Computer Forensics Practice Questions
Course Introduction
Computer Forensics is an advanced course that explores the principles and practices of investigating digital crimes by recovering, analyzing, and preserving data from computers and other digital devices. Students learn about the methodologies used to identify and extract electronic evidence while maintaining its integrity for legal proceedings. The course covers topics such as file systems, data recovery, network forensics, incident response, and the relevant laws and ethical considerations associated with digital investigations. Practical exercises and case studies provide hands-on experience with industry-standard forensic tools and techniques, preparing students for real-world cybersecurity challenges in law enforcement, corporate, and governmental contexts.
Recommended Textbook
Guide to Computer Forensics and Investigations 4th Edition by Bill Nelson
Available Study Resources on Quizplus 16 Chapters
768 Verified Questions
768 Flashcards
Source URL: https://quizplus.com/study-set/1690
Page 2
Chapter 1: Computer Forensics and Investigations As a Profession
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33478
Sample Questions
Q1) What questions should an investigator ask to determine whether a computer crime was committed?
Answer: In a criminal case, a suspect is tried for a criminal offense, such as burglary, murder, or molestation.To determine whether there was a computer crime, an investigator asks questions such as the following: What was the tool used to commit the crime? Was it a simple trespass? Was it a theft, a burglary, or vandalism? Did the perpetrator infringe on someone else's rights by cyberstalking or e-mail harassment?
Q2) By the 1970s, electronic crimes were increasing, especially in the financial sector. A)True B)False
Answer: True
Q3) The ____________________ to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.
Answer: Fourth Amendment
To view all questions and flashcards with answers, click on the resource link above.
3
Chapter 2: Understanding Computer Investigations
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33479
Sample Questions
Q1) Describe some of the technologies used with hardware write-blocker devices. Identify some of the more commonly used vendors and their products.
Answer: There are many hardware write-blockers on the market.Some are inserted between the disk controller and the hard disk; others connect to USB or FireWire ports.Several vendors sell write-blockers, including Technology Pathways NoWrite FPU; Digital Intelligence Ultra- Kit, UltraBlock, FireFly, FireChief 800, and USB Write Blocker; WiebeTECH Forensic DriveDock; Guidance Software FastBloc2; Paralan's SCSI Write Blockers; and Intelligent Computer Solutions (www.ics-iq.com) Image LinkMaSSter Forensics Hard Case.
Q2) Employees surfing the Internet can cost companies millions of dollars.
A)True
B)False
Answer: True
Q3) Chain of custody is also known as chain of evidence.
A)True
B)False
Answer: True
Q4) A(n) ____________________ lists each piece of evidence on a separate page. Answer: single-evidence form
To view all questions and flashcards with answers, click on the resource link above. Page 4
Chapter 3: The Investigators Office and Laboratory
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33480
Sample Questions
Q1) sponsors the EnCE certification program
A)FireWire
B)Guidance Software
C)Business case
D)F.R.E.D.C.i.Disaster recovery plan
E)ASCLD/LAB
F)SIG
G)MAN
H)Norton Ghost
Answer: B
Q2) Requirements for taking the EnCE certification exam depend on taking the Guidance Software EnCase training courses.
A)True
B)False
Answer: False
Q3) What are the four levels of certification offered by HTCN?
Answer: Certified Computer Crime Investigator, Basic Level
Certified Computer Crime Investigator, Advanced Level
Certified Computer Forensic Technician, Basic
Certified Computer Forensic Technician, Advanced
To view all questions and flashcards with answers, click on the resource link above. Page 5
Chapter 4: Data Acquisition
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33481
Sample Questions
Q1) FTK Imager requires that you use a device such as a USB or parallel port dongle for licensing.
A)True
B)False
Q2) SnapBack DatArrest runs from a true ____ boot floppy.
A) UNIX
B) Linux
C) Mac OS X
D) MS-DOS
Q3) What are some of the features offered by proprietary data acquisition formats?
Q4) For computer forensics, ____ is the task of collecting digital evidence from electronic media.
A) hashing
B) data acquisition
C) lossy compression
D) lossless compression
Q5) What are the steps to update the Registry for Windows XP SP2 to enable write-protection with USB devices?
Q6) Explain the use of hash algorithms to verify the integrity of lossless compressed data.
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Processing Crime and Incident Scenes
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33482
Sample Questions
Q1) _____________________ can be any information stored or transmitted in digital form.
Q2) During an investigation involving a live computer, do not cut electrical power to the running system unless it's an older ____ or MS-DOS system.
A) Windows XP
B) Windows 9x
C) Windows NT
D) Windows Me
Q3) How can you determine who is in charge of an investigation?
Q4) A(n) ____ should include all the tools you can afford to take to the field.
A) initial-response field kit
B) extensive-response field kit
C) forensic lab
D) forensic workstation
Q5) The most common computer-related crime is ____.
A) homicide
B) check fraud
C) car stealing
D) sniffing
Q6) Briefly describe the process of obtaining a search warrant.
Page 7
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Working With Windows and Dos Systems
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33483
Sample Questions
Q1) gives an OS a road map to data on a disk
A)File system
B)Tracks
C)Track density
D)Partition gap
E)Drive slack
F)NTFS
G)Unicode
H)Data streams
I)BitLocker
Q2) The type of file system an OS uses determines how data is stored on the disk.
A)True
B)False
Q3) In Microsoft file structures, sectors are grouped to form ____________________, which are storage allocation units of one or more sectors.
Q4) Records in the MFT are referred to as ____.
A) hyperdata
B) metadata
C) inodes
D) infodata
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Current Computer Forensics Tools
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33484
Sample Questions
Q1) a direct copy of a disk drive
A)JFIF
B)Lightweight workstation
C)Pagefile.sys
D)Salvaging
E)Raw data
F)PDBlock
G)Norton DiskEdit
H)Stationary workstation
I)SafeBack
Q2) a tower with several bays and many peripheral devices
A)JFIF
B)Lightweight workstation
C)Pagefile.sys
D)Salvaging
E)Raw data
F)PDBlock
G)Norton DiskEdit
H)Stationary workstation
I)SafeBack
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Macintosh and Linux Boot Processes and File Systems
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33485
Sample Questions
Q1) Describe the CD creation process.
Q2) Ext2fs can support disks as large as ____ TB and files as large as 2 GB.
A) 4
B) 8
C) 10
D) 12
Q3) What is a bad block inode on Linux?
Q4) ____ components define the file system on UNIX.
A) 2
B) 3
C) 4
D) 5
Q5) In older Mac OSs, a file consists of two parts: a data fork, where data is stored, and a ____ fork, where file metadata and application information are stored.
A) resource
B) node
C) blocks
D) inodes
Q7) What is a continuation inode? Page 10
Q6) Explain the use of forensic tools for Macintosh systems.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 9: Computer Forensics Analysis and Validation
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33486
Sample Questions
Q1) ____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.
A) Brute-force
B) Dictionary
C) Profile
D) Statistics
Q2) What are the basic guidelines to identify steganography files?
Q3) a hashing algorithm
A)Court orders for discovery
B)Investigation plan
C)Digital Intelligence PDWipe
D)Live search
E)Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander
Q4) Describe the effects of scope creep on an investigation in the corporate environment.
Q5) What are the file systems supported by FTK for forensic analysis?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 10: Recovering Graphics Files
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33487
Sample Questions
Q1) The image format XIF is derived from the more common ____ file format.
A) GIF
B) JPEG
C) BMP
D) TIFF
Q2) You use ____ to create, modify, and save bitmap, vector, and metafile graphics files.
A) graphics viewers
B) image readers
C) image viewers
D) graphics editors
Q3) ____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.
A) Replacement
B) Append
C) Substitution
D) Insertion
Q4) Give a brief overview of copyright laws pertaining to graphics within and outside the U.S.
To view all questions and flashcards with answers, click on the resource link above. Page 13
Chapter 11: Virtual Machines, Network Forensics, and Live Acquisitions
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33488
Sample Questions
Q1) What are some of the tools included with the PSTools suite?
Q2) The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password
A) chntpw
B) john
C) oinkmaster
D) memfetch
Q3) ____ hide the most valuable data at the innermost part of the network.
A) Layered network defense strategies
B) Firewalls
C) Protocols
D) NAT
Q4) The term ____________________ means how long a piece of information lasts on a system.
Q5) What is the general procedure for a live acquisition?
Q6) Describe some of the Windows tools available at Sysinternals.
Q7) When intruders break into a network, they rarely leave a trail behind.
A)True
B)False
Q8) What is Knoppix-STD? Page 14
To view all questions and flashcards with answers, click on the resource link above.
Page 15
Chapter 12: E-Mail Investigations
Available Study Resources on Quizplus for this Chatper
48 Verified Questions
48 Flashcards
Source URL: https://quizplus.com/quiz/33489
Sample Questions
Q1) text editor used with UNIX
A)Contacts
B)Pico
C)syslogd file
D)www.arin.net
E)PU020101.db
F)Notepad
G)CISCO Pix
H)www.whatis.com
I)Pine
Q2) ____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.
A) Continuous logging
B) Automatic logging
C) Circular logging
D) Server logging
Q3) What are the steps for retrieving e-mail headers on Pine?
Q4) What kind of information can you find in an e-mail header?
Q5) Describe how e-mail account names are created on an intranet environment.
To view all questions and flashcards with answers, click on the resource link above. Page 16
Chapter 13: Cell Phone and Mobile Device Forensics
Available Study Resources on Quizplus for this Chatper
37 Verified Questions
37 Flashcards
Source URL: https://quizplus.com/quiz/33490
Sample Questions
Q1) nonvolatile memory
A)CDMA
B)iDEN
C)EDGE
D)ROM
Q2) What is the bandwidth offered by 3G mobile phones?
Q3) Mobile devices can range from simple phones to small computers, also called ______________________.
Q4) Investigating cell phones and mobile devices is a relatively easy task in digital forensics.
A)True
B)False
Q5) Typically, phones developed for use on a GSM network are compatible with phones designed for a CDMA network.
A)True
B)False
Q6) Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ______________________.
Q7) What are the three main components used for cell phone communications?
Page 17
To view all questions and flashcards with answers, click on the resource link above.
Chapter 14: Report Writing for High-Tech Investigations
Available Study Resources on Quizplus for this Chatper
48 Verified Questions
48 Flashcards
Source URL: https://quizplus.com/quiz/33491
Sample Questions
Q1) a witness testifying to personally observed facts
A)Decimal numbering
B)Lay witness
C)FTK
D)Examination plan
E)Signposts
F)Verbal report
G)Spoliation
H)Conclusion section
I)MD5
Q2) Briefly explain how to limit your report to specifics.
Q3) A written preliminary report is considered a ____ document because opposing counsel can demand discovery on it.
A) low-risk
B) middle-risk
C) high-risk
D) no-risk
Q4) Explain how to use supportive material on a report.
Q5) Provide some guidelines for writing an introduction section for a report.
Q6) What are the report requirements for civil cases as specified on Rule 26, FRCP?
Page 18
To view all questions and flashcards with answers, click on the resource link above.
Chapter 15: Expert Testimony in High-Tech Investigations
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/33492
Sample Questions
Q1) The purpose of the _____________________ is for the opposing attorney to preview your testimony before trial.
Q2) At a trial, _____________________ are statements that organize the evidence and state the applicable law.
Q3) What are some of the technical definitions that you should prepare before your testimony?
Q4) Like a job resume, your CV should be geared for a specific trial.
A)True
B)False
Q5) Discuss any potential problems with your attorney ____ a deposition.
A) before B) after C) during D) during direct examination at
Q6) What are the procedures followed during a trial?
Q7) When cases go to trial, you as a forensics examiner can play one of ____ roles.
A) 2
B) 3
C) 4
D) 5
To view all questions and flashcards with answers, click on the resource link above. Page 19
Chapter 16: Ethics for the Expert Witness
Available Study Resources on Quizplus for this Chatper
35 Verified Questions
35 Flashcards
Source URL: https://quizplus.com/quiz/33493
Sample Questions
Q1) In the United States, there's no state or national licensing body for computer forensics examiners.
A)True
B)False
Q2) People need ethics to help maintain their balance, especially in difficult and contentious situations.
A)True
B)False
Q3) The American Bar Association (ABA) is a licensing body.
A)True
B)False
Q4) one of the effects of violating court rules or laws
A)Ethics
B)Federal Rules of Evidence (FRE)
C)Disqualification
D)IACIS
Q5) What are some of standards for IACIS members that apply to testifying?
Q6) What are some of the guidelines included in the ISFCE code of ethics?
Q7) What are some of the factors courts have used in determining whether to disqualify an expert?
To view all questions and flashcards with answers, click on the resource link above. Page 20