Intro to Digital Forensics

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Choose the encoding scheme used for the English language

American Standard Code for Information Interchange (ASCII)

According to the author, which of the following is most volatile when prioritizing the evidence?

CPU

Which of the following meets a series of strict legal requirements before evidence is presented in court.

Chain of custody

Legal authority can be negotiated before taking a computer off-premises in:

Civil Case

Which of the following is not a type of proficiency test?

Dependent

Which of the following are forensic image formats

E01 .001 .AD1

Which of the following represents an image of a document to be printed?

EMF

A file type can always be identified by the file extension.

False

A tool validation process clearly demonstrates that the tool is licensed.

False

According to the author any writes to the evidence will not compromise its integrity and/or jeopardize its admissibility.

False

According to the author interacting with a running computer, in any way, will not cause changes to the system.

False

According to the author, a forensic bag is one way to prevent a network signal from reaching the phone.

False

According to the author, a forensic clone is a backup copy of a hard drive.

False

According to the author, data is generally created in three ways electromagnetism, microscopic electrical transistors (flash), and thumbdrives.

False

Active data is classified as deleted or partially overwritten.

False

Improving the quality of laboratory services provided to the social media system is an objective of ASCLD/LAB.

False

Search Authority is always the final step in any forensic process.

False

The File Allocation Table (FAT) can be expressed as FATX, FAT32, NTFS, FAT16, and FAT12.

False

The NTUSER.DAT file is located in the subfolder config.

False

The best scientific evidence in the world is valuable only if it's inadmissible in a court of law

False

There are 512 bits found in each sector.

False

Which of the following, in the examiners report, can assist our intended audience wade through any unfamiliar jargon and acronyms?

Glossary

Which of the following is where we start to see some potential investigative benefit? in terms of power saving functions

Hibernation

The author describes a process known as Document and Media Exploitation (DOMEX) as paying large dividends and providing _______ to support soldiers on the ground.

Intelligence

Which of the following test is conducted by the agency

Internal

According to the author, the most common hash functions used in digital forensics are

MD5

Which of the following has launched the Computer Forensic Tool Testing Project (CFTT)

NIST

Which of the following applies when the analyst is aware of being tested

Open

Which of the following is not a type of quality assurance proficiency tests?

Oral

The shadow copies provide the source data for ___________.

Restore Points

The virtual lab arrangement allows for a distinct _______ access.

Role-based

Which of the following elements ensures valid and reliable results are produced and justice is served in all types of laboratory setups?

Standard Operating Procedures & Quality of Assurance, Accreditation & Certification

The first "link" in the chain of custody in any case is:

The person collecting the evidence

A forensic examination may be conducted on the original evidence in exigent circumstances.

True

According to the author, JavaScript is a server-side technology.

True

Information is added to the message header from each server along the delivery path of the email message.

True

Internet Message Access Protocol (IMAP) is a two-way communication protocol used by clients to access email on a server.

True

Links files are shortcuts which have a date and time stamps.

True

Metadata is most often defined as data about data.

True

Restore points are snapshots of key system settings and configuration at a specific moment in time.

True

Shadow copies provide the source data for restore points.

True

The browser uses the HTML protocol to send a "get" request to the web server hosting a website.

True

The chain of custody requires tracking each and every time the evidence item(s) changes hands or locations.

True

The operating system of Windows 7 creates a thumbnail cache file called thumbs.db.

True

The registry consist of both NTUSER.DAT and the five (5) root-level keys or hives.

True

The tool validation process is an aspect of our digital forensics that is committed to paper.

True

Which of the listed date/time stamps is updated whenever a file is accessed by the file system?

accessed

Which of the following is the "best" choice when digital evidence can also be valuable for incidents other than litigation and matters of national security.

administrative matters

Which of the following are possible solutions with protecting cell phones from network signals?

aluminum foil. paint can, faraday bag

Which of the following steps involves the examiners use of their skills, experience, and tools to locate and interpret artifacts found on the media?

analysis

A well documented ________ is essential to maintain the integrity of the evidence.

chain of custody

According to the author, what are the advantages of virtual labs?

cost savings access to more tools and storage access to diverse and greater expertise reduction of unnecessary duplication of resources

Which of the listed date/time stamps frequently indicates when a file or folder was created on a particular piece of media?

created

According to the author, the FBI's crime laboratory in Quantico, Virginia, has the distinction of being the _______ forensic lab in the ______.

largest, world

What type of forensic examinations are conducted in the University of Akron High-Technology Forensics Laboratory?

mobile, network, computer, and video

Which of the listed date/time stamps are set when a file is altered in any way and then saved?

modified

Which of the storage items/terms below involves spaces or lands?

optical storage

Which of the following are the most volatile evidence to collect first?

routing table and ARP cache

Which or the following are snapshots of key system settings and configurations at a specific moment in time?

shadow copy

Dennis Rader, known as Bind, Torture, Kill (BTK), murdered:

ten people in Kansas from 1974 to 1991

INDEX.DAT is a binary, container-like file which holds data of value for forensic examiners.

true

The log or audit trail for evidence storage should be maintained with:

who entered when they entered what they removed or what they returned

Which of the following represents the hexadecimal F?

00001111 0x0F 0000-1111 all of the above

Which of the following is equivalent to 0x9C in binary

10011100

Which of the following is equivalent to eight bits and represents one byte?

10101010, 0x4A, 0101-1100, the letter A

The author states, "One of the major struggles in law enforcement is to change the paradigm of the police and get them to think of and seek out _________."

digital evidence

Which of the following is the application of computer science and investigative procedures?

digital forensics

Which of the following creates data written to a platter using a read/write head attached to an actuator arm?

electromagnetism

According to the author, lab security is always a major concern and unauthorized access is the only threat to the evidence, which must be addressed

false

Which of the following without a charge will read a zero?

flash memory

Which of the following is the application of science to solve a legal problem?

forensic science


Ensembles d'études connexes

chapter 36 geriatric emergencies

View Set

PrepU Ch. 11Therapeutic Relationships & Communication

View Set

Fund Hesi Nursing Process Evaluation

View Set

CH. 14 - Ancient Mediterranean Worlds

View Set

Multiplying Polynomials and Simplifying Expressions

View Set

很重要SAUNDERS LEADERSHIP ( 2 )

View Set

Contraposition or Transposition of Conditional Proposition Contact

View Set