Digital forensic Quiz assessment
Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from life systems that cannot be taken off line?
A logical back up
Digital forensics is commonly applied to which of the following activities
All of the above
Which types of files are appropriate subjects for forensic analysis
All of the above
Which three of the following are application components?
Datafiles Authentication mechanisms Application architecture
NIST include which three as steps and collecting data?
Develop a plan to acquire the data Acquire the data Verify the integrity of the data
Which three of the following data types are considered non-volatile?
Dump files Logs Swap files
True or false: digital forensics report is a summary of your findings. If your case goes to trial, your testimony, Chan, and usually does, involve far more detail that is in the report.
False
True or false: when collecting forensic data from a running system, you should always attempt to collect nonvolatile data first
False
Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built in logging options of digital forensic tools, and exporting key data items into a CSV or TXT file?
Findings and analysis
The Internet layer of the TCP/IP stack also known as the networking layer in the OSI model contains two protocols that are very useful to a forensic investigation?
ICMP, IP V4/IP V6
Which of these sources might require a court order in order to obtain the data for forensic analysis?
ISP records
Configuration files are considered which data type?
Non-volatile
Which of these applications would likely be of the least interest in a forensic analysis?
Patch files
Which device would you inspect if you were looking for event data correlated across a number of different network devices?
Remote access server
Deleting a file results in what action by most operating systems?
The memory registers used by the file are marked as available for new storage, but are otherwise not changed
How does a forensic analysis use Hash sets acquired from and NIST's software reference library project?
They can quickly eliminate, known good operating system, and application files from consideration
What is the primary purpose of maintaining a chain of custody?
To avoid allegations of miss, handling or tampering of evidence
True or false: digital forensics has been used to solve a number of high profile, violent crimes
True
