126. c. A computer crime is committed when the allegation is substantiated with proper evidence that is relevant, competent, and material.
127. What is the correct sequence of preliminary security investigation?
1. Consult with a computer expert.
2. Prepare an investigation plan.
3. Consult with a prosecutor.
4. Substantiate the allegation.
a. 4, 1, 2, and 3
b. 3, 1, 2, and 4
c. 4, 2, 3, and 1
d. 1, 4, 2, and 3
127. a. Substantiating the allegation is the first step. Consulting with a computer expert, as appropriate, is the second step. Preparing an investigation plan is the third step, which sets forth the scope of the investigation and serves as a guide in determining how much technical assistance will be needed. Consulting with a prosecutor is the fourth step, depending upon the nature of the allegation and scope of the investigation. Things to discuss with the prosecutor may include the elements of proof, evidence required, and parameters of a prospective search.
128. Which of the following crime team member’s objectives is similar to that of the information systems security officer involved in a computer crime investigation?
a. Investigator
b. District attorney
c. Computer expert
d. Systems auditor
128. d. A team approach is desirable when a computer-related crime case is a complex one. Each person has a definite and different role and brings varied capabilities to the team approach. Both the system auditor’s and the security officer’s objectives are the same because they work for the same organization. The objectives are to understand system vulnerabilities, to strengthen security controls, and to support the investigation. A district attorney’s role is to prove the case, whereas the objective of the investigator is to gather facts. The role of the computer expert is to provide technical support to the team members.
129. In a computer-related crime investigation, what is computer evidence?
a. Volatile and invisible
b. Apparent and magnetic
c. Electronic and inadmissible
d. Difficult and erasable
129. a. Discovery and recognition is one of the seven considerations involved in the care and handling of evidence. It is the investigator’s capability to discover and to recognize the potential source of evidence. When a computer is involved, the evidence is probably not apparent or not visible to the eyes. Nevertheless, the investigator must recognize that computer storage devices are nothing more than electronic or magnetic file cabinets and should be searched if it would normally be reasonable to search an ordinary file cabinet. The evidence is highly volatile, that is, subject to change.
130. When can a video camera be used in caring for and handling computer-related crime evidence?
a. Discovery
b. Protection
c. Recording
d. Collection
130. c. Recording is one of the seven recognized considerations involved in the care and handling of evidence. The alleged crime scene should be properly recorded. The use of a video camera to videotape computer equipment, workstations, and so on, and related written documentation at the crime scene is highly encouraged. Remember to photograph the rear side of the computer (particularly the cable connections).
131. If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, what should the investigator do?
a. Seize it before someone takes it away.
b. Leave it alone until a warrant can be obtained.
c. Analyze the equipment or its contents, and record it.
d. Store it in a locked cabinet in a secure warehouse.
131. b. If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, leave it alone until a warrant can be obtained. In general, a warrant is required for anything to be collected by the investigator. However, if the investigator is a law enforcement officer, he is subject to the Rules of Unreasonable Search and Seizure and needs a search warrant. This is not so with a private investigator.
132. All the following are proper ways to handle the computer equipment and magnetic media items involved in a computer crime investigation except:
a. Seal, store, and tag the items.
b. Seal and store items in a cardboard box.
c. Seal and store items in a paper bag.
d. Seal and store items in a plastic bag.
