forensics
A program that calculates and verifies the hash digest of a file is called _______________. md5sum hash digest md5Total
a
Files that are stored on CD are classified to be in the information class called ____________. stored transmitted archived produced
a
The digital forensic stage that involves the correlating of data with logs and the process of determining the relevance of the collected information is called __________________. Evaluation Acquisition Identification Presentation
a
Which of the following is considered non volatile? CD/DVD Register Cache Memory Process Table
a
The digital forensic stage that involves the preservation of disks, the collection of volatile data, and the process of securing the crime scene is called __________________. Identification Acquisition Evaluation Presentation
acquisition
A program that is used to check for worms and malwares on a computer is called ___________. VirusScanner RootkitRevealer WormDetective ProcessExplorer
b
An example of an information that belongs to the produced class is email spreadsheet network packet database query
b
One of the most essential tools used in cataloging digital evidence is _______________. a crime-scene tape a floppy disk a digital camera a magnifying glass
c
The use of network packets to hide and transmit information is called protocol hiding protocol steganography protocol bending protocol manipulation
c
Which one, among the following, can not be done by digital forensics? recover deleted files trace web browsing activities tap and monitor telephone lines discover installed applications
c
To ensure that the collected digital evidence will be free of contamination, an investigator must provide a __________. complete documentation digital camera dedicated acquisition system plastic bag for evidence
c. dedicated acquisition system
A program that lists all the applications that will start up automatically when a computer boots up is called __________________. ProgramFiles StartupPrograms ProcessExplorer Autoruns
d
Showing that someone may not have committed the digital crime is called _______________. incriminating evidence not guilty supposition descriminating evidence exculpatory evidence
d
Which activity is not a part of the digital forensic process? Analyzing Collecting Identifying Monitoring
d
A Unix tool that performs a bit-image copy of a disk is called _______________. wipe dd diskcopy md5sum
dd
A slack space is the area between the start of a file and the end of the last cluster used by that file. True False
false
Computer vendors use the Host Protected Area (HPA) to keep a copy of the disk metadata. True False
false
Deleted files in a computer can never be recovered. True False
false
Protocol bending is another name for steganography.
false
The presentation stage in digital forensic investigation is that stage where activity logs and timeline are correlated. True False
false
Volatile information or data need to be collected as early as possible to prevent them from spreading like a virus. True False
false
Data on a USB drive are more volatile than those on main memory (RAM). True False
flase
A file extension is used for identifying the type of the file and the application that created the file. True False
true
A method to prove the authenticity of a digital evidence is to compare its hash digest with the hash digest that was calculated when the evidence was first collected.
true
In digital forensics, a slack space must be examined because it can be used to hide some information. True False
true
In digital forensics, string search is made on a data image to uncover valuable information such as file system type and file names.
true
Preservation of digital evidence includes the gathering of hash digests of the collected data. True False
true
Steganography is the process of hiding information or files within a carrier medium such as an audio file, an image file, or a video file. True False
true
The tracking of web browsing activities is one of the results of digital forensics.
true
The tracking of web browsing activities is one of the results of digital forensics. True False
true