1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 257
Выбрать главу

126. c. A computer crime is committed when the allegation is substantiated with proper evidence that is relevant, competent, and material.

127. What is the correct sequence of preliminary security investigation?

1. Consult with a computer expert.

2. Prepare an investigation plan.

3. Consult with a prosecutor.

4. Substantiate the allegation.

a. 4, 1, 2, and 3

b. 3, 1, 2, and 4

c. 4, 2, 3, and 1

d. 1, 4, 2, and 3

127. a. Substantiating the allegation is the first step. Consulting with a computer expert, as appropriate, is the second step. Preparing an investigation plan is the third step, which sets forth the scope of the investigation and serves as a guide in determining how much technical assistance will be needed. Consulting with a prosecutor is the fourth step, depending upon the nature of the allegation and scope of the investigation. Things to discuss with the prosecutor may include the elements of proof, evidence required, and parameters of a prospective search.

128. Which of the following crime team member’s objectives is similar to that of the information systems security officer involved in a computer crime investigation?

a. Investigator

b. District attorney

c. Computer expert

d. Systems auditor

128. d. A team approach is desirable when a computer-related crime case is a complex one. Each person has a definite and different role and brings varied capabilities to the team approach. Both the system auditor’s and the security officer’s objectives are the same because they work for the same organization. The objectives are to understand system vulnerabilities, to strengthen security controls, and to support the investigation. A district attorney’s role is to prove the case, whereas the objective of the investigator is to gather facts. The role of the computer expert is to provide technical support to the team members.

129. In a computer-related crime investigation, what is computer evidence?

a. Volatile and invisible

b. Apparent and magnetic

c. Electronic and inadmissible

d. Difficult and erasable

129. a. Discovery and recognition is one of the seven considerations involved in the care and handling of evidence. It is the investigator’s capability to discover and to recognize the potential source of evidence. When a computer is involved, the evidence is probably not apparent or not visible to the eyes. Nevertheless, the investigator must recognize that computer storage devices are nothing more than electronic or magnetic file cabinets and should be searched if it would normally be reasonable to search an ordinary file cabinet. The evidence is highly volatile, that is, subject to change.

130. When can a video camera be used in caring for and handling computer-related crime evidence?

a. Discovery

b. Protection

c. Recording

d. Collection

130. c. Recording is one of the seven recognized considerations involved in the care and handling of evidence. The alleged crime scene should be properly recorded. The use of a video camera to videotape computer equipment, workstations, and so on, and related written documentation at the crime scene is highly encouraged. Remember to photograph the rear side of the computer (particularly the cable connections).

131. If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, what should the investigator do?

a. Seize it before someone takes it away.

b. Leave it alone until a warrant can be obtained.

c. Analyze the equipment or its contents, and record it.

d. Store it in a locked cabinet in a secure warehouse.

131. b. If a computer or peripheral equipment involved in a computer crime is not covered by a search warrant, leave it alone until a warrant can be obtained. In general, a warrant is required for anything to be collected by the investigator. However, if the investigator is a law enforcement officer, he is subject to the Rules of Unreasonable Search and Seizure and needs a search warrant. This is not so with a private investigator.

132. All the following are proper ways to handle the computer equipment and magnetic media items involved in a computer crime investigation except:

a. Seal, store, and tag the items.

b. Seal and store items in a cardboard box.

c. Seal and store items in a paper bag.

d. Seal and store items in a plastic bag.

132. d. After all equipment and magnetic media have been labeled and inventoried, seal and store each item in a paper bag or cardboard box to keep out dust. An additional label should be attached to the bag identifying its contents and noting any identifying numbers, such as the number of the evidence tag. Do not use plastic bags or sandwich bags to store any piece of computer equipment and/or magnetic storage media because plastic material can cause both static electricity and condensation, which can damage electronically stored data and sensitive electronic components.

133. Indicate the most objective and relevant evidence in a computer environment involving fraud.

a. Physical examination

b. Physical observation

c. Inquiries of people

d. Computer logs

133. d. Relevant evidence is essential for a successful computer fraud examination. For example, data usage and access control security logs identify (i) who has accessed the computer, (ii) what information was accessed, (iii) where the computer was accessed, and (iv) how long the access lasted. These logs can be manually or computer maintained; the latter method is more timely and reliable than the former method. The integrity of logs must be proved in that they are original and have not been modified. Physical examination and physical observation may not be possible in a computer environment due to automated records. Inquiries of people may not give in-depth answers due to their lack of specific knowledge about how a computer system works.

134. Which of the following practices is not subject to negligent liability?

a. Equipment downtime despite preventive maintenance

b. System failure for an online computer service provider

c. False statements by online news service provider

d. Dissemination of misleading information by an online news service provider

134. a. Online systems and services run a risk that subscribers will receive false or misleading information. The case law ruled that situations described in the other three choices are subject to negligent liability. However, an organization may not be liable if it followed a preventive maintenance program despite equipment downtime. This is because of proactive and preventive actions taken by the organization.

135. Which of the following is needed to produce technical evidence in computer-related crimes?

~ 257 ~