Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Digital F Mod 1&2
| Question | Answer |
|---|---|
| Which of the following is an objective of computer forensics? | Preserving evidence for prosecution |
| Digital evidence can be located in which of the following devices? | All of the Above |
| According to the text, computer forensics is a subset of which field? | Digital Forensics |
| According to Locard's Exchange Principle, what happens when a crime is committed? | Some exchange of evidence occurs between the criminal and the environment |
| Which of the following is NOT a type of digital evidence? | Physical devices |
| What is the purpose of ACPO Principle 4? | To designate responsibility to the case officer |
| What is the difference between volatile and non-volatile data? | Volatile data is temporary, while non-volatile data is permanent |
| What is a common source of digital evidence? | All of the above |
| Which of the following is an example of volatile data? | System time and open files |
| Which of the following is an example of non-volatile data? | Files stored on a hard drive |
| What is the first step in the computer forensics process? | Evidence acquisition |
| What is the primary goal of computer forensics? | To detect and analyze digital evidence for legal use |
| What is the role of a forensic investigator? | To identify, collect, and analyze evidence |
| What is an internal cyberattack? | An attack carried out by an insider with authorized access |
| What is the main benefit of forensic readiness? | Reduces investigation disruption |
| The forensic investigation report should include all of the following EXCEPT: | Opinions of the investigation team |
| What is a primary role of a computer forensics lab? | Preserve and analyze digital evidence |
| Proper evidence preservation ensures: | Evidence is admissible in court |
| The investigator’s role in court includes: | Presenting evidence and findings objectively |
| What is the purpose of hashing during the investigation phase? | To verify the integrity of digital evidence |
| Chain of custody refers to: | The process of securing evidence against tampering |
| The post-investigation phase is responsible for: | Summarizing findings into a detailed report |
| When testifying as an expert witness, a forensic investigator should: | Present findings accurately and impartially |
| What is the first phase of the Forensic Investigation Process? | Pre-investigation |
| What is the main goal of the investigation phase? | To acquire, analyze, and document evidence |
| Why is documenting the crime scene critical? | It creates a detailed record for analysis and presentation |
| Search and seizure require forensic investigators to: | Execute search warrants and collect evidence |
| Evidence acquisition involves: | Capturing and cloning digital evidence from devices |
| In the forensic investigation methodology, which of the following steps comes after the identification of evidence? | Evidence acquisition |
| What is the purpose of the pre-investigation phase? | To plan and prepare for the forensic investigation |
| Which principle states that all processes applied to evidence must be documented? | ACPO Principle 3 |
| What does forensic evidence need to be considered "authentic"? | It must be supported by the original source details |
| What is a key responsibility of a forensic investigator regarding evidence? | Maintaining the chain of custody |
| What is the primary objective of forensic readiness? | To reduce investigation time and costs |
| Which of the following is NOT an example of user-created files? | Log files |
| Which of the following is a type of cybercrime? | All of the above |
| Why is forensic readiness important for organizations? | To minimize investigation costs and disruptions |
| What is the main use of the chain of custody in computer forensics? | Ensuring evidence is admissible in court |
| Which document must be created during the investigation phase to ensure accuracy? | Crime scene sketch |
| Which step ensures that evidence remains unaltered during acquisition? | Evidence preservation |
| During the pre-investigation phase, setting up a forensic lab ensures: | All of the above |
| Search and seizure require investigators to: | Securely handle all electronic devices |
| Which of the following is NOT a requirement for a forensic investigation report? | Inclusion of all organizational data |
| Evidence gathering should occur during which phase? | Investigation |
| What is the main focus of the post-investigation phase? | Reporting findings to law enforcement |
| What is a critical factor when organizing gathered evidence for a report? | Categorizing information for clarity |
| A forensic lab must follow which set of guidelines for evidence handling? | Evidence integrity principles |
| Which rule ensures digital evidence is clear and understandable to the jury? | Understandable evidence |
| What is the role of metadata in digital evidence? | Tracks file creation and modification details |
| What does the best evidence rule state? | The original evidence must be submitted when possible |
| What is the purpose of an investigation report? | To summarize findings and conclusions for legal proceedings |
| Evidence acquired during an investigation must: | Remain unchanged to ensure integrity |
| What is the difference between volatile and non-volatile data? | Volatile data is temporary, while non-volatile data is permanent |
| Which of the following is NOT a type of digital evidence? | Physical devices |
| Digital evidence must meet which criterion to be admissible in court? | Be understandable, authentic, and complete |
Created by:
jxxnixx