Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

NWIT 263 Midterm Exam: Digital Forensics Concepts and Techniques, Exams of Forensics

A series of questions and answers related to digital forensics concepts and techniques, covering topics such as evidence handling, data acquisition, file systems, and forensic tools. It provides insights into the challenges and best practices in digital forensics investigations.

Typology: Exams

2024/2025

Available from 02/12/2025

lyudmila-hanae
lyudmila-hanae šŸ‡ŗšŸ‡ø

1

(2)

7.8K documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
NWIT 263 Midterm Exam With Complete Solutions
why must digital forensics labs be physically secure? - ANSWER - so that evidence is
not destroyed
- so that evidence is not corrupted
- so that the evidence is not lost
both public and private sector investigations require search warrants - ANSWER false
how do Microsoft OSs allocate disk space for files? - ANSWER by clusters
what is the biggest challenge when trying to acquire an image from a MAC? - ANSWER
physically accessing the drive
which of the following technologies is used to validate digital evidence? - ANSWER
hashing
where would one find lists of known files hashes for a variety of operating systems,
applications and images? - ANSWER the National Software Reference Library (NSRL)
which is the default file system for today's Linux distributions? - ANSWER ext4
which types of graphics files do digital forensics investigate most? - ANSWER - images
downloaded from the web
- images circulated via email
every Windows file system supports alternate data streams - ANSWER false
pf3

Partial preview of the text

Download NWIT 263 Midterm Exam: Digital Forensics Concepts and Techniques and more Exams Forensics in PDF only on Docsity!

NWIT 263 Midterm Exam With Complete Solutions

why must digital forensics labs be physically secure? - ANSWER - so that evidence is not destroyed

  • so that evidence is not corrupted
  • so that the evidence is not lost

both public and private sector investigations require search warrants - ANSWER false

how do Microsoft OSs allocate disk space for files? - ANSWER by clusters

what is the biggest challenge when trying to acquire an image from a MAC? - ANSWER physically accessing the drive

which of the following technologies is used to validate digital evidence? - ANSWER hashing

where would one find lists of known files hashes for a variety of operating systems, applications and images? - ANSWER the National Software Reference Library (NSRL)

which is the default file system for today's Linux distributions? - ANSWER ext

which types of graphics files do digital forensics investigate most? - ANSWER - images downloaded from the web

  • images circulated via email

every Windows file system supports alternate data streams - ANSWER false

which technology comes with every solid-state storage device and presents a challenge when performing forensic acquisitions due to how it manages the device? - ANSWER wear-leveling

which of the following concepts allows an investigator to enter into evidence something that was not specified in a search warrant but was in direct sight? - ANSWER plain view doctrine

what is the term used when one confirms that a forensic tool is working as intended? - ANSWER validation

what is the first thing a digital forensics examiner would do to identify an unknown file format? - ANSWER search for it on Google

which of the following should a digital forensics investigator NEVER analyze when looking for evidence? - ANSWER the original evidence

which type of forensics must an investigator perform when s/he must capture active TCP sessions? - ANSWER live forensics

what is the term used for any unrelated information that is acquired during acquisition? - ANSWER innocent information

what are the two major categories of digital forensics tools? - ANSWER - software

  • hardware

evidence used in a criminal case cannot be used in a civil suit - ANSWER false

digital forensics investigators perform most of their work in the location the evidence was seized - ANSWER false