132. d. After all equipment and magnetic media have been labeled and inventoried, seal and store each item in a paper bag or cardboard box to keep out dust. An additional label should be attached to the bag identifying its contents and noting any identifying numbers, such as the number of the evidence tag. Do not use plastic bags or sandwich bags to store any piece of computer equipment and/or magnetic storage media because plastic material can cause both static electricity and condensation, which can damage electronically stored data and sensitive electronic components.
133. Indicate the most objective and relevant evidence in a computer environment involving fraud.
a. Physical examination
b. Physical observation
c. Inquiries of people
d. Computer logs
133. d. Relevant evidence is essential for a successful computer fraud examination. For example, data usage and access control security logs identify (i) who has accessed the computer, (ii) what information was accessed, (iii) where the computer was accessed, and (iv) how long the access lasted. These logs can be manually or computer maintained; the latter method is more timely and reliable than the former method. The integrity of logs must be proved in that they are original and have not been modified. Physical examination and physical observation may not be possible in a computer environment due to automated records. Inquiries of people may not give in-depth answers due to their lack of specific knowledge about how a computer system works.
134. Which of the following practices is not subject to negligent liability?
a. Equipment downtime despite preventive maintenance
b. System failure for an online computer service provider
c. False statements by online news service provider
d. Dissemination of misleading information by an online news service provider
134. a. Online systems and services run a risk that subscribers will receive false or misleading information. The case law ruled that situations described in the other three choices are subject to negligent liability. However, an organization may not be liable if it followed a preventive maintenance program despite equipment downtime. This is because of proactive and preventive actions taken by the organization.
135. Which of the following is needed to produce technical evidence in computer-related crimes?
a. Audit methodology
b. System methodology
c. Forensic methodology
d. Criminal methodology
135. c. A forensic methodology is a process for the analysis of electronically stored data. The process must be completely documented to ensure that the integrity of the evidence is not questioned in court. The forensic methodology deals with technical evidence.
The audit methodology deals with reviewing business transactions and systems and reaching an opinion by an auditor. The phrases system methodology and criminal methodology have many meanings.
136. Which of the following is not a key factor in a crime warrant search?
a. Ownership
b. Occupancy
c. Possession
d. Purchase
136. d. A key fact in any search is ownership or rightful occupancy of the premises to be searched, and ownership or rightful possession of the items to be seized. Different search and seizure rules apply when the properties and premises are government or privately owned or leased. Purchase has nothing to do with search. One may purchase and others can occupy or possess.
137. Which of the following is not an example of evidentiary errors?
a. Harmless errors
b. Reversible errors
c. Plain errors
d. Irreversible errors
137. d. A harmless error is an error that does not affect “a substantial right of a party.” A reversible error is one that does affect a substantial right of a party. A plain error is a reversible error that is so obviously wrong that the court will reverse it even though the party harmed failed to take the steps necessary to preserve the error. An irreversible error is not defined in the law.
138. Which of the following crime team members has a clear role in solving a computer crime?
a. Manager
b. Auditor
c. Investigator
d. Security officer
