investigation

Main categories of computer crime

ethics

Understand the definition of computer crime. Computer crime refers to crimes that directly target or directly involve computers and violate laws or regulations.

Be able to list and explain the 6 categories of computer crime. These categories include: Military and Intelligence Attacks, Business Attacks, Financial Attacks, Terrorist Attacks, Malicious Attacks, and Excitement Attacks. Be able to explain the motivations for each type of attack.

Understand the importance of evidence collection. As soon as an incident is discovered, you must begin gathering evidence and gathering as much information about the incident as possible. The evidence can be used in later legal actions or to identify the attacker. Evidence can also help determine the scope and extent of the damage.

Learn about the eDiscovery process. Organizations that believe they will be the target of litigation have a responsibility to protect digital evidence in a process known as e-discovery. The electronic discovery process includes information governance, identification, preservation, collection, processing, inspection, analysis, generation and presentation.

Learn how to investigate intrusions and collect enough information from devices, software, and data. You must have the equipment, software or data to perform the analysis and use it as evidence. You must obtain the evidence without modifying it, nor allowing others to modify it.

Understand the basic options for forfeiture of evidence and know when each option applies. First, the person in possession of the evidence may voluntarily hand it over. The second is to use court subpoenas to force suspects to hand over evidence. Third, a law enforcement officer may seize evidence that he directly sees while performing his duties as permitted by law, and the officer has reason to believe that this evidence may be related to criminal activity. Fourth, a search warrant is most useful when it is necessary to seize evidence without giving the suspect a chance to destroy the evidence. Fifth, in emergencies, law enforcement officers can collect evidence.

Understand the importance of preserving survey data. Because there are always traces left after an incident occurs, unless you ensure that critical log files are retained for a reasonable period of time, valuable evidence will be lost. Log files and system status information can be retained in appropriate locations or archives.

Understand the basic requirements for evidence admissible in court. Admissible evidence must be related to the facts of the case, the facts must be necessary for the case, the evidence must be capable of testifying, and the method of collecting evidence must comply with legal requirements.

Explain the various types of evidence that may be used in a criminal or civil trial. Physical evidence consists of items that can be brought into court. Documentary evidence consists of written documents that prove the facts. Oral evidence includes the oral testimony and written testimony of witness Chen Da.

Understand the importance of professional ethics for security personnel. Safety practitioners are given very high levels of authority and responsibility to perform their job responsibilities. There is an abuse of power. Without strict guidelines limiting individual behavior, security practitioners can be considered to have unfettered power. Compliance with ethical standards helps ensure that this power is not abused. Security professionals must abide by their own organization's code of ethics as well as the ISC's Code of Ethics.

Learn about the (ISC) Code of Ethics and RFC 1087, Ethics and the Internet. All persons taking the CISSP exam should be familiar with the (ISC) Code of Ethics as they will be required to sign an agreement to abide by the Code. Additionally, they should be familiar with the basic requirements of RFC 1087.

1. Devin is revising the policies and procedures used by his organization to conduct investigations and wants to incorporate the definition of computer crime into them. Which of the following definitions best meets his needs? A. Specifically list all attacks in the security policy B. Illegal attacks that damage protected computers C. Involving conduct that violates computer laws or regulations D. Failure to perform due diligence regarding computer security

2. What is the main purpose of military and intelligence attacks? A. To attack the availability of military systems B. To obtain confidential and restricted information of military or law enforcement related agencies C. To exploit military or intelligence agency systems to attack other non-military sites D. To disrupt military systems used to attack other systems

3. Which of the following is not a standard of the ISC Code of Ethics? A. Protect your colleagues Provide conscientious and qualified services to clients on a daily basis C.Promote and protect careers D.Protect society

4. Which of the following options are financially motivated attacks? (Select all that apply.) A. Access unpurchased services B. Disclosure of Confidential Employee Personal Information C. Transfer funds to your account from unapproved sources D. Selling botnets for DDoS attacks

5. Which of the following attacks is clearly a terrorist attack? A. Alteration of sensitive business secret documents B. Destroy communication capabilities and physical attack response capabilities C. steal confidential information D. Transfer funds to other countries

6. Which of the following is not the main purpose of a deliberate attack? A. Disclosure of embarrassing personal information B. Start the virus in the organization's system C. Send inappropriate emails with fake source addresses from victim organizations D. Use automated tools to scan organizational systems to identify vulnerable ports

7. What are the main reasons attackers carry out excitation attacks? (Select all that apply.) A. Show off your power B. Selling Stolen Documents C. Take pride in conquering the security system D.Retaliation against individuals or organizations

8. What is the most important rule to follow when collecting evidence? A. Don’t turn off the computer until the picture is taken B. List everyone currently collecting evidence at the same time C. Avoid modifying evidence during the collection process D Move all equipment to a safe storage location

9 Which of the following can provide a valid argument for the statement that "the power to the equipment cannot be turned off immediately when an accident is discovered"? A All damage has been done, additional damage does not stop when the device is turned off. B. If the system is shut down, no other system can replace it. C. Too many users are logged in and using the system. D. Valuable evidence in memory will be lost.

10. What type of evidence refers to written documents that are brought into court to prove a fact? A. Best evidence B. Oral evidence C.Documentary evidence D. Verbal evidence

11.Which of the following investigations has the highest standard of evidence? A. Administration B.Civil C. Criminal D. Supervision

12. What type of analysis can an organization perform during a business investigation to prevent similar incidents from occurring in the future? A. Forensic analysis B. Root cause analysis C. Network communication analysis D.Fan root analysis

13. Which step in the eDiscovery reference model ensures that potentially discoverable information has not been altered? A. Save B. produce C. Processing D. present

14. Gary is a system administrator who testifies in court about a cybercrime incident. He provided server logs to support his testimony. What type of evidence are server logs? A. Physical evidence B. Documentary evidence C. oral evidence D. Verbal evidence

15. You are a law enforcement officer and you need to seize a computer from a suspected attacker who does not work for your organization. You worry that if you get close to this person, they might destroy the evidence. What legal approach is best for this situation? A. Consent Agreement signed by employee B. Search warrant C. No legal channels required D. Voluntary consent

16. Gavin is considering changing the organization's log retention policy so that logs are flushed at the end of each day. What is the most important reason why he should avoid this practice? A. Incidents may go undetected for days and valuable evidence may be lost. B. Disk space is cheap and log files are used frequently. C. The log file is protected and cannot be changed D. The information in the log file is of little use and becomes outdated after a few small attachments.

17. Which stage of the eDiscovery reference model examines information to remove information that is subject to attorney-client privilege? A.Identification B. collect C. Processing D. Check

18. What is morality? A. Mandatory actions required to perform job duties B. Laws Relating to Professional Conduct C. Regulations stipulated by professional organizations D. Code of personal conduct

19. According to (ISC)?’s Code of Ethics, what should CISSP examinees do? A. Honesty, diligence, responsibility and law-abiding B. Behave appropriately, honestly, fairly, responsibly and abide by the law C. Adhere to the Andong strategy and protect the organization D. Trustworthy, loyal, friendly and polite

20. According to RFC 1087, Ethics and the Internet, which of the following actions is considered unacceptable and unethical? A. Conduct that jeopardizes the confidentiality of confidential information B. Behavior that damages user privacy C. Behavior that disrupts organizational activities D. Use of computers in a manner inconsistent with prescribed security policies