2.99 See Answer

Question: How can network traffic help identify the


How can network traffic help identify the source of an unwanted network intrusion?


> Why is it important to include a brief description of the case history on an evidence submission form?

> What is a substrate control and why is it important?

> What is a standard/reference sample and why is it important to the criminalist?

> Define chain of custody and explain why maintaining a proper chain of custody is important. What are the possible consequences of failing to maintain a proper chain of custody?

> Numerous red-colored fibers from a sexual assault crime scene are delivered to the crime lab along with red fibers from the suspect’s clothing. What instrument should the trace analyst use to view the fibers and obtain chemical information that could be

> Why should bloodstained evidence not be stored in airtight containers? What is the best way to store such evidence?

> Describe a druggist fold and explain why it is a superior way to package small amounts of trace evidence.

> Why should ordinary mailing envelopes not be used for packaging physical evidence?

> Why is it important to package items of physical evidence in separate containers?

> What is the best way to maintain the integrity of evidence that is collected and submitted to the crime laboratory?

> How does the textbook define physical evidence?

> List four situations in which a warrantless search may be justified.

> List two ways in which a forensic odontologist can assist in criminal investigations.

> How does the testimony of an expert witness differ from the testimony of a lay witness?

> How did the court’s ruling in the case of Daubert v. Merrell Dow Pharmaceuticals, Inc. affect the admissibility of scientific evidence in federal courts?

> A trace evidence analyst places crystals of an unidentified white powder onto the stage of a polarizing microscope and observes the crystals through the eyepiece. Under correct focus, some of the crystals show bright colors while others appear very dark

> What important principle was established in the case of Frye v. United States?

> List the main functions of the forensic scientist.

> List two optional units found in most crime labs and give at least one example of the type of work done by each.

> In addition to the physical science unit, what four units typically are found in full-service crime labs? List at least one function performed by each of these units.

> Describe the basic duties of the physical science unit in a crime lab and give three examples of the type of work performed by a physical science unit.

> List three main reasons for the wide variation in total services offered by crime labs in different communities.

> Describe how the structure of the U.S. federal government has affected the organization of crime labs in the United States.

> List three reasons for the unparalleled growth of crime laboratories in the United States since the 1960s.

> How has the emergence of the “fee-for-service” system affected the practice of forensic science in Great Britain?

> How does the British system of forensic laboratories differ from that of the United States?

> A forensic biologist must examine the outside of a small leaf and a thin slice of the leaf one cell thick. She has at her disposal a transmitted light microscope and a stereomicroscope (vertical illumination). What instrument should she use for the analy

> What major advance in forensic science did the state of California undertake in 1972?

> Differentiate between physical and logical extraction.

> What is GPS?

> What is geolocation?

> 3G and 4G phones are the closest to a PC in what two features?

> What are some of the most popular operating systems for mobile devices?

> What is the one main benefit of packet switching between the 2G and 3G phones?

> What are the two standards of digital 2G cellular networks?

> What is a cellular system?

> What kind of information can the GPS provide?

> Computers and sensitive data networks are most sensitive to breaches due to the problems that exist with existing access-control systems. Passwords can be easily cracked by hacking software, and keycards can be shared among multiple people. Keys are abou

> What types of information can the UFED tool extract from the mobile device?

> Differentiate between a SD and a SIM card.

> Mobile devices began as an outgrowth of what kind of radios?

> What is a FAT and what is its purpose?

> Name and describe the two processes that must be performed on a hard disk drive (HDD) before it is ready for use.

> What is the role of the operating system in a computer? Name three common operating systems.

> What type of hardware device do personal computers typically use to communicate with one another? Name two ways this device can send and receive data.

> What is the most common storage device on most computers? Name three other types of storage devices.

> Define the terms input device and output device and name three examples of each.

> Define RAM and ROM and explain the difference between the two.

> With incidents of global terror on the rise, it has become increasingly harder for law enforcement to manage apprehending suspects. Terror suspects take advantage of large crowds and chaotic situations to blend in and become anonymous. How can law enforc

> What is volatile data and how can it provide clues to the identity of a hacker?

> What is a log file and how is it used to identify hackers? Name three locations on a computer network that may contain log files.

> Why should an investigator not unplug a computer that may contain chat or instant message conversations?

> Why are online conversations conducted using chat and instant messaging more difficult to recover than e-mail messages? Where are files containing such conversations likely to be stored?

> What is the motherboard and why is it central to the functioning of a computer?

> What information in an e-mail message allows an investigator to identify the sender? How would the examiner use this information to identify the sender?

> Name two features in a Web browser that can be sources of information for forensic examiners. How would the examiner use each of these features?

> What are cookies? What is their basic purpose and how are they used by forensic examiners?

> What is an Internet cache and why is it of interest to forensic examiners?

> At the Museum of Culture Studies, a diary that belonged to Martin Luther King, Jr., has been stolen and replaced by a fake. The only evidence is a fingerprint impression left by the thief on the fake diary. The police suspects four individuals who have h

> What is unallocated space? Name three processes that cause latent data to be stored in unallocated space.

> What is file slack? How can it be useful to the forensic examiner?

> What is the difference between visible and latent data? How is latent data viewed?

> What is a swap file and how is it useful for forensic examiners?

> Why does a forensic examiner take a “fingerprint” of a drive before and after imaging its contents?

> What is the forensic examiner’s main goal when obtaining data from an HDD? Why is this best accomplished by removing the HDD from the system and placing it in a laboratory forensic computer?

> Describe the difference between software and media and give two examples of each.

> What is infrared luminescence? Describe how it can be used to detect alterations or erasures in a document.

> What class characteristics can an examiner study to help identify a suspect photocopy machine?

> What kinds of marks can a document examiner use to identify the machine that produced a photocopy? What information is used to identify the machine that produced a fax copy?

> Count the number of bifurcations in the following prints. Choose between 9, 11, and 13 as the number of bifurcations:

> What individual characteristics are most valuable for proving the identity of a typewriter?

> List three characteristics of exemplars that should be as alike as possible to the questioned document.

> Why might a traced signature be more easily detected as a forgery than one that is copied freehand?

> List three factors that can make it difficult for an examiner to determine the author of a questioned writing.

> List three characteristics of handwriting, as well as three characteristics of writing not related to handwriting, that an examiner compares when studying a questioned document.

> From what substances are most commercial inks made? What technique is used to compare inks? What characteristic provides points of comparison between different inks?

> Describe two methods used to read indented writing.

> Describe two methods used to recover writing from charred documents.

> What activity is critical to the outcome of document examination, and why is it so important?

> What is the primary focus of a fire-scene search and why? What evidence at a fire site may indicate the possibility of arson?

> The following are fingerprint patterns of three men and a woman with criminal records for robbery. Identify the following fingerprints according to the three groups and the subgroups of fingerprints.

> Why is it important that the arson investigator begin examining a fire scene for signs of arson as soon as the fire has been extinguished?

> What are oxidizing agents and why are they used in explosives?

> Define and describe the process of pyrolysis.

> What physical state must a fuel occupy in order to produce a flame? Why can it produce a flame only in this state?

> How does the speed of an oxidation reaction affect its ability to produce a flame? What factors influence the speed of the reaction?

> What is the energy barrier and how does it relate to the concept of ignition temperature?

> In what organic liquid does a forensic scientist rinse debris recovered from an explosion site, and why?

> What role does ammonium nitrate play in water gels, emulsions, and ANFO explosives? In what commercial form can ammonium nitrate be readily obtained?

> What is a detonator? What is the most common form of detonator?

> What happens to the atoms of a molecule that undergoes a chemical reaction? How is energy consumed in a chemical reaction? How is energy released in a chemical reaction?

> Criminalist Frank Mortimer is using digital imaging to enhance latent fingerprints. Indicate which features of digital imaging he would most likely use for each of the following tasks: a. Isolating part of a print and enlarging it for closer examination

> List at least three advantages of having an evidence-collection unit process a crime scene instead of a patrol officer or detective.

> What are primary explosives and what are they used for?

> Why does black powder not explode unless it is ignited in a confined area? What practical application (besides explosives) does this make black powder suitable for?

> Name two types of low explosives and list the ingredients of each.

> What characteristic of an explosive determines whether it is classified as a low explosive or a high explosive? How is this reflected in the type of pressure wave produced by the explosive?

> What is an oxidizing agent? Why is an oxidizing agent important to an explosion?

> What produces the violent physical disruption of the surrounding environment released in an explosion? Explain how this creates shrapnel when a bomb explodes.

> Describe the headspace technique for recovering accelerant residues. What instrument is most often used to detect and characterize recovered flammable residues?

2.99

See Answer