

Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
A series of questions and answers related to digital forensics concepts and techniques, covering topics such as evidence handling, data acquisition, file systems, and forensic tools. It provides insights into the challenges and best practices in digital forensics investigations.
Typology: Exams
1 / 3
This page cannot be seen from the preview
Don't miss anything!
why must digital forensics labs be physically secure? - ANSWER - so that evidence is not destroyed
both public and private sector investigations require search warrants - ANSWER false
how do Microsoft OSs allocate disk space for files? - ANSWER by clusters
what is the biggest challenge when trying to acquire an image from a MAC? - ANSWER physically accessing the drive
which of the following technologies is used to validate digital evidence? - ANSWER hashing
where would one find lists of known files hashes for a variety of operating systems, applications and images? - ANSWER the National Software Reference Library (NSRL)
which is the default file system for today's Linux distributions? - ANSWER ext
which types of graphics files do digital forensics investigate most? - ANSWER - images downloaded from the web
every Windows file system supports alternate data streams - ANSWER false
which technology comes with every solid-state storage device and presents a challenge when performing forensic acquisitions due to how it manages the device? - ANSWER wear-leveling
which of the following concepts allows an investigator to enter into evidence something that was not specified in a search warrant but was in direct sight? - ANSWER plain view doctrine
what is the term used when one confirms that a forensic tool is working as intended? - ANSWER validation
what is the first thing a digital forensics examiner would do to identify an unknown file format? - ANSWER search for it on Google
which of the following should a digital forensics investigator NEVER analyze when looking for evidence? - ANSWER the original evidence
which type of forensics must an investigator perform when s/he must capture active TCP sessions? - ANSWER live forensics
what is the term used for any unrelated information that is acquired during acquisition? - ANSWER innocent information
what are the two major categories of digital forensics tools? - ANSWER - software
evidence used in a criminal case cannot be used in a civil suit - ANSWER false
digital forensics investigators perform most of their work in the location the evidence was seized - ANSWER false