Reference no: EM133337851

Assignment:

Question 1. Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?

• Real
• Documentary
• Testimonial
• Demonstrative

Question 2. Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?

• Real
• Documentary
• Testimonial
• Demonstrative

Question 3. Which type of evidence is information collected from individuals that supports and helps to interpret other types of evidence?

• Real
• Documentary
• Testimonial
• Demonstrative

Question 4. Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?

• Real
• Documentary
• Testimonial
• Demonstrative

Question 5. Which of the following is a digital forensics specialist least likely to need in-depth knowledge of?

• Computer memory, such as cache and random access memory (RAM)
• Storage devices
• Mainframes
• Operating systems, such as Windows, Linux, and macOS

Question 6. A computing device does not play which role in a crime?

• Perpetrator
• Target
• Instrument
• Repository

Question 7. In which type of computer crime do cybercriminals engage in activities to either impersonate victims or to convince victims to carry out transactions that benefit the criminals, with a focus on extracting revenue from victims?

• Cyberstalking
• Exfiltrating data
• Online fraud
• Nonaccess computer crime

Question 8. Which type of computer crime often involves nation-state attacks by well-funded cybercriminals?

• Cyberstalking
• Cyberterrorism
• Online fraud
• Identity theft

Question 9. Which principle of effective digital forensic investigations helps to ensure data in memory is not lost?

• Minimize original data handling
• Enforce the rules of evidence
• Do not exceed your knowledge
• Consider data volatility

Question 10. Which of the following was developed by researchers at the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University?

• U.S. Department of Defense Forensic Standards
• Digital Forensic Research Workshop (DFRWS) Framework
• Scientific Working Group on Digital Evidence (SWGDE) Framework
• Event-Based Digital Forensic Investigation Framework

Question 11. Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?

• Kali Linux
• OSForensics
• EnCase
• The Forensic Toolkit (FTK)

Question 12. Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.

• Legal hold
• E-discovery
• Admissibility
• Hash function

Question 13. What is the determination that evidence is either acceptable or unacceptable to a court of law?

• Legal hold
• Preservation
• Admissibility
• Order of volatility

Question 14. The ________ establishes that evidence was collected and handled using proper techniques and procedures, which is also a trusted method to determine the ________, or point of origin, of a piece of evidence.

• legal hold, chain of custody
• chain of custody, provenance
• time stamp, preservation
• provenance, admissibility

Question 15. Oscar is a digital forensic specialist. He has been given a suspect hard disk that has been physically damaged. He wants to try to recover data. What is the first step he should take?

• Boot the test system from its own internal drive
• Send the device to an organization that specializes in data recovery from damaged devices
• Install it in a test system
• Explore logical damage recovery

Question 16. Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?

• Copy the contents of the disk drive to an external drive without shutting down the computer
• Shut down the computer, reboot, and then copy the contents of the disk drive to an external drive
• Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk
• Because processes constantly run on computers and request new sectors to store data, it is not possible to recover deleted data without some data being overwritten

Question 17. The FAT32 and NTFS file systems are associated with which of the following?

• Android
• Windows
• Linux
• macOS

Question 18. What are bash and zsh?

• Shells
• File systems
• Graphical user interfaces (GUIs)
• Operating systems

Question 19. Which of the following is not true of mobile devices and forensics?

• Mobile devices can be volatile and remotely managed.
• Mobile devices do not need to follow ordinary chain of custody techniques.
• Although options are available for breaking mobile device access controls, there is no guarantee that you will be able to access the device's data without the owner's cooperation.
• The process of accessing evidence on a mobile device is similar to that on a normal computer.

Question 20. Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?

• Global positioning system (GPS) information and history
• Network connection information and history
• Text messages
• Device information