Cyber Forensic MCQs
1 |
The most common and
flexible data - acquisition method
is . Ø
Disk - to - disk copy Ø Disk-to -network copy Ø Disk-to-image file copy Ø Sparse data copy |
2 |
A(n) helps you the document
what has and has not been done with both the original evidence
and forensic copies of the evidence. Ø
Evidence custody form Ø Risk Assessment form Ø Initial investigation form Ø Evidence handling form |
3 |
The PSTools kills
processes by name or process ID Ø
PsExec Ø PsList Ø PsKill Ø PsShutdown |
4 |
Corporations often follow
the doctrine,
which is what happens when a civilian or corporate
investigative agent delivers evidence to a law enforcement officer. Ø
silver-tree Ø gold-tree Ø silver-platter Ø gold-platter |
5 |
The IMSI value is associated with Ø
Mobile device Ø SIM card Ø Mobile processor Ø WI-FI serial number |
6 |
can be software or hardware and are
used to protect evidence disks by preventing you from writing any
data to the evidence disk. Ø Drive-imaging Ø Disk editors Ø Workstations Ø Write-blockers |
7 |
Raw data is a direct copy of a disk drive. An
example of a Raw image is output from the UNIX/Linux command. Ø
rawcp Ø dd Ø d2dump Ø dhex |
8 |
For computer forensics, is the task of collecting
digital evidence from electronic media. Ø
Hashing Ø Data acquisition Ø Lossy Compression Ø Lossless compression |
9 |
Published company policies provide
a(n) for a
business to conduct |
No comments: