Digital forensic Quiz assessment

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from life systems that cannot be taken off line?

A logical back up

Digital forensics is commonly applied to which of the following activities

All of the above

Which types of files are appropriate subjects for forensic analysis

All of the above

Which three of the following are application components?

Datafiles Authentication mechanisms Application architecture

NIST include which three as steps and collecting data?

Develop a plan to acquire the data Acquire the data Verify the integrity of the data

Which three of the following data types are considered non-volatile?

Dump files Logs Swap files

True or false: digital forensics report is a summary of your findings. If your case goes to trial, your testimony, Chan, and usually does, involve far more detail that is in the report.

False

True or false: when collecting forensic data from a running system, you should always attempt to collect nonvolatile data first

False

Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built in logging options of digital forensic tools, and exporting key data items into a CSV or TXT file?

Findings and analysis

The Internet layer of the TCP/IP stack also known as the networking layer in the OSI model contains two protocols that are very useful to a forensic investigation?

ICMP, IP V4/IP V6

Which of these sources might require a court order in order to obtain the data for forensic analysis?

ISP records

Configuration files are considered which data type?

Non-volatile

Which of these applications would likely be of the least interest in a forensic analysis?

Patch files

Which device would you inspect if you were looking for event data correlated across a number of different network devices?

Remote access server

Deleting a file results in what action by most operating systems?

The memory registers used by the file are marked as available for new storage, but are otherwise not changed

How does a forensic analysis use Hash sets acquired from and NIST's software reference library project?

They can quickly eliminate, known good operating system, and application files from consideration

What is the primary purpose of maintaining a chain of custody?

To avoid allegations of miss, handling or tampering of evidence

True or false: digital forensics has been used to solve a number of high profile, violent crimes

True


Set pelajaran terkait

020301hA - Survey Equipment - Part A

View Set

Quiz 5 Information Security Fundamentals

View Set

RELIGION CTT Ch. 9 The Age of the Imperial Church

View Set

the largest quizlet set ever!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

View Set

Project Management - The Managerial Process 7E - Unit 1

View Set

Module 1 health promotions for advance practice nurses

View Set

chapter 63: acute kidney injury and chronic kidney disease

View Set