Intro to Digital Forensics Quiz 5

Which of the following are forensic image formats .E01 .001 .AD1 all of the above

All of the above

Which of the following are possible solutions with protecting cell phones from network signals? aluminum foil paint can faraday bag all of the above

All of the above

Which of the following meets a series of strict legal requirements before evidence is presented in court. chain of logs chain of custody notes all of the above

Chain of custody

Legal authority can be negotiated before taking a computer off-premises in: criminal cases civil cases all of the above none of the above

Civil Cases

According to the author any writes to the evidence will not compromise its integrity and/or jeopardize its admissibility. True False

False

According to the author interacting with a running computer, in any way, will not cause changes to the system. True False

False

According to the author, a forensic clone is a backup copy of a hard drive. True False

False

The first "link" in the chain of custody in any case is: person recording the evidence person receiving the evidence person collecting the evidence all of the above

Person collecting the evidence

Which of the following are the most volatile evidence to collect first? routing table and ARP cache temporary files system and swap space remotely logged data data on the hard drive

Routing table and ARP cache

A forensic examination may be conducted on the original evidence in exigent circumstances. True False

True