Digital Forensics Quiz 1

Which of the following is a Registry Data type a. REG_WINDOWS b. REG_HEX c. REG_DWORD d. REG_DATA

REG_DWORD - There are three types of values; String, Binary, and DWORD

At which stage of the digital forensics process would a write-blocker be used? a. Acquisition b. Analysis c. Reporting d. Verification

Acquisition

When conducting a computer investigation for potential criminal violations of the law, the legal processes you follow depend on a. Local Custom b. Legislative Standards c. Rules of Evidence d. All of the above

All of the above

Computer forensics and data recovery refer to the same activities. Select one: True False

False

Which of the following is the name of one of two logical root keys that reside in the system hard drive of the Windows Registry a. HKEY_LOCAL_SYSTEM b. HKEY_LOCAL_WINDOWS c. HKEY_LOCAL_MACHINE d. HKEY_LOCAL_DRIVE

HKEY_LOCAL_MACHINE

Which one of the following shows why it is important to conduct an investigation on a copy of the data instead of the original a. To allow other investigators to work on the data to speed up the investigation b. Some tools will only work on copied data c. To allow the investigation to be replicated d. To minimise errors during the investigation process

To minimise errors during the investigation process

The examination and Analysis are completed before the Collection and Preservation stages of the forensic process. Select one: True False

True

Registry

a database of stored configuration information about the users, hardware, and software on a Windows system.

What is the name of one of the most forensically significant Internet Explorer artifacts? a. index.html b. index.dat c. cache.tif d. homepage.html

index.dat