Home
Subjects
Expert solutions
Create
Log in
Sign up
Upgrade to remove ads
Only SGD 41.99/year
-
Flashcards
-
Learn
-
Test
-
Match
-
Flashcards
-
Learn
-
Test
-
Match
Terms in this set [225]
A Sector is the basic unit of data storage on a hard disk, which is usually 64 kb
True or false
false
a suspect stores data where an investigator is unlikely to find it. what is this technique called
Data transformation
Data Hiding
a warrant is not needed when evidence is in plain sight
T or F
True
Computer forensics is the exclusive domain of law enforcement
t or f
false
demonstrate evidence means information that helps explain other evidence. An example of demonstrative evidence i a chart that
explains a technical concept to the judge and jury
T or F
True
Disk forensics refers to the process of examining malicious computer code
T or F
False
Ed is an expert witness providing testimony in court. He uses a high-tech computer animation to explain a technical concept to the judge and jury. What type of evidence is ED using?
Demonstrative
Generally,________________ is considered to be the use of analytical and investigative techniques to identify and collect, examine, and preserve evidence or information that is magnetically stored or encoded.
Testimonial evidence
computer forensics
anti-forensics
digital evidence
computer forencsics
If
you can change the extension of a file so it ;ooks like the some other type of file, you also change the file structure itself
T or F
False
Internet forensics is the study of the source and content of email as evidence t or f
false
Investigator must authenticate documentary evidence t or f
true
Malware forensics is also known as internet forensics. t or f
False
One must be able to show the whereabouts and custody of the evidence, how it was handled and stored and by whom, from the time the evidence is first seized by a law enforcement officer or civilian investigator until the moment it is shown in court. This is referred to as
consistent scientific
manner
demonstrative evidence
real evidence
chain of custody
chain of custody
on way to obscure information is to scramble it by encryption
t or f
true
The real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect's fingerprints on it
t or f
true
Susan is a hacker, after breaking into a computer system and running some hacking tools, she deleted several files she created to cover her tracks. What general term describes susans actions
Disk forensics
live system forensics
anti-forensics
disk transformation
Anti-Forensics
The electronic communication privacy act of
1986 protects children 13 years of age and younger from the collection and use of their personal information by websites
t or f
false
The federal bureau of investigation [fbi] is the premier federal agency tasked with combating cybercrime t or f
false
The windows registry is essentially a repository of all settings, software and parameters for windows t or f
true
the__________ command is used to send a test network packet or echo packet, to a machine to determine if the machine is reachable and how long the packet takes to reach the machine
traceroute
ipconfig
tracert
ping
ping
the________ contains many provisions about record keeping
and destruction of electronic records relating to the management and operation of publicly held companies.
Sarbanes-oxley act of 2002
privacy protection act of 1980
computer security act of 1987
federal act of 1974
Sarbanes-oxley act of 2002
the_________ is federal wiretap law for traditional wired telephony that was expanded to include wireless, voice over internet protocol [VolP], and other forms of electronic communications
communications assistance for law enforcement act of 1994
wireless communications and public safety act of 1999
federal privacy of 1974
telecommunications act of 1996
Communications assistance for law enforcement act of 1994
the________________ is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its
original collection and its appearance in court, preferably unaltered
demonstrative evidence
chain of custody
documentary evidence
consistent scientific manner
chain of custody
the___________ protects journalist from being required to turn over to law enforcement any work product and documentary material, including sources before it is disseminated to the public
privacy protection act of
1980
federal privacy act of 1974
electronic communication privacy act of 1986
communications assistance for law enforcement act 1994
privacy protection act of 1980
the___ was passed to improve the security and privacy of sensitive information in federal computer system. the law requires the establishment of minimum acceptable security practices , creation of computer security plans and training system users or owners of facilities that house sensitive information.
computer security act of 1987
federal privacy act of 1974
usa patriot act
telecommunications act of 1996
computer security act of 1987
The number 22 for SSH [Secure Shell and 80 for hypertext transfer protocol[HTTP] are examples of ________
Physical ports
MAC addresses
Logical port numbers
IP Addresses
Logical port numbers
The objective in computer forensics is to recover, analyze, and present computer-based material way that it can be used as evidence in a legal proceeding
t or f
true
The process of acquiring and analyzing information stored on physical storage media, such as computer hard drives or smartphones is the definition of anti forensics t or f
false
The term______ refers to testimony taken from a witness or party to a case before a trial
documentary evidence
real evidence
deposition
export report
expert testimony
The underlying operating system of Mac OS X is based on Windows t or f
false
volatile memory is a computer memory that requires power to maintain the data it hold t or f
true
to avoid changing a computer system while examining i make a forensics copy and work with that copy
true
What is not true of random access memory [RAM]?
it retains items in memory for as long as the computer has power supplied to it
it is volatile memory
it stores programs and data that is currently open
it cannot be changed
it cannot be changed
What is the process of searching memory in real time, typically for working with compromised hosts or to identify system abuse?
live system forensics
disk forensics
internet forensics
network forensics
live system
What term describes data about information, such as disk partition structures and file tables?
Store data
meta data
potential storage
volatile memory
Metadata
What term describes information that forensic specialists use to support or interpret real or documentary evidence? For example, a specialist might demonstrate that
the fingerprints found on a keyboard are those of a specific individual.
The daubert standard
documentary evidence
digital evidence
testimonial evidence
testimonial evidence
__________ is data stored as written matter, on paper or in electronic files.
documentary evidence
is information that has been processed and assembled to be relevant to an investigation, and that supports a specific finding or determination.
digital evidence
is the concept that any scientific evidence presented in a trial has to have been reviewed and tested by the relevant scientific community.
The daubert standard
A SYN flood is an example of a[n]
_______.
virus
SQL injection
denial of service [DoS] attack
distributed denial of service [DDoS] attack
denial of service [DoS] attack
A SYN flood is software that self-replicates. t or f
false
A distributed denial of service [DDoS] attack is possible with traditional telephone systems by using an automatic dialer to tie up target phone lines. t or f
true
Aditya is a digital forensics specialist. He is investigating the computer of an identity theft victim. What should he look for first?
Spyware
Stolen files
Evidence of an SQL injection attack
A logic bomb
spyware
An attacker may distribute a logic bomb via a Trojan horse. t or f
true
Any attempt to gain financial reward through deception is called ______.
social engineering
cyberterrorism
identity theft
fraud
fraud
Ben was browsing reviews on a sporting goods website from which he purchased items in the past. He saw a comment that read "Great price on camping gear! Read my review." When he clicked the
associated link, a new window appeared and prompted him to log in again. What type of attack is most likely underway?
Spear phishing
Denial of service [DoS] attack
Cross-site scripting [XSS]
SYN flood
Cross-site scripting [XSS]
China Eagle Union is
a logic bomb
malware
a Chinese cyberterrorism group
a spyware program
a Chinese cyberterrorism group
Denial of service [DoS] attack refers to the type of password crackers that work with pre-calculated hashes of all passwords available within a certain character space. t or f
false
During an attack, hackers break into computer systems and steal secret defense plans of the United States. This is an example of a Trojan horse.
false
Email evidence would be useful for investigating cyberstalking but not a denial of service [DoS] attack.
true
Fraud refers to a broad category of crime that can encompass many different activities, but essentially, any attempt to gain financial reward through deception.
true
Identity theft refers to any software that monitors activity on a computer.
true
If an attacker doesn't spoof a MAC address, each packet sent in a denial of service [DoS] attack contains evidence of the machine from which it was launched.
true
It is legal to monitor the computers of adult relatives as long as they are living in your home.
false
Macro and polymorphic are types of viruses.
true
Malware that executes damage when a specific condition is met is the definition of __________.
logic bomb
Malware that executes damage when a specific condition is met is the definition of a Trojan horse.
true
Most often, criminals commit __________ in order to perpetrate some kind of financial fraud.
identity theft
Ophcrack is a tool that cracks local passwords on Windows systems.
true
Ophcrack uses cross-site scripting to crack passwords.
false
Spyware software is legal, if used correctly.
t or f
false
The Tribal Flood Network [TFN] is one of the most widely deployed viruses.
false
The act of wrongfully obtaining another person's personal data is a crime, with or without stealing any money.
true
The distribution of illegally copied materials via the Internet is known as __________.
Data piracy
The process of connecting to a server and exchanging packets containing acknowledgment [ACK] and synchronize [SYN] flags is called:
Three-way handshake
The term distributed denial of service [DDoS] attack describes the process of connecting to a server that involves three packets being exchanged.
false
The use of electronic communications to harass or threaten another person is the definition of __________.
cyberstalking
Viruses are difficult to locate but easy to trace back to the creator.
false
What is NOT true of cyberstalking?
is not a criminal offense
What is a type of targeted phishing attack in which the criminal targets a specific group; forexample, IT staff at a bank?
spear phishing
What is meant by distributed denial of service [DDoS] attack?
An attack in which the attacker seeks to infect several machines, and use those machines to overwhelm the target system to achieve a denial of service
What is the definition of a virus, in relation to a computer?
Any software that self-replicates
With respect to phishing, a good fictitious email gets a __________ response rate, according to the Federal Bureau of Investigation [FBI
1 to 3 percent
is the method used by password crackers who work with pre-calculated hashes of all passwords possible within a certain character space.
Rainbow table
is designed to render a target unreachable by legitimate users, not to provide the attacker access to the site.
A denial of service [DoS] attack
is the cyber equivalent of vandalism
A denial of service [DoS] attack
refers to phishing with a specific, high-value target in mind. For example, the attacker may target the president or CEO of a company.
whaling
A CPU cache is not volatile, whereas a CD-ROM is volatile.
False
A forensic certification is meant to demonstrate a baseline of competence.
True
A system forensics specialist has three basic tasks related to handling evidence: find evidence, preserve evidence, and __________ evidence
store?
According to the order of volatility in RFC 3227, what evidence should you collect first on a typical system?
Volatile data, then file slack
An MD5 hash taken when a computer drive is acquired is used to check for changes, alterations, or errors.
false
An expert witness who leaves information out of an expert report usually cannot testify about the information at trial.
true
Disk Investigator is a Linux Live CD that you use to boot a system and then use the tools.
false
File slack and slack space are the same thing
true
Forensic investigators who collect data as evidence must understand the __________ of information, which refers to how long it is valid.
life span
From the perspective of digital forensics, changing the time or date stamp on a file does not alter the file.
false
Helix is a customized Linux Live CD used for computer forensics.
true
How you will gather evidence and which tools are most appropriate for a specific investigation are part of ___________.
a forensic analysis plan
Identification, preservation, collection, examination, analysis, and presentation are six classes in the matrix of the __________.
Digital Forensic Research Workshop [DFRWS] framework
In a forensics lab, the machines being examined should not be connected to the Internet.
true
Jan is entering the digital forensics field and wants to pursue a general forensics certification. Which certification is BEST to start with?
EC-Council Certified Hacking Forensic Investigator [CHFI]
Life span refers to how long information is accurate.
False
Making two copies of a suspect's drive, using two different imaging tools, can help to prove that evidence is accurate.
true
One principal of evidence gathering is to avoid changing the evidence. Which of the following is NOT true of evidence gathering?
Photograph seized equipment after you set it up in the lab.
Residual information in file slack is always overwritten when a new file is created.
false
Storage servers in a forensics lab should be backed up at least once a month.
false
The Federal Rules of Evidence [FRE] governs the admission of facts by which parties in the U.S. federal court system may prove their cases.
true
The first step in any computer forensic investigation is to make a copy of the suspected storage device.
true
The information in a routing table is more volatile than a network topology.
true
The life span of information may be as short as milliseconds to longer than one year.
T or f
true
The unused space between the logical end of file and the physical end of file is known as __________.
file slack
To achieve American Society of Crime Laboratory Directors [ASCLD] accreditation, a lab must meet about 40 criteria.
false
Use of __________ enables an investigator to reconstruct file fragments if files have been deleted or overwritten.
bit-level tools
What is a formal document prepared by a forensics specialist to document an investigation, including a list of all tests conducted?
Expert report
When gathering evidence in a forensic investigation, working with a drive image is safer than working with the original drive.
true
When gathering systems evidence, what is NOT a common principle?
Search throughout a device.
Which forensic certification is open to both the public and private sectors and is specific to the use and mastery of FTK?
...
Which of the following BEST defines rules of evidence
Rules that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury
Which of the following requires certification candidates to take an approved training course, pass a written test, and submit to a review of the candidate's work history?
High Tech Crime Network certifications
You can make a bit-level copy of a computer hard drive using basic Linux commands.
true
_______ is an industry certification that focuses on knowledge of PC hardware.
CompTIA A+
__________ govern whether, when, how, and why proof of a legal case can be placed before a judge or jury.
Rules of evidence
__________ is a Linux Live CD that you use to boot a system and then use the tools. It is a free Linux distribution, making it attractive to schools teaching forensics or laboratories on a strict budget.
Kali Linux
__________ is a free utility that comes as a graphical user interface for use with Windows operating systems. When you first launch the utility, it presents you with a cluster-by-cluster view of your hard drive in hexadecimal form
Disk Investigator
__________ is information at the level of 1s and 0s stored in computer memory or on a storage device.
Bit-level information
__________ sets standards for digital evidence processing, analysis, and diagnostics.
The DoD Cyber Crime Center [DC3]
A DVD is a type of optical media.
true
A swap file is an example of persistent data.
false
After imaging a drive, you must always create a hash of the original and the copy.
true
An example of volatile data is __________.
state of network connections
Before imaging a drive, you must forensically wipe the target drive to ensure no residual data remains.
true
EIDE is _________.
a type of magnetic drive
If a hard drive has been demagnetized, there is no way to recover the data.
true
Incriminating evidence shows, or tends to show, a person's involvement in an act, or evidence that can establish guilt.
true
Jim is a forensic specialist. He seized a suspect computer from a crime scene, removed the hard drive and bagged it, documented and labeled the equipment, took photographs, completed a chain of custody form, and locked the computer in his car. On the way to the lab, he stopped to purchase supplies to use at the next crime scene. What did Jim do wrong?
He left the computer unattended while shopping for supplies.
Many USB drives come with a switch to put them in read-only mode.
true
Offline analysis is another term for live analysis
false
People try to thwart investigators by using encryption to scramble information or _________ to hide information, or both together.
steganography
RAID 1 mirrors the contents of disks.
true
SHA1 and SHA2 are currently the most widely used hashing algorithms.
true
Solid-state drives [SSDs] are often used in tablets and in some laptops.
true
The Linux dd command is commonly used to forensically wipe a drive.
true
The Linux netcat command reads and writes bits over a network connection.
true
The __________ format is a proprietary file format defined by Guidance Software for use in its forensic tool to store hard drive images and individual files.
EnCase
The benefit of using automated forensic systems is that you do not have to know how to perform all forensic processes manually.
false
The only way to clean random access memory [RAM] is with cleansing devices known as sweepers or scrubbers.
false
The start-up time for solid-state drives [SSDs] is usually much slower than for magnetic storage drives.
false
The term scrubber refers to software that cleans unallocated drive space.
true
This is the space that remains on a hard drive if the partitions do not use all the available space.
Volume slack
Two of the easiest things to extract during __________ are a list of all website uniform resource locators [URLs] and a list of all email addresses on the computer.
physical analysis
USB, or universal serial bus, is actually a connectivity technology, not a storage technology.
true
What are attributes of a solid-state drive [SSD]?
Flash memory and microchips
What is the definition of hash?
A function that is nonreversible, takes variable-length input, produces fixed-length output, and has few or no collisions
What kind of data changes rapidly and may be lost when the machine that holds it is powered down?
Volatile data
What term describes analysis performed on an evidence disk or a forensic duplicate using the native operating system?
logical analysis
What term describes data that an operating system creates and overwrites without the computer user directly saving this data?
temporary data
What uses microchips that retain data in non-volatile memory chips and contains no moving parts?
Solid-state drive [SSD]
What version of RAID involves three or more striped disks with parity that protect data against the loss of any one disk?
RAID 3 or 4
What was designed as an area where computer vendors could store data that is shielded from user activities and operating system utilities, such as delete and format?
Host protected area [HPA]
When determining when evidence was created, a forensic specialist should not trust a computer's internal clock or activity logs.
true
When seizing a suspect computer, you need to remove drives only if they are currently attached to cabling.
false
Which of the following is NOT true of chain of custody forms?
A chain of custody form is a federal form and is therefore universal.
Windows uses __________ on each system as a "scratch pad" to write data when additional random access memory [RAM] is needed.
a swap file
_______ is the area of a hard drive that has never been allocated for file storage.
Unallocated space
__________ contains remnants of word processing documents, emails, Internet browsing activity, database entries, and almost any other work that has occurred during past Windows sessions
A swap file
__________ is offline analysis conducted on an evidence disk or forensic duplicate after booting from a CD or another system.
Physical analysis
A block cipher is a form of cryptography that encrypts data in blocks.
true
A brute-force attack on a polyalphabetic substitution cipher can deduce the length of the keyword used in the cipher.
false
Advanced Encryption Standard [AES] can have three different key sizes: 256, 512, or 1024 bits.
false
Advanced Encryption Standard [AES] is also known as the Rijndael block cipher.
true
Advanced Encryption Standard [AES] with a 256-bit key is secure enough for commercial applications.
true
All modern block-cipher algorithms use both substitution and transposition.
true
Data Encryption Standard [DES] is a stream cipher.
false
Data Encryption Standard [DES] is often used to allow parties to exchange a symmetric key through some insecure medium, such as the Internet.
false
Essentially, the ROT13 cipher is a multialphabet cipher, consisting of 13 possible letters.
False
In World War II, the Germans made use of an electromechanical rotor-based cipher system known as __________.
the Enigma machine
In steganography, the term payload describes data to be covertly communicated. In other words, it is the message you want to hide.
true
In steganography, what is meant by carrier?
The signal, stream, or data file in which the payload is hidden
Kasiski examination is a nontechnical means of obtaining information you would not normally have access to.
false
Modern cryptography is separated into two distinct groups: symmetric cryptography and asymmetric cryptography.
true
Multialphabet ciphers are more secure than single-alphabet substitution ciphers; however, they are still not acceptable for modern cryptographic usage.
true
The Caesar and Atbash ciphers are simple substitution ciphers.
true
The Caesar cipher shifts each letter of a message by a certain number and substitutes the new alphabetic letter for the letter you are encrypting.
true
The Feistel function encrypts data as a stream, one bit at a time.
false
The __________ cipher is a Hebrew code that substitutes the first letter of the alphabet for the last letter and the second letter for the second-to-last letter, and so forth.
atbash
The __________ cipher is a method of encrypting alphabetic text by using a series of different monoalphabetic ciphers selected based on the letters of a keyword.
Vigenère
The __________ cipher is a single-alphabet substitution cipher that is a permutation of the Caesar cipher. All characters are rotated 13 characters through the alphabet.
ROT13
The known plaintext attack is one method used to crack modern encryption.
true
The term transposition refers to the art and science of writing hidden messages.
false
The total number of possible keys for Data Encryption Standard [DES] is _________, which a modern computer system can break in a reasonable amount of time.
...
The type of medium used to hide data in steganography is referred to as __________. This may be a photo, video, sound file, or Voice over IP, for example.
the channel
The word cryptography is derived from the word kryptós, which means hidden, and the verb gráfo, which means picture.
false
What is meant by symmetric cryptography?
A method in which the same key is used to encrypt and decrypt plaintext
What is the definition of Feistel function
A cryptographic function that splits blocks of data into two parts; it forms the basis for many block ciphers
What is the definition of stream cipher?
A form of cryptography that encrypts the data as a stream, one bit at a time
What is the definition of transposition in terms of cryptography?
The swapping of blocks of ciphertext
What name is given to a method of attacking polyalphabetic substitution ciphers? This method can be used to deduce the length of the keyword used in a polyalphabetic substitution cipher.
Kasiski examination
What term describes a method of using techniques other than brute force to derive a cryptographic key?
Cryptanalysis
________ is the art and science of writing hidden messages.
Steganography
__________ describes the total number of coprime numbers; two numbers are considered coprime if they have no common factors.
...
__________ is a term that refers to hiding messages in sound files.
Steganophony
__________ is cryptography wherein two keys are used: one to encrypt the message and another to decrypt it.
Asymmetric cryptography
__________ is perhaps the most widely used public key cryptography algorithm in existence today.
rsa
__________ is the process of analyzing a file or files for hidden content.
Steganalysis
__________ obfuscates a message so that it cannot be read.
Cryptography
A symbolic link in Linux is similar to a ____________.
Windows shortcut
A symbolic link is an inode that links directly to a specific file.
false
A test system is a functional system compatible with the hard drive from which someone is trying to recover data.
true
A[n] __________ is a data structure in the Linux file system that stores all the information about a file except its name and actual data.
inode
An environment that has a controlled level of contamination, such as from dust, microbes, and other particles is the definition of a __________.
clean room
An inode is a data structure in the Windows NTFS file system that stores all information about a file except its name and its actual data.
False
Clusters in a Windows NTFS system are more likely to be overwritten as more time elapses after deletion
true
Consistency checking analysis is usually much slower than zero-knowledge analysis.
false
Damage to how data is stored on a disk, such as file system corruption, is the definition of physical damage.
false
Forensically scrubbing a file or folder may involve overwriting data with random characters seven times.
true
In FAT and NTFS file systems, a __________ is used to map files to specific clusters where they are stored on the disk.
table
In Windows, files that are moved to the Recycle Bin are permanently deleted.
false
Infinitely recursing directories is a symptom of logical damage to a file system.
true
Linux file systems use hard links and symbolic links.
true
Linux stores file content in blocks, which are similar to clusters in Windows NTFS.
true
Logical damage control is a technique for file system repair that involves scanning a disk's logical structure and ensuring that it is consistent with its specification.
false
Logical damage to a disk is damage to how data is stored, for example, file system corruption.
true
Logical damage to a file system is more common than physical damage.
true
Paige is attempting to recover data from a failed hard disk. She removed the failed drive from the system on which it was installed, and then connected it to a test system. She made the connection by simply connecting the data and power cables but did not actually install the failed drive. What step should she perform next?
Boot the test system from its own internal drive.
The Linux/UNIX command __________ can be used to search for files or contents of files.
grep
A system that monitors network traffic looking for suspicious activity is __________.
an IDS
An active intrusion detection system [IDS] is also referred to as what?
Intrusion prevention system
An active intrusion detection system [IDS] will log suspicious activity and perhaps notify a network administrator.
false
GNOME and KDE are the two most popular Linux graphical user interfaces [GUIs].
true
GNOME is a cross-platform toolkit for creating graphical user interfaces for Linux.
true
Hard drives eventually age and begin to encounter problems. It is also possible that a suspect hard drive may have some issues preventing a full forensic analysis. Use the Linux __________ command to help with that.
fsck
If you type the __________ command at the Linux shell, you are asked for the root password. If you successfully supply it, you will then have root privileges.
su
In Linux, Autopsy is a web-based graphical user interface for the command-line tool Sleuth Kit.
true
In Linux, the /root directory is the home directory for the root user.
true
Sets with similar termsSystem Forensics, Investigation and Response, Seco…
46 terms
MattJaeRivera
ITSY2443 Midterm
74 terms
andy_v_ngo
Chapter 8: Digital Forensics and Incident Response
23 terms
huthatis
Chp 5
62 terms
Mike_dj
Sets found in the same folderComputer Forensics Chapter 6
38 terms
julie_tran10
ITN 276 Midterm [Chapter 1 - 7]
279 terms
ChiefSakeef
Computer forensics final
79 terms
megan_haynes7
ITN 276 Chapter 2 and 3 quiz
10 terms
incredibleastudent
Other sets by this creatorcengage
59 terms
crystal_aryeh5
itn 1
42 terms
crystal_aryeh5
last 200
23 terms
crystal_aryeh5
ITN 262 MIDTERM
100 terms
crystal_aryeh5
Recommended textbook solutions
Fundamentals of Financial Management, Concise Edition
10th EditionEugene F. Brigham, Joel Houston
777 solutions
Myers' Psychology for AP
2nd EditionDavid G Myers
900 solutions
The Cultural Landscape: An Introduction to Human Geography, AP Edition
13th EditionJames M. Rubenstein
216 solutions
Applied Hydrogeology
4th EditionCharles Willard Fetter
117 solutions
Other Quizlet setsATI Nutrition
11 terms
Sam124976
CS 140 Test 1
20 terms
taylord__19
Exam 3 Lecture BOOK review
30 terms
kmb22iu
Audit Quiz 11
45 terms
evilluckichrm
Related questionsQUESTION
If a hair with a very flattened cross section and a medullary index < 0.33 is found at a scene, which hair group might this class evidence apply to? The hair is assumed to be a head hair.
5 answers
QUESTION
For the purposes of felony murder, the felony is deemed to terminate when:
14 answers
QUESTION
Describe Locard's exchange principle and provide a scenario of how this principle could be used to help solve a crime. Include specific evidence that would be analyzed.
5 answers
QUESTION
T/F: an ordinary mailing envelope is considered a good general- purpose evidence container
15 answers