Carmon needs to determine what the preliminary approach to a case should be. What are some of the general steps she needs to follow to investigate the case? (2)
     a.     Create a detailed check list, determine resources you need, obtain, and copy an evidence drive
     b.     Check fingerprint databases, search rainbow tables, speak with police personnel
     c.     Identify suspects, check the DMV, talk to crime scene investigators for evidence that might have been missed
     d.     Identify the risks, mitigate, or minimize the risks, test the design, investigate the data recovered

Fumiko will be conducting an investigation involving Internet abuse on a client's internal private network. What will he need to gather from his client's network administrator? (2)
     a.     The suspect's computer IP address
     b.     The client's ISP IP address
     c.     The client's router IP address
     d.     The organization's Internet proxy server logs

Emilia is in the process of writing a preliminary report for the first time. Her friend Amari tells her to be careful as to what to write because a preliminary report is a high-risk document. What makes a preliminary report a high-risk document? (2)
     a.     It's a final report.
     b.     Opposing counsel can try and discredit you with it.
     c.     The preliminary report can always be used against you in a court of law.
     d.     Opposing counsel can demand discovery on it.

Gretchen is about to give oral testimony and wants to be sure that the jury understands it clearly. What's the best way to impart her testimony to help listeners retain what's being said?
     a.     Graphical presentation
     b.     Copious notes
     c.     Detailed explanation
     d.     Simple explanation

Yasmin's about to write her report. Her boss Rebecca, hands her the Digital Forensics Report Audience Worksheet to determine the type of audience reading the report. Yasmin sees that the attorney's knowledge of information technology is low, but Steve Billings, a non-legal party, has medium technical knowledge. Knowing this piece of information, how should Yasmin go about writing for her audience?
     a.     Yasmin should write for the attorney's knowledge level.
     b.     Yasmin should write for Steve Billings' knowledge level.
     c.     Yasmin should write for jury's knowledge level.
     d.     Yasmin should write for the judge's knowledge level.

Zoey is new to the field of computer forensics. Her boss has asked her to make a bit-stream copy of a disk drive for an investigation her company is working on. Zoey is curious why she can't make a backup copy instead. She comes to you for advice. What do you tell her? (2)
     a.     A bit-stream copy is used because it is an exact duplicate of the original drive.
     b.     A backup copy has most of the files necessary; you just need to take extra steps.
     c.     A backup copy doesn't have deleted files and emails or recovered file fragments.
     d.     A bit-stream copy needs multiple forensic tools to get all the data off it.

Haris is presented with a case by a client involving employee termination. He hasn't been told about the case yet, but he can guess. What are some of the predominate types of issues that occur in an employee termination case?
     a.     Working from home
     b.     Creating a hostile work environment
     c.     Playing games
     d.     Surfing the Internet

Xiang Liu is writing her report. Her mentor Steve Lu reminds Xiang that "objectivity is critical when writing a report." This is a very important statement. Why do you think Steve reminded her about objectivity? (2)
     a.     She must be biased in her writing.
     b.     She must communicate calm, detached observations in her report.
     c.     It's better to identify flaws rather than to allow opposing counsel to do it for her.
     d.     She should use passive voice in her writing.

Solomon is working on a case that is garnering a lot of media attention. every time he leaves the courtroom, he is swarmed by reporters. One day he finally gets away and is sitting by himself having lunch, when a single reporter approaches him. This reporter, Jessica, says to Solomon, everything you tell me will be off the record, so could you tell me about the case? Why should Solomon tell Jessica he can't speak to her? (2)
     a.     Solomon's comments could harm the case and create a record that can be used against him.
     b.     Solomon's comments could show he's impartial to this case.
     c.     Solomon has no control over the context of the information a journalist publishes.
     d.     Journalists don't care what Solomon thinks, they just want to sell newspapers.

Quan-Van is working on a case that's attorney-client privilege (ACP). The attorney asks that all correspondence with them be verbal. What is the reason behind this request?
     a.     The attorney doesn't like to read
     b.     There will be too much paperwork
     c.     Anything written down is subject to discovery
     d.     Anything written down must be done in a very specific way

Kenneth is creating a bit-stream image from a bit-stream copy of an evidence drive, but he's confused as to what the difference is. To Kenneth, there isn't much difference. Please help him out and tell him what makes a bit-stream image different from a bit-stream copy.
     a.     A bit-stream image and a bit-copy are identical.
     b.     A bit-stream image replicates the evidence drive but is not an exact copy.
     c.     There only has to be one bit-stream copy made when working on an image drive.
     d.     A bit-stream image creates an exact copy of the evidence disk down to the physical drive level.

Sammy needs to return to the office to retrieve some antistatic bags and wrist straps before handling digital evidence. Why are these items important for handling digital evidence?
     a.     Static electricity doesn't do anything to digital evidence. It's just a precaution.
     b.     Static electricity can hurt the user.
     c.     Static electricity can make your hair stand up.
     d.     Static electricity can destroy digital evidence.

Derek is about to write a report for his client. There are a few questions he needs to consider before writing it. What are a few of those questions Derek needs to consider? (2)
     a.     Who is the attorney?
     b.     Who is the defendant?
     c.     What are the defined goals or mission of this examination?
     d.     What is the purpose of the report?

As a forensic examiner, Jakob can apply his skill set in two different ways when testifying. He can be either a fact witness or an expert witness. What are the main differences between being a fact witness and an expert witness? (2)
     a.     As a fact witness, Jakob provides only the facts he has found in his investigation. As an expert witness, he forms opinions from experience and deductive reasoning based on facts found during an investigation.
     b.     As an expert witness, Jakob provides only the facts he has found in his investigation. As a fact witness, he forms opinions from experience and deductive reasoning based on facts found during an investigation.
     c.     Expert and fact witnesses base testimony on facts and experience alone.
     d.     It's the facts that make Jakob a fact witness; it's his opinion that makes him an expert witness.

Lukas' company, Lynx International, just received its first forensic case requiring knowledge of SSD technology. Lukas knows how magnetic disks record data, but he is not quite sure how NAND flash memory works. How does magnetic disk memory work versus SSD memory? (2)
     a.     Magnetic disks record data tracks
     b.     SSDs (NAND) use an array of memory cells
     c.     Magnetic disk memory is organized into blocks
     d.     SSDs use volatile memory cells