Question 1

How long should the CMOS battery be kept disconnected for the memory to be lost?&#10;A) 24 hours&#10;B) 12 hours&#10;C) 6 hours&#10;D) 30 minutes

Accepted Answer

CMOS (Complementary Metal-Oxide-Semiconductor) batteries are used to power the memory in computers and other electronic devices. When the battery is disconnected, the memory will eventually be lost. The amount of time it takes for the memory to be lost depends on the type of CMOS battery and the device it is powering. In general, the memory will be lost within 24 hours of the battery being disconnected.

Question 2

Which of the following makes digital forensics a science?&#10;A) Its processes are repeatable and proven.&#10;B) It analyzes various computer programs in order to arrive at assumptions.&#10;C) It follows a universal, standard procedure.&#10;D) It is a universally accepted discipline in universities.

Accepted Answer

Digital forensics is considered a science due to its processes being repeatable and proven, which allows for the formation of reliable and objective conclusions based on evidence. This distinguishes it from practices that rely on subjective assumptions or lack a standardized procedure. While digital forensics may be a discipline in universities and follow standard procedures, these alone do not necessarily make it a science.

Question 3

Which of the following defines artifacts?&#10;A) temporary data files that were created by applications&#10;B) data files that pertain to or were created by an individual user&#10;C) system-generated files that are created for operational purposes&#10;D) files that pertain to Internet history and e-mail

Accepted Answer

Artifacts are system-generated files that are created for operational purposes, such as logs, registry settings, and metadata. Options A, B, and D pertain to specific types of data files, but artifacts are not limited to these categories.

Question 4

Why should the imaging of drives always be initiated by booting the suspect drive from a previously verified forensic floppy?&#10;A) New floppy drives bear the danger of being virus carriers.&#10;B) A previously verified forensic floppy can detect anomalies in the drive faster.&#10;C) Some users will configure their system to erase/modify data if third-party access is determined.&#10;D) The verified forensic floppy can disable the write-blocking program found on most original media.

Accepted Answer

Some users may have set up their system to erase or modify data if unauthorized third-party access is detected, so booting from a previously verified forensic floppy can prevent the execution of any malicious code that may exist on the suspect drive.

Question 5

Which of the following can NOT be categorized as file viewer software?&#10;A) Conversions Plus&#10;B) CompuPic&#10;C) DiskEdit&#10;D) Thumbs Plus

Accepted Answer

DiskEdit is a disk editing software and not a file viewer software. The other options, Conversions Plus, CompuPic, and Thumbs Plus are all file viewer software.

Question 6

________ are designed to be the first line of defense for users, thus preventing individuals from booting the computer's operating system.&#10;A) Software passwords&#10;B) BIOS passwords&#10;C) CMOS passwords&#10;D) Document passwords

Accepted Answer

The answer of ________ are designed to be the first...

Question 7

What is the minimum number of imaging programs that any forensic labs should be equipped with?&#10;A) two&#10;B) three&#10;C) four&#10;D) one

Accepted Answer

Forensic labs should be equipped with at least two imaging programs to ensure redundancy and reliability in their ability to create exact copies of digital storage devices. This is crucial for maintaining the integrity of digital evidence.

Question 8

Which rule remains unchanged in every computer investigation?&#10;A) encrypt all notes&#10;B) search every single file&#10;C) pull the battery&#10;D) document

Accepted Answer

The rule that remains unchanged in every computer investigation is to document everything. It is essential to create a detailed and accurate record of all actions taken during the investigation. This includes the methods used, the evidence obtained, and the procedures followed. Failure to document every step could lead to the case being dismissed or critical evidence being deemed inadmissible in court. Encrypting notes and searching every single file may be necessary in some investigations, but are not universal rules. Pulling the battery is not recommended as it could cause data loss and potentially damage the device.

Question 9

Testing forensic software at the extremes and becoming familiar with its capabilities is ________.&#10;A) unnecessary if manufacturers provide documentation&#10;B) a way to validate the forensic software&#10;C) not recommended due to the danger of acquiring viruses&#10;D) more common among computer criminals than investigators

Accepted Answer

Testing forensic software at the extremes, such as subjecting it to unusual conditions or giving it more data than it can handle, allows for thorough validation of the software's capabilities and potential limitations. It ensures that the software can handle difficult cases and provides confidence in its reliability. Documentation from manufacturers may not be sufficient to validate the software's performance in extreme scenarios. Acquiring viruses is not a concern when testing software in a controlled environment, and it is not common among investigators to test forensic software at the extremes.

Question 10

According to popular science Web sites, the scientific process of digital forensics normally starts with a(n) ________.&#10;A) experiment&#10;B) question&#10;C) probable answer&#10;D) possible solution

Accepted Answer

The scientific process of digital forensics begins with a question, specifically about the details and circumstances of a potential crime or cyber incident.

Question 11

________ is a mechanism that prevents the destruction, contamination, or corruption of original media and that can be accomplished with many of the popular imaging programs, disk management software, or simple DOS commands.

A) Jumping
B) AUTOEXEC.BAT
C) CONFIG.SYS
D) Write-blocking

Accepted Answer

The answer of ________ is a mechanism that prevents the...

Question 12

Which of the following is the most time-consuming method of circumventing CMOS passwords?&#10;A) key disks&#10;B) default passwords&#10;C) social engineering&#10;D) jumping

Accepted Answer

The answer of Which of the following is the most...

Question 13

Which of the following refers to a category of software that allows users to effectively hide the content of selected files?&#10;A) steganography&#10;B) key discs&#10;C) VFS&#10;D) artifacts

Accepted Answer

The answer of Which of the following refers to a...

Question 14

What does &#34;establish forensically sterile conditions&#34; mean in the context of computer-crime investigation?&#10;A) Maintain secrecy about the developments at the forensic lab.&#10;B) Ensure that the members of the staff have no criminal history.&#10;C) Keep the room for forensic tests clean and hygienic.&#10;D) Use new media that have been forensically wiped.

Accepted Answer

The answer of What does &#34;establish forensically sterile conditions&#34; mean...

Question 15

What would enable investigators to establish a step-by-step preliminary investigative process which runs programs in a specified order?&#10;A) CONFIG.SYS files&#10;B) batch files&#10;C) AUTOEXEC.BAT files&#10;D) compressed files

Accepted Answer

The answer of What would enable investigators to establish a...

Question 16

Which of the following is NOT an advantage of the creation of images on forensic machines?&#10;A) revealing any passwords used in operating systems&#10;B) preserving the integrity of the original image&#10;C) preventing data contamination&#10;D) establishing the veracity of subsequent analysis

Accepted Answer

The answer of Which of the following is NOT an...

Question 17

According to the Association of Chief Police Officers, which of the following is NOT a part of computer forensics?&#10;A) collection of computer-related evidence&#10;B) publication of computer-related evidence&#10;C) preservation of computer-related evidence&#10;D) analysis of computer-related evidence

Accepted Answer

The answer of According to the Association of Chief Police...

Question 18

In which of the following techniques do the investigators try to develop a profile of the suspect or the suspect computer and manually attempt password cracking?&#10;A) program specific cracking&#10;B) social engineering&#10;C) short-circuiting the chip&#10;D) verification of image

Accepted Answer

The answer of In which of the following techniques do...

Question 19

Which of the following programs can be employed by an investigating officer to counter alteration of file extensions?&#10;A) Simple 6.0&#10;B) BIOSTAR&#10;C) DiskEdit&#10;D) Mareswares HexDump

Accepted Answer

The answer of Which of the following programs can be...

Question 20

________, located either by the BIOS or elsewhere on the motherboard, are utilized to bypass protections found in the CMOS.&#10;A) Artifacts&#10;B) Key disks&#10;C) Steganographic containers&#10;D) Jumpers

Accepted Answer

The answer of ________, located either by the BIOS or...

Question 21

Disk editors list all files on the suspect drive after the recovery of erased, deleted, hidden, and compressed files.

Accepted Answer

The answer of Disk editors list all files on the...

Question 22

Licenses for forensic software that is expected to be employed in the analysis of suspect media are not required.

Accepted Answer

The answer of Licenses for forensic software that is expected...

Question 23

The Net Section of an IP address may be used to identify the individual computer.

Accepted Answer

The answer of The Net Section of an IP address...

Question 24

Short-circuiting the chip often involves short-circuiting two pins of the BIOS chip for a few seconds.

Accepted Answer

The answer of Short-circuiting the chip often involves short-circuiting two...

Question 25

Investigators validate forensic software to be used by testing the software at the extremes and being familiarized with its capabilities.

Accepted Answer

The answer of Investigators validate forensic software to be used...

Question 26

Unlike other types of passwords which may be defeated using traditional password cracking software, CMOS passwords often require hardware manipulation on the part of the investigator.

Accepted Answer

The answer of Unlike other types of passwords which may...

Question 27

According to popular science Web sites, the process of digital forensics normally starts with a hypothesis that forms into a question.

Accepted Answer

The answer of According to popular science Web sites, the...

Question 28

In a suspect Linux/Unix machine, the /etc/passwd file contains all the following EXCEPT ________.&#10;A) account ID&#10;B) home directory&#10;C) local domain name system entries&#10;D) login shell

Accepted Answer

The answer of In a suspect Linux/Unix machine, the /etc/passwd...

Question 29

Batch files provide a platform of consistency that validates their procedures to the court.

Accepted Answer

The answer of Batch files provide a platform of consistency...

Question 30

The MAC address is a binary number made up of four octets or 32 bits.

Accepted Answer

The answer of The MAC address is a binary number...

Question 31

Traceroute is a tool designed to trace the path a packet takes upon traveling from one device to another.

Accepted Answer

The answer of Traceroute is a tool designed to trace...

Question 32

Program files are software applications that are installed in the computer.

Accepted Answer

The answer of Program files are software applications that are...

Question 33

Jumping the CMOS involves the manipulation of software in which the password is cleared after the jumper has been reset.

Accepted Answer

The answer of Jumping the CMOS involves the manipulation of...

Question 34

In the context of computer forensics, which of the following is NOT required as minimum documentation?&#10;A) physical description of media&#10;B) time, date, and place of analysis&#10;C) methodology employed&#10;D) a list of standardized defaults for password location

Accepted Answer

The answer of In the context of computer forensics, which...

Question 35

Whois is a tool which can query a database that includes domain names, IP addresses, and points of contact.

Accepted Answer

The answer of Whois is a tool which can query...

Question 36

Which of the following is the unique identifier assigned to network interfaces for communications on the physical network segment?&#10;A) DNS&#10;B) MAC Address&#10;C) Traceroute&#10;D) IP address

Accepted Answer

The answer of Which of the following is the unique...

Question 37

Which of the following is a tool that can query a database that includes domain names, IP addresses, and points of contact, including names, postal addresses, and telephone numbers?&#10;A) whois&#10;B) ARIN&#10;C) Back Orifice&#10;D) RIPE

Accepted Answer

The answer of Which of the following is a tool...

Question 38

UFED is a stand-alone self-contained system that provides data extraction of content stored in mobile phones.

Accepted Answer

The answer of UFED is a stand-alone self-contained system that...

Question 39

Which of the following is NOT a cell phone forensics software?&#10;A) Device Seizure&#10;B) UFED&#10;C) XRY Complete&#10;D) Grep

Accepted Answer

The answer of Which of the following is NOT a...

Question 40

Linux systems are different in that they are characterized by a unified file system on three partitions: root, boot, and swap.

Accepted Answer

The answer of Linux systems are different in that they...

Question 41

In its most basic form, ________ refers to the process of converting a message from its original form (&#34;plaintext&#34;) into an indecipherable or scrambled form (&#34;ciphertext&#34;).

Accepted Answer

The answer of In its most basic form, ________ refers...

Question 42

Which are the most common places in a suspect computer where traces of evidence from Internet activity can be found?

Accepted Answer

The answer of Which are the most common places in...

Question 43

Investigators should validate any forensic software to be used by testing it at the ________ and familiarizing themselves with its capabilities.

Accepted Answer

The answer of Investigators should validate any forensic software to...

Question 44

The ________ for a computer is the unique identifier assigned to network interfaces for communications on the physical network segment.

Accepted Answer

The answer of The ________ for a computer is the...

Question 45

Steganographic messages have two parts: the container, which is the file that conceals data, and the ________, which is the actual data.

Accepted Answer

The answer of Steganographic messages have two parts: the container,...

Question 46

On Windows systems, ________ are system-generated files created for operational purposes.

Accepted Answer

The answer of On Windows systems, ________ are system-generated files...

Question 47

Briefly discuss some basic strategies for circumventing CMOS passwords.

Accepted Answer

The answer of Briefly discuss some basic strategies for circumventing...

Question 48

Some computers allow a BIOS bypass by inserting a ________ in the floppy disk drive while booting.

Accepted Answer

The answer of Some computers allow a BIOS bypass by...

Question 49

________ is a software application designed for Windows-based systems which provides extraction and analysis tools for a multitude of devices, including smartphones and tablets.

Accepted Answer

The answer of ________ is a software application designed for...

Question 50

When investigators pull the CMOS battery to circumvent a password, the battery should be disconnected for at least ________ hours.

Accepted Answer

The answer of When investigators pull the CMOS battery to...

Question 51

The most time-consuming and exasperating method of circumventing CMOS passwords involves the use of ________.

Accepted Answer

The answer of The most time-consuming and exasperating method of...

Question 52

________ the CMOS involves the manipulation of hardware in which the password is cleared after the jumper has been reset.

Accepted Answer

The answer of ________ the CMOS involves the manipulation of...

Question 53

All media used in the analysis of computer evidence must be forensically ________ for courtroom purposes.

Accepted Answer

The answer of All media used in the analysis of...

Question 54

________ contains the precise location of the satellite and the locations of all other satellites in the system.

Accepted Answer

The answer of ________ contains the precise location of the...

Question 55

The most important aspect of data analysis is ________.

Accepted Answer

The answer of The most important aspect of data analysis...

Question 56

________ may be created to incorporate all of the forensic software employed, including write-blocking, imaging and verification, disk management, and virus scan.

Accepted Answer

The answer of ________ may be created to incorporate all...

Question 57

In a rare case where investigators cannot remove a suspect drive, they may be confounded by the presence of a ________.

Accepted Answer

The answer of In a rare case where investigators cannot...

Question 58

Discuss forensic investigation in non-Window operating systems.

Accepted Answer

The answer of Discuss forensic investigation in non-Window operating systems....

Question 59

What are the areas that should be documented in a forensic investigation? What, in your opinion, makes documentation the most important aspect of forensic science?

Accepted Answer

The answer of What are the areas that should be...

Question 60

Discuss some of the ways to recover passwords.Why do you think they are important to forensic investigation?

Accepted Answer

The answer of Discuss some of the ways to recover...

Question 61

Match between columns&#10;                        Premises: Conversions Plus&#10;Conversions Plus&#10;Conversions Plus&#10;Quick View Plus&#10;Quick View Plus&#10;Quick View Plus&#10;Thumbs Plus&#10;Thumbs Plus&#10;Thumbs Plus

Accepted Answer

The Answer of commercial viewer capable of reading MAC formats is...

Question 62

Match between columns&#10;                        Premises: System registry&#10;System registry&#10;System registry&#10;Log files&#10;Log files&#10;Log files&#10;Swap tiles&#10;Swap tiles&#10;Swap tiles

Accepted Answer

The Answer of computer memory files written to the hard is...

Question 63

Match between columns&#10;                        Premises: MAC Address&#10;MAC Address&#10;MAC Address&#10;MAC Address&#10;Traceroute&#10;Traceroute&#10;Traceroute&#10;Traceroute&#10;Domain Name System&#10;Domain Name System&#10;Domain Name System&#10;Domain Name System&#10;Internet Protocol (IP) Addresses&#10;Internet Protocol (IP) Addresses&#10;Internet Protocol (IP) Addresses&#10;Internet Protocol (IP) Addresses

Accepted Answer

The Answer of protocol within the TCP/IP suite which translates is...

Deck 12: Processing of Evidence and Report Preparation