HDD stores files.
  2. True
  3. False

Answer: b

Objective: List and describe the hardware and software components of a computer.

Page number: 467

Level: Intermediate

 

  1. A domain manages traffic between computers on a network.
  2. True
  3. False

Answer: b

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 476

Level: Intermediate

 

  1. An IP address typically takes the form ###.###.###.###, in which ### can be any number from 0 to 255.
  2. True
  3. False

Answer: a

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 474

Level: Basic

 

  1. Three places where a forensic computer examiner might look to determine what websites a computer user has visited recently are the Internet cache, cookies, and the Internet history.
  2. True
  3. False

Answer: a

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Intermediate

 

  1. An IP address may lead to the identity of the person who was using a particular computer to access the Internet.
  2. True
  3. False

Answer: a

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 474

Level: Intermediate

 

  1. Extracting data from a mobile device is more complicated than extracting data from a computer.
  2. True
  3. False

Answer: a

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

  1. MMS, or Multimedia Message Service, is text messaging with attachments.
  2. True
  3. False

Answer: a

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Basic

 

  1. The call history for a mobile device is generally not able to be used in an investigation.
  2. True
  3. False

Answer: b

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

  1. Often mobile devices contain the same Internet artifacts as a computer, such as cookies and browser history.
  2. True
  3. False

Answer: a

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

  1. Mobile devices are often shut off to avoid the loss of data.
  2. True
  3. False

Answer: b

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

  1. The operating systems of mobile devices are usually the same.
  2. True
  3. False

Answer: b

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 477

Level: Intermediate

 

 

Chapter 18 Fill in the Blank

 

  1. _____ comprises the physical components of the computer.

 

Answer: Hardware

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. _____ is a set of instructions compiled into a program that performs a particular task.

 

Answer: Software

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. The _____ is the main chip within the computer.

 

Answer: CPU

Objective: List and describe the hardware and software components of a computer.

Page number: 456

Level: Basic

 

  1. _____ consists of programs that are used to start the computers boot process.

 

Answer: Firmware

Objective: Understand the difference between read-only memory and random access memory.

Page number: 458

Level: Difficult

 

  1. The computers _____ system is the bridge between the human user and the computers electronic components.

 

Answer: Operating

Objective: List and describe the hardware and software components of a computer.

Page number: 461

Level: Intermediate

 

  1. Clusters are groups of _____.

 

Answer: Sectors

Objective: List and describe the hardware and software components of a computer.

Page number: 476

Level: Intermediate

 

  1. A Message Digest 5 (MD5)/Secure Hash Algorithm (SHA) takes a _____ of a hard disk drive (HDD) before and after forensic imaging.

 

Answer: Fingerprint

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 465

Level: Difficult

 

  1. Investigators would want to copy blank or unused portions of the HDD to preserve _____data.

 

Answer: Latent

Objective: Understand the difference between and location of visible and latent data.

Page number: 468

Level: Basic

 

  1. _____ data includes all information that the operating system is presently aware of, and thus is readily accessible to the user.

 

Answer: Visible

Objective: Understand the difference between and location of visible and latent data.

Page number: 466

Level: Basic

 

  1. _____ space is a file or defined space on the HDD to which data is written to free RAM for applications that are in use.

 

Answer: Swap

Objective: Understand the difference between read-only memory and random access memory.

Page number: 467

Level: Difficult

 

  1. _____ space is empty space on a hard disk drive (HDD) created because of the way the HDD stores files.

 

Answer: Slack

Objective: List and describe the hardware and software components of a computer.

Page number: 468

Level: Difficult

 

  1. A(n) _____ address is a unique address given to every computer connected to the Internet.

 

Answer: IP address

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 474

Level: Intermediate

 

  1. Chat and instant messages typically are stored in _____.

 

Answer: RAM

Objective: Understand the difference between read-only memory and random access memory.

Page number: 476

Level: Difficult

 

  1. _____ is a slang term for an unauthorized computer or network intrusion.

 

Answer: Hacking

Objective: List and describe three locations where investigators may pinpoint the origin of a hacker.

Page number: 476

Level: Intermediate

 

  1. A(n) _____ is a device that permits only requested traffic to enter a computer system.

 

Answer: Firewall

Objective: List the areas of the computer that will be examined to retrieve forensic data.

Page number: 476

Level: Intermediate

 

  1. The travel history of a suspect can be documented using _____ and map data from a mobile device.

 

Answer: GPS

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 478

Level: Basic

 

  1. Extraction of data from a mobile device can be done on a physical level and a(n) _____ level.

 

Answer: Logical

Objective: Describe the types of services offered by modern mobile devices, such as cell phones, and the potential investigative value they have.

Page number: 478

Level: Difficult

 

 

Chapter 18 Matching

 

Match the word in Column 1 to its definition in Column 2. Each answer can only be used once.

1. Central processing unit (CPU) a. The main system board of a computer (and many other electronic devices) that delivers power, data, and instructions to the computers components
2. Cluster b. Typically the main storage location within the computer, consisting of magnetic platters contained in a case
3. Hard disk drive (HDD) c. Portions of visited Web pages placed on the local hard disk drive to facilitate quicker retrieval once revisited
4. Latent data d. A set of instructions compiled into a program that performs a particular task
5. Motherboard e. All data that the operating system is presently aware of, and thus is readily accessible to the user
6. Sector f. The main chip within the computer; also referred to as the brain of the computer. This microprocessor chip handles most of the operations (code and instructions) of the computer.
7. Software g. Hardware or software designed to protect against intrusions into a computer network
8. Visible data h. A standard method by which Internet sites are addressed
9. Cookies i. Areas of files and disks that are typically not apparent to the computer user (and often not to the operating system), but contain data nonetheless
10. Firewall j. Files placed on a computer from a visited website; they are used to track visits and usage of that site
11. Internet cache k. A group of sectors in multiples of two; typically the minimum space allocated to a file
12. Uniform resource locater (URL) l. The smallest unit of data addressable by a hard disk drive, generally consisting of 512 bytes

 

  1. *f
  2. *k
  3. *b
  4. *i
  5. *a
  6. *l
  7. *d
  8. *e
  9. *j
  10. *g
  11. *c
  12. *h

Level: Basic

 

 

Chapter 18 Essay

 

  1. What aspects of a computer should be photographed close-up at an electronic crime scene?

 

Answer (should include points such as):

1) The screen of any running computer monitor

2) All the connections to the main system unit, such as peripheral devices (keyboard, monitor, speakers, mouse, and so on)

3) Equipment serial numbers

Objective: Describe the proper procedure for preserving computer evidence at a crime scene.

Page number: 462

Level: Basic

 

  1. Name two situations in which an investigator would not immediately unplug a computer at an electronic crime scene.

 

Answer (should include points such as):

1) If encryption is being used and pulling the plug will encrypt the data, rendering it unreadable without a password or key

2) If data exists in RAM that has not been saved to the HDD, and will thus be lost if power to the system is discontinued

Objective: Describe the proper procedure for preserving computer evidence at a crime scene.

Page number: 476

Level: Intermediate

 

  1. What is fragmentation? What effect does fragmentation have on a hard disk drive (HDD)?

 

Answer (should include points such as):

Fragmentation is a situation in which data for the same file is contained in noncontiguous clusters on the hard disk drive (HDD). Fragmentation can degrade the performance of a HDD, causing the read/write heads to have to traverse the platters to locate the data.

Objective: List and describe the hardware and software components of a computer.

Page number: 470

Level: Difficult

 

  1. What is the purpose of an Internet cache?

 

Answer (should include points such as):

An Internet cache stores portions of the Web pages a user visits on the local hard disk drive. This way, if the page is revisited, portions of it can be reconstructed more quickly from this saved data, rather than having to pull it yet again from the Internet and use precious bandwidth.

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Intermediate

 

  1. What is hacking? Who most commonly engages in hacking, and for what purpose?

 

Answer (should include points such as):

Hacking is a slang term for an unauthorized computer or network intrusion. The individuals who most commonly engage in hacking are rogue or disgruntled employees with some knowledge of a computer network who are looking to cause damage.

Objective: List and describe three locations where investigators may pinpoint the origin of a hacker.

Page number: 476

Level: Basic

 

 

Chapter 18 Critical Thinking

 

  1. What type of memory stores software programs and instructions while the computer is turned on? What special considerations must be taken to preserve this type of memory on a computer at a crime scene?

 

Answer (should include points such as):

Random-access memory (RAM) stores software programs and instructions while the computer is turned on. It is also referred to as volatile memory because it is not permanent; its contents are lost forever once power is taken away from the computer. Therefore, the investigator must not automatically unplug the computer at a crime scene before data from RAM is acquired.

Objective: Understand the difference between read-only memory and random access memory.

Page number: 476

Level: Intermediate

 

  1. An investigator would like to take a forensic image of a suspects HDD. What is the primary goal in obtaining data from a HDD? What tools can the investigator use to achieve this goal?

 

Answer (should include points such as):

The primary goal in obtaining data from a HDD is to do so without altering even one bit of data. A Message Digest 5 (MD5)/Secure Hash Algorithm (SHA) takes a fingerprint of a hard disk drive (HDD) before and after forensic imaging. A forensic computer examiner would run such an algorithm to demonstrate that the forensic image recovered is all-inclusive of the original contents and that nothing was altered in the process.

Objective: Describe the proper procedure for preserving computer evidence at a crime scene.

Page number: 465

Level: Intermediate

 

  1. List four places where a forensic computer examiner might look to determine what websites a computer user has visited recently. What kind of leads could this information provide to the investigator?

 

Answer (should include points such as):

Four places where a forensic computer examiner might look to determine what websites a computer user has visited recently are the Internet cache, cookies, the Internet history, and bookmarks. This information tells the investigator what kind of sites a user has visited and the timeline for these visitations. The investigator may learn what online news a person is interested in or what type of hobbies he or she has. He or she may also see that persons favorite child pornography or computer hacking sites recorded. Additionally, considered against other evidence in the computer data, the presence of a particular cookie may have corroborative value.

Objective: Relate various areas found on the computer where a users Internet activities can be investigated.

Page number: 472

Level: Difficult


 

Write a review

Your Name:


Your Review: Note: HTML is not translated!

Rating: Bad           Good

Enter the code in the box below:



 

Once the order is placed, the order will be delivered to your email less than 24 hours, mostly within 4 hours. 

If you have questions, you can contact us here