QUESTION: 101

What information do you need to recover when searching a victim's computer for a crime committed with speci c e-mail message?

Internet service provider information
E-mail header
Username and password
Firewall log

Answer(s): B

Show Answer Next Question

Melanie was newly assigned to an investigation and asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the les on the system.
What would be the primary reason for you to recommend a disk imaging tool?

A disk imaging tool would check for CRC32s for internal self-checking and validation and have MD5 checksum
Evidence le format will contain case data entered by the examiner and encrypted at the beginning of the evidence le
A simple DOS copy will not include deleted les, le slack and other information
There is no case for an imaging tool as it will use a closed, proprietary format that if compared to the original will not match up sector for sector

Answer(s): C

Show Answer Next Question

QUESTION: 103

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate o ce of the company, the CEO demands to know the status of the investigation.
What prevents you from discussing the case with the CEO?