quiz lesson 10 case study in computer forensics pharmaceutical company

QUESTION 1

  • Which of the following is true of maintaining a chain of custody for digital evidence?

Maintaining digital evidence entails no more than keeping a copy of the evidence.

From a legal perspective, maintaining digital evidence is more difficult than maintaining physical evidence.

Ensuring the chain of custody for digital content does not involve an additional act of copying or physical transformation.

A copy of any digital evidence must be retained by the prosecutor’s office.

10 points

QUESTION 2

  • In the computer forensics case in the lab, strict chain of custody was maintained and the computer forensics was conducted under the supervision of the __________ following all accepted computer forensic methodologies.

U.S. Attorney’s Office

attorneys for the pharmaceutical company

attorneys for the suspected distributor

local police

10 points

QUESTION 3

  • In the computer forensics case in the lab, the case was severely hindered by the fact that the majority of communications between the principals of the distribution companies (foreign nationals) and the foreign suppliers was conducted by:

telephone.

e-mail.

letters.

faxes.

10 points

QUESTION 4

  • One of the most important steps in security incident handling is the last step, which is:

“recovery.”

“report writing.”

“debriefing.”

“lessons learned.”

10 points

QUESTION 5

  • Police document their handling of evidence with what is known as a:

precedent.

legal authority.

preponderance of evidence.

chain of custody.

10 points

QUESTION 6

  • Mishandling evidence or improperly documenting the chain of custody can mean the difference between:

having the case closed immediately or having it go to trial.

a prison sentence or probation.

winning a court trial or the judge declaring a mistrial, and losing the case and legal costs.

life in prison or the death penalty.

10 points

QUESTION 7

  • During a criminal investigation, police might confiscate an object they believe:

was involved in a crime.

was destroyed in a crime.

is dangerous to the public.

could be considered offensive.

10 points

QUESTION 8

  • In the computer forensics case in the lab, which of the following was the United States attorney able to prove about the activities of the distributor?

The distributor was laundering money.

The distributor was purchasing drugs from U.S. sources to be sold abroad.

The distributor was operating unlicensed pharmacies and nursing homes.

The distributor was operating licensed pharmacies and nursing homes.

10 points

QUESTION 9

  • In the computer forensics case in the lab, which of the following was the United States attorney able to prove about how long the drugs had been diverted?

The diversion was being done for about two years.

The diversion was being done for less than five years.

The diversion was being done for less than eight years.

The diversion was being done for more than 10 years.

10 points

QUESTION 10

  • A chain of custody is the ­­­­__________ the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.

warrant authorizing

chronological documentation showing

process involved in

individual(s) responsible for

10 points

QUESTION 11

  • In the computer forensics case in the lab, what alerted the pharmaceutical company that there might be a problem?

Its representatives in certain geographic areas began complaining that sales of normally high-volume drugs were slowing down considerably.

The police notified them that counterfeit drugs that looked like the ones they manufactured had been discovered.

Nursing homes began complaining that the drugs were ineffective.

A number of patients who used the drugs died.

10 points

QUESTION 12

  • For the computer forensics case in the lab, the forensics experts were able to gather:

a “wealth of information,” including documented proof that drugs were being diverted from purchasers in Europe and Canada, and being sent to the United States.

only that the drugs were handled by a legitimate drug repackaging and export company.

only that the distributor was repackaging vitamins in a legitimate fashion.

that the distributor was diverting drugs from purchasers in Europe and Canada and sending them to the U.S., but that the activities were very limited in scope.

10 points

QUESTION 13

  • Why is it important how the police handle a confiscated object?

So they can return it to its rightful owner

So they can prove who the rightful owner is

In case the object is used as evidence for a trial

In case the object was used in other crimes

10 points

QUESTION 14

  • In the computer forensics case in the lab, Global Digital Forensics created __________ copies of the hard drives seized from the warehouses to be used to conduct the computer forensic analysis.

multiple versions of

similar but not exact

forensically sound

significantly different

10 points

QUESTION 15

  • For a trial, it is important for the legal prosecutor to show that a confiscated object is:

a different object than the one confiscated by the police.

indeed the same object confiscated by the police.

going to be returned to its rightful owner.

no longer important to the case.

10 points

QUESTION 16

  • In the computer forensics case in the lab, there were __________ significant paper records found at the site of the suspected crime.

no

dozens of

hundreds of

thousands of

10 points

QUESTION 17

  • How well your team utilizes your __________ will determine how quickly the company can detect, respond, and recover from future incidents.

security incident response form

chain of custody

security policy

line of command

10 points

QUESTION 18

  • Why is it important to include a time/date stamp in the security incident response form?

It is easier to figure out how long the evidence has been held with a time/date stamp.

It is important to document that the evidence was being controlled at all times.

A time/date stamp can help investigators determine the time and date that a crime was committed.

It is not important to include a time/date stamp.

10 points

QUESTION 19

  • Which of the following statements is true regarding chain of custody and electronic evidence?

There is no chain of custody requirement for electronic evidence.

The requirement is the same for electronic evidence as it is for physical evidence.

The requirement is different for electronic evidence than it is for physical evidence.

It is not possible to show the chain of custody for electronic evidence.

10 points

QUESTION 20

  • In the computer forensics case in the lab, millions of dollars of diverted drugs and repackaging equipment as well as __________ were seized from several locations, including the warehouses of fully licensed pharmaceutical distributors.

cash

thousands of paper records

guns

computers and other electronic equipment

“Order a similar paper and get 20% discount on your first order with us Use the following coupon “GET20”

 

Posted in Uncategorized