Basics of Digital Forensics MCQs
1. Digital
forensics is all of them except:
A. Extraction
of computer data.
B.
Preservation of computer data.
C.
Interpretation of computer data.
D. Manipulation
of computer data.
Ans:D
2. IDIP stands for
A.
Integrated Digital Investigation Process.
B.
Integrated Data Investigator Process.
C.
Integrated Digital Investigator Process.
D.
Independent Digital Investigator Process.
Ans: A
3. Who
proposed Road Map for Digital Forensic Research (RMDFR)
A. G.Gunsh.
B.
S.Ciardhuain
C.
J.Korn.
D. G.Palmar
Ans: D
4. Investigator
should satisfy following points:
A. Contribute
to society and human being.
B.
Avoid harm to
others.
C.
Honest and trustworthy.
D. All
of the above
Ans: D
5. In the past, the method for expressing an
opinion has been to frame a question based on available factual evidence.
A.
Hypothetical
B.
Nested
C.
Challenging
D.
Contradictory
Ans: A
6. More
subtle because you are not aware that you are running these macros (the
document opens and the application automatically runs); spread via email
A. The
purpose of copyright
B.
Danger of macro
viruses
C.
Derivative works
D. computer-specific
crime
Ans: B
7. There
are three c's in computer forensics. Which is one of the three?
A.
Control
B.
Chance
C.
Chains
D. Core
Ans: A
8. When
Federal Bureau Investigation program was created?
A.1979
B.1984 C.1995 D.1989
Ans: B
9. When
the field of PC forensics began? A.1960's
B.1970's C.1980's D.1990's
Ans: C
10. What
is Digital Forensic?
A.
Process of using scientific knowledge in
analysis and presentation of evidence in court
B.
The application of computer science and
investigative procedures for a legal purpose involving the analysis of digital
evidence after proper search authority, chain of custody, validation with
mathematics, use of validated tools, repeatability, reporting, and possible expert presentation
C.
process where we develop and test hypotheses
that answer questions about digital events
D.
Use of science or technology in the
investigation and establishment of the facts
or evidence in a court of law
Ans: B
11. Digital Forensics
entails .
A.
Accessing the system's directories viewing mode
and navigating through the various systems
files and folders
B.
Undeleting and recovering lost files
C.
Identifying and solving computer crimes
D.
The identification, preservation, recovery,
restoration and presentation of digital evidence
from systems and devices
Ans: D
12. Which
of the following is FALSE?
A.
The digital forensic investigator must maintain
absolute objectivity
B.
It is the investigator’s job to determine
someone’s guilt or innocence.
C.
It is the investigator’s responsibility to
accurately report the relevant facts of a case.
D.
The investigator must maintain strict
confidentiality, discussing the results of an
investigation on only a “need to know”
Ans: B
13. What
is the most significant legal issue in computer forensics?
A.
Preserving Evidence
B.
Seizing Evidence
C.
Admissibility of Evidence
D.
Discovery of
Evidence
Ans: C
14. phase
includes putting the pieces of a digital puzzle together and developing investigative hypotheses
A.
Preservation
phase
B.
Survey phase
C.
Documentation
phase
D.
Reconstruction
phase
E.
Presentation
phase
Ans: D
15. In phase
investigator transfers the relevant data from a venue out of physical or
administrative control of the investigator to a controlled location
A.
Preservation
phase
B.
Survey phase
C.
Documentation
phase
D.
Reconstruction
phase
E.
Presentation
phase
Ans:B
16. In phase
investigator transfers the relevant data from a venue out of physical or
administrative control of the investigator to a controlled location
F.
Preservation
phase
G.
Survey phase
H.
Documentation
phase
I.
Reconstruction
phase
J.
Presentation
phase
Ans:B
17. Computer
forensics do not involve activity.
A.
Preservation of computer data.
B.
Exraction of computer data.
C.
Manipulation of computer data.
D.
Interpretation of computer data.
Ans: C
18. A
set of instruction compiled into a program that perform a particular task is
known as:
A.
Hardware. B.CPU
C. Motherboard
D. Software
Ans: D
19. Which
of following is not a rule of digital forensics?
A.
An examination should be performed on the
original data
B.
A copy is made onto forensically sterile media.
New media should always be used if
available.
C.
The copy of the evidence must be an exact,
bit-by-bit copy
D.
The examination must be conducted in such a way
as to prevent any modification of the
evidence.
Ans: A
20. To
collect and analyze the digital evidence that was obtained from the physical investigation phase, is the goal of which
phase?
A.
Physical crime investigation
B.
Digital crime
investigation.
C.
Review phase.
D. Deployment phase.
Ans: B
21. To
provide mechanism to an incident to be detected and confirmed is purpose of which phase?
A. Physical
crime investigation
B.
Digital crime
investigation.
C.
Review phase.
D.
Deployment phase.
Ans: D
22. Which
phase entails a review of the whole investigation and identifies area of improvement?
A. Physical
crime investigation
B.
Digital crime
investigation.
C.
Review phase.
D. Deployment phase
Ans: C
23. is
known as father of computer forensic.
A.
G. Palmar
B.
J. Korn
C.
Michael Anderson
D. S.Ciardhuain.
Ans: C
24. is
well established science where various contribution have been made
A. Forensic
B.
Crime
C.
Cyber Crime
D. Evidence
Ans: A
25. Who
proposed End to End Digital Investigation Process (EEDIP)?
A.
G. Palmar
B.
Stephenson
C.
Michael Anderson
D. S.Ciardhuain
Ans: B
26. Which
model of Investigation proposed by Carrier and
Safford?
A.
Extended Model of Cybercrime Investigation
(EMCI)
B.
Integrated Digital Investigation Process(IDIP)
C.
Road Map for Digital Forensic Research (RMDFR)
D.
Abstract Digital Forensic Model (ADFM)
Ans: B
27. Which
of the following is not a property of computer
evidence?
A. Authentic
and Accurate.
B.
Complete and Convincing.
C.
Duplicated and
Preserved.
D.
Conform and Human Readable.
Ans. D
28. can
makes or breaks investigation.
A. Crime
B.
Security
C: Digital Forensic D: Evidence
Ans: D
29. is
software that blocks unauthorized users from connecting to your computer.
A. Firewall
B.
Quick lauch
C.
OneLogin
D. Centrify
Ans: A
30. Which
of following are general Ethical norms for Investigator?
A. To
contribute to society and human being.
B.
To avoid harm to others.
C.
To be honest and trustworthy.
D. All
of above
E.
None of above
Ans: D
31. Which
of following are Unethical norms for Investigator?
A. Uphold
any relevant evidence.
B.
Declare any confidential matters or knowledge.
C.
Distort or falsify education, training, credentials.
D. All
of above
E.
None of above
Ans: D
32. Which
of following is not general ethical norm for
Investigator?
A. To
contribute to society and human being.
B.
Uphold any relevant Evidence.
C.
To be honest and trustworthy.
D. To
honor confidentially.
Ans: B
33. Which
of following is a not unethical norm for Digital Forensics Investigation?
A. Uphold
any relevant evidence.
B.
Declare any confidential matters or knowledge.
C.
Distort or falsify education, training, credentials.
D. To
respect the privacy of others.
Ans: D
34. What
is called as the process of creation a duplicate of digital media for purpose of examining it?
A.
Acquisition.
B.
Steganography.
C.
Live analysis
D. Hashing.
Ans: A
35. Which
term refers for modifying a computer in a way which was not originally intended to view Information?
A. Metadata
B.
Live analysis
C.
Hacking
D.
Bit Copy
Ans: C
36. The
ability to recover and read deleted or damaged files from a criminal’s computer
is an example of a law enforcement
specialty called?
A. Robotics
B.
Simulation
C.
Computer Forensics
D. Animation
Ans: C
37. What are the
important parts of the mobile device which used in Digital forensic?
A. SIM
B.
RAM
C. ROM.
D.EMMC chip Ans: D
38. Using
what, data hiding in encrypted images be carried out in digital forensics?
A. Acquisition.
B.
Steganography.
C.
Live analysis
D. Hashing.
And: B
39. Which
of this is not a computer crime?
A. e-mail harassment
B.
Falsification of data.
C.
Sabotage.
D.
Identification of data
Ans. D
40. Which
file is used to store the user entered password?
A. .exe
B.
.txt
C.
.iso
D. .sam
Ans: D
41. is
the process of recording as much data as possible to create reports and analysis on user input.
A.
Data mining
B.
Data carving
C.
Meta data
D. Data Spoofing.
Ans: A
42. searches
through raw data on a hard drive without using a file system.
A. Data mining
B.
Data carving
C.
Meta data
D. Data Spoofing.
Ans: B
43. What
is first step to Handle Retrieving Data from an Encrypted Hard Drive?
A. Formatting disk
B.
Storing data
C.
Finding configuration files.
D. Deleting files.
No comments: