Digital Forensics (Module 2 Post Test)
Which one of the following is a way that a crime would require a digital forensics investigation?
A computer is used to store records of illegal gambling.
Which one of the following is a step to be completed when collecting and analyzing evidence?
All of the above
Which one of the following function(s) is included in extraction?
All of the above. (?)
Which one of the following is NOT considered to be a necessary physical security measure for a forensics lab?
Armed security guards on either side of each door.
In order to maintain the _________, both a single-evidence form and a multi-evidence form are used to document and catalog evidence.
Chain of custody.
In public investigations in which a crime has been committed, exculpatory evidence for a suspect will ________.
Clear or exonerate the suspect.
A ________ is used in the validation of digital image evidence to compare an original set of data with a copied image to ensure that they are identical matches.
Digital signature.
Which one of the following acquired copies of digital evidence is sufficient to fully reconstruct a disk?
Disk image
Which one of the following strategies would NOT help identify evidence relevant to a specific case?
Identify the file types that are highly probable to contain inculpatory or exculpatory evidence. (?)
A procedure is best described as _______.
List of steps to complete a process.
Which one of the following is an acceptable method of maintaining a proper "chain of custody"?
Paper forms that track who collected evidence.
Which one of the following is NOT part of the triad of computer forensics?
Remediation.
All of the following are examples of "separation of duties" EXCEPT ________.
Separation of computer forensics and digital forensics.
A _______ is the name for skilled staff qualified to accomplish a specific type of tasks.
Subject matter expert.
The lead forensic investigator contributes _________ to the journal for an investigation.
The assignment of tasks.
Post-mortem meetings should occur at the point when _________.
The case is closed.
Working alongside the investigative team and the vulnerability assessment team, the staff assigned the task of "intrusion response" will perform the following (among other) tasks:
Track, locate, and identify the intruder and deny further access to the network and hosts.
MD5 and SHA are algorithms that provide _______ features to forensics investigations.
Validation.
Which one of the following questions is NOT one to be answered by the investigation plan?
What age is the suspect?
Which of the following are good reasons why certification is more important early in the career of forensics investigators?
a. Senior investigators are required to have at least a minimal level of education and certifications. b. The legal system often requests/requires validation of forensics investigators' skill(s).