Intro to Digital Forensics Final Exam Questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

False

According to the author GPS units are separated into four categories and the data can be grouped into three categories True False

False

According to the author data is generally created in three ways electromagnetism, microscopic electrical transistors (flash), and thumbdrives. True False

False

According to the author each cell site will have four panels per side. True False

False

According to the author the cell tower will have 2 transmitters and 3 receivers. True False

all of the above

According to the author which of the following are log files of interest in network investigations? authentication, firewall application, operating system all of the above none of the above

False

According to the author, a forensic bag is one way to prevent a network signal from reaching the phone.

bit-for-bit

According to the author, a forensic clone is an exact _____ copy of a computer storage drive. byte-for-byte sector-for-sector bit-for-bit all of the above none of the above

False

According to the author, lab security is always a major concern and unauthorized access is the only threat to the evidence, which must be addressed.

largest, world

According to the author, the FBI's crime laboratory in Quantico, Virginia, has the distinction of being the _______ forensic lab in the ______. largest, country largest, world greatest, USA greatest, globe none of the above

MD5

According to the author, the most common hash functions used in digital forensics are: CRC SJA2 SJA1 MD5

all of the above

According to the author, what are the advantages of virtual labs? 1. cost savings 2. access to more tools and storage 3. access to diverse and greater expertise 4. reduction of unnecessary duplication of resource all of the above all of the above except number 4

CPU

According to the author, which of the following is most volatile when prioritizing the evidence? memory CPU data on storage drives archived data all of the above

False

Active data is classified as deleted or partially overwritten. True False

All of the above

An IPv4 address is made up of: four octets four decimal numbers all of the above none of the above

All of the above

An IPv6 address is made up of: eight hextets, 128 bits 32 hexadecimal digits, 32 nibbles all of the above none of the above

American Standard Code for Information Interchange

Choose the encoding scheme used for the English language. American Society Code for Interchange Information American Society Code for Information Interchange American Standard Code for Interchange Information American Standard Code for Information Interchange

ten people in Kansas from 1974 to 1991

Dennis Rader, known as Bind, Torture, Kill (BTK), murdered: ten people in Kentucky from 1974 to 1991 ten people in Arkansas from 1974 to 1991 ten people in Kansas from 1974 to 1991 ten people in Kalamazoo from 1974 to 1991

civil cases

Legal authority can be negotiated before taking a computer off-premises in: criminal cases civil cases all of the above none of the above

True

Links files are shortcuts which have a date and time stamps. True False

True

Metadata is most often defined as data about data.

True

Network investigative "sniffer" tools include Snort, NetIntercept, and Wireshark True False

False

Packet switching breaks the data into large chunks of data called packets True False

True

Restore points are snapshots of key system settings and configuration at a specific moment in time.

False

Search Authority is always the final step in any forensic process. True False

P2P

Select the network configuration where file sharing is the predominant use of the network client/server P2P all of the above none of the above

True

Shadow copies provide the source data for restore points.

False

The File Allocation Table (FAT) can be expressed as FATX, FAT32, NTFS, FAT16, and FAT12. True False

False

The NTUSER.DAT file is located in the subfolder config. Question options: True False

Intelligence

The author describes a process known as Document and Media Exploitation (DOMEX) as paying large dividends and providing _______ to support soldiers on the ground. forensic science digital forensics criminal investigations intelligence

digital evidence

The author states, "One of the major struggles in law enforcement is to change the paradigm of the police and get them to think of and seek out _________." administrative matters digital evidence criminal investigations forensic science

False

The best scientific evidence in the world is valuable only if it's inadmissible in a court of law True False

True

The chain of custody requires tracking each and every time the evidence item(s) changes hands or locations.

person collecting the evidence

The first "link" in the chain of custody in any case is: person recording the evidence person receiving the evidence person collecting the evidence all of the above

all of the above

The log or audit trail for evidence storage should be maintained with: 1. who entered 2. when they entered 3. what they removed 4. or what they returned all of the above all of the above except number 4

False

The operating system of Windows 7 creates a thumbnail cache file called thumbs.db.

False

The registry consist of both NTUSER.DAT and the five (5) root-level keys or hives. Question options: True False

restore points

The shadow copies provide the source data for ___________. registry files link files prefetch files restore points all of the above none of the above

role-based

The virtual lab arrangement allows for a distinct _______ access. role-playing proprietary-role fundamental-role role-based

False

There are 512 bits found in each sector. True False

footer, payload, and header

What are the three (3) parts of a packet? data, footer, and top bottom, data, and header payload, foot, and top footer, payload, and header

mobile, network, computer, and video

What type of forensic examinations are conducted in the University of Akron High-Technology Forensics Laboratory? video, mobile, and computer video, audio, and mobile mobile, network, computer, and video network, mobile, and computer

open

Which of the following applies when the analyst is aware of being tested external oral open closed

all of the above

Which of the following are forensic image formats .E01 .001 .AD1 all of the above

all of the above

Which of the following are known and included as a cell site? related radio equipment mast base station all of the above

all of the above

Which of the following are methods used to locate at cell phone? GPS directional antenna triangulation all of the above

all of the above

Which of the following are possible solutions with protecting cell phones from network signals? aluminum foil paint can faraday bag all of the above

All of the above

Which of the following are required to show origination and termination locations? CDRs physical addresses of towers all of the above none of the above

routing table and ARP cache

Which of the following are the most volatile evidence to collect first? routing table and ARP cache temporary files system and swap space remotely logged data data on the hard drive

home location registers

Which of the following components will record the current location of the device? base station controllers base stations home location registers all of the above

electromagnetism

Which of the following creates data written to a platter using a read/write head attached to an actuator arm? reflecting light microscopic electrical transistors electromagnetism all of the above

all of the above

Which of the following devices would have a static IP address? routers, servers printers, routers servers, printers all of the above

all of the above

Which of the following element(s) ensure valid and reliable results are produced and justice is served in all types of laboratory setups? Standard Operating Procedures & Quality Assurance Accreditation & Certification all of the above none of the above

mobile switching center

Which of the following holds a tremendous amount of forensic evidence? base station base station controller mobile switching center all of the above

10011100

Which of the following is equivalent to 0x9C 10101100 1001-1010 10011100 none of the above

all of the above

Which of the following is equivalent to eight bits and represents one byte? 10101010 0x4A 0101-1100 A all of the above none of the above

dependent

Which of the following is not a type of proficiency test? open, blind dependent blind, internal external

oral

Which of the following is not a type of quality assurance proficiency tests? oral external internal blind

administrative matters

Which of the following is the "best" choice when digital evidence can also be valuable for incidents other than litigation and matters of national security. administrative matters digital forensics criminal investigations intelligence

digital forensics

Which of the following is the application of computer science and investigative procedures? administrative matters digital forensics criminal investigations forensic science

forensic science

Which of the following is the application of science to solve a legal problem? administrative matters digital forensics criminal investigations forensic science

hibernation

Which of the following is where we start to see some potential investigative benefit? sleep hibernation sleep and hibernation none of the above

hibernation

Which of the following is where we start to see some potential investigative benefit? Question options: sleep hibernation sleep and hibernation none of the above

chain of custody

Which of the following meets a series of strict legal requirements before evidence is presented in court. chain of logs chain of custody notes all of the above

mobile switching centers

Which of the following network components will handle SMS messages? routers and switches base stations and base stations controllers mobile switching centers all of the above

registry

Which of the following plays a crucial role in the operation of a PC? sleep hibernation sleep and registry registry

registry

Which of the following plays a crucial role in the operation of a PC? Question options: sleep hibernation sleep and registry registry

firewall

Which of the following programs is located at a network gateway server to protect network resources? Snort DDoS firewall IDS

all of the above

Which of the following represents F? 00001111 1111 0000-1111 all of the above none of the above

EMF

Which of the following represents an image of a document to be printed? SHA-1 MD5 EMF ROM

EMF

Which of the following represents an image of a document to be printed? Question options: SHA-1 MD5 EMF ROM

analysis

Which of the following steps involves the examiners use of their skills, experience, and tools to locate and interpret artifacts found on the media? imaging/hashing chain of custody search authority analysis

internal

Which of the following test is conducted by the agency output input external internal

flash memory

Which of the following without a charge will read a zero? magnetic disks and flash memory magnetic disks flash memory optical storage all of the above none of the abov

glossary

Which of the following, in the examiners report, can assist our intended audience wade through any unfamiliar jargon and acronyms? forms notes glossary all of the above

modified

Which of the listed date/time stamps are set when a file is altered in any way and then saved? created modified accessed none of the above

created

Which of the listed date/time stamps frequently indicates when a file or folder was created on a particular piece of media? created modified accessed none of the above

accessed

Which of the listed date/time stamps is updated whenever a file in accessed by the file system? created modified accessed none of the above

optical storage

Which of the storage items/terms below involves spaces or lands? magnetic disks and flash memory magnetic disks flash memory optical storage all of the above none of the above

restore points

Which or the following are snapshots of key system settings and configurations at a specific moment in time? registry files link files prefetch files restore points all of the above none of the above

False

A company's Intranet is public, and access to it is not limited True False

False

A file type can always be identified by the file extension. True False

False

A physical or logical acquisition captures all of the data on a cell phone

chain of custody

A well documented ________ is essential to maintain the integrity of the evidence. imaging/hashing chain of custody search authority none of the above


Conjuntos de estudio relacionados

Ch.13 - Businessowners Coverage Form

View Set

Titanic Verbs for ESOL Level 1 (Verbos sobre Titanic)

View Set

Vocabulary - Chapter 8: The Ancient Egyptian Pharaohs

View Set

Abeka 11th grade US History quiz G

View Set

Conceptual physics oct 24- Nov 9 Exam

View Set