Study Guide Digital Forensics Midterm Exam with Updated Questions and
Answers (2025-2026) – 100% Solved
- ✔✔✔-
- ✔✔✔-
acquisition - ✔✔✔-The process of creating a duplicate image of data; one of the five required
functions of digital forensics tools.
Advanced Forensic Format (AFF) - ✔✔✔-An open-source format that stores image data and
metadata. File extensions include .afd for segmented image files and .afm for AFF metadata.
affidavit - ✔✔✔-A notarized document, given under penalty of perjury, that investigators create
to detail their findings. This document is often used to justify issuing a warrant or to deal with
abuse in a corporation. Also called a "declaration" when the document is unnotarized.
allegation - ✔✔✔-A charge made against someone or something before proof has been found.
alternate data streams - ✔✔✔-Ways in which data can be appended to a file (intentionally or
not) and potentially obscure evidentiary data. In NTFS, these become an additional file
attribute.
American Society of Crime Laboratory Directors (ASCLD) - ✔✔✔-A national society that sets the
standards, management, and audit procedures for labs used in crime analysis, including
computer forensics labs used by the police, FBI, and similar organizations.
approved secure container - ✔✔✔-A fireproof container locked by a key or combination.
areal density - ✔✔✔-The number of bits per square inch of a disk platter.
,Study Guide Digital Forensics Midterm Exam with Updated Questions and
Answers (2025-2026) – 100% Solved
attorney-client privilege (ACP) - ✔✔✔-Communications between an attorney and client about
legal matters is protected as confidential communications. The purpose of having confidential
communications is to promote honest and open dialogue between an attorney and client. This
confidential information must not be shared with unauthorized people.
attribute ID - ✔✔✔-In NTFS, an MFT record field containing metadata about the file or folder
and the file's data or links to the file's data.
authorized requester - ✔✔✔-In a private-sector environment, the person who has the right to
request an investigation, such as the chief security officer or chief intelligence officer.
Automated Fingerprint Identification Systems (AFIS) - ✔✔✔-A computerized system for
identifying fingerprints that's connected to a central database; used to identify criminal suspects
and review thousands of fingerprint samples at high speed.
bit-stream copy - ✔✔✔-A bit-by-bit duplicate of data on the original storage medium. This
process is usually called "acquiring an image" or "making an image."
bit-stream image - ✔✔✔-The file where the bit-stream copy is stored; usually referred to as an
"image," "image save," or "image file."
bitmap images - ✔✔✔-Collections of dots, or pixels, in a grid format that form a graphic.
bootstrap process - ✔✔✔-Information contained in ROM that a computer accesses during
startup; this information tells the computer how to access the OS and hard drive.
brute-force attack - ✔✔✔-The process of trying every combination of characters—letters,
numbers, and special characters typically found on a keyboard—to find a matching password or
passphrase value for an encrypted file.
, Study Guide Digital Forensics Midterm Exam with Updated Questions and
Answers (2025-2026) – 100% Solved
business case - ✔✔✔-A document that provides justification to upper management or a lender
for purchasing new equipment, software, or other tools when upgrading your facility. In many
instances, a business case shows how upgrades will benefit the company.
carving - ✔✔✔-The process of recovering file fragments that are scattered across a disk..
Certified Computer Examiner (CCE) - ✔✔✔-A certification from the International Society of
Forensic Computer Examiners.
Certified Cyber Forensic Professional (CCFP) - ✔✔✔-A certification from ISC² for completing the
education and work experience and passing the exam.
Certified Forensic Computer Examiner (CFCE) - ✔✔✔-A certificate awarded by IACIS at
completion of all portions of the exam.
chain of custody - ✔✔✔-The route evidence takes from the time the investigator obtains it until
the case is closed or goes to court.
clusters - ✔✔✔-Storage allocation units composed of groups of sectors. Clusters are 512, 1024,
2048, or 4096 bytes each.
Computer Forensics Tool Testing (CFTT) - ✔✔✔-A project sponsored by the National Institute of
Standards and Technology to manage research on digital forensics tools.
Computer Technology Investigators Network (CTIN) - ✔✔✔-A nonprofit group based in Seattle-
Tacoma, WA, composed of law enforcement members, private corporation security
professionals, and other security professionals whose aim is to improve the quality of high-
technology investigations in the Pacific Northwest.
Answers (2025-2026) – 100% Solved
- ✔✔✔-
- ✔✔✔-
acquisition - ✔✔✔-The process of creating a duplicate image of data; one of the five required
functions of digital forensics tools.
Advanced Forensic Format (AFF) - ✔✔✔-An open-source format that stores image data and
metadata. File extensions include .afd for segmented image files and .afm for AFF metadata.
affidavit - ✔✔✔-A notarized document, given under penalty of perjury, that investigators create
to detail their findings. This document is often used to justify issuing a warrant or to deal with
abuse in a corporation. Also called a "declaration" when the document is unnotarized.
allegation - ✔✔✔-A charge made against someone or something before proof has been found.
alternate data streams - ✔✔✔-Ways in which data can be appended to a file (intentionally or
not) and potentially obscure evidentiary data. In NTFS, these become an additional file
attribute.
American Society of Crime Laboratory Directors (ASCLD) - ✔✔✔-A national society that sets the
standards, management, and audit procedures for labs used in crime analysis, including
computer forensics labs used by the police, FBI, and similar organizations.
approved secure container - ✔✔✔-A fireproof container locked by a key or combination.
areal density - ✔✔✔-The number of bits per square inch of a disk platter.
,Study Guide Digital Forensics Midterm Exam with Updated Questions and
Answers (2025-2026) – 100% Solved
attorney-client privilege (ACP) - ✔✔✔-Communications between an attorney and client about
legal matters is protected as confidential communications. The purpose of having confidential
communications is to promote honest and open dialogue between an attorney and client. This
confidential information must not be shared with unauthorized people.
attribute ID - ✔✔✔-In NTFS, an MFT record field containing metadata about the file or folder
and the file's data or links to the file's data.
authorized requester - ✔✔✔-In a private-sector environment, the person who has the right to
request an investigation, such as the chief security officer or chief intelligence officer.
Automated Fingerprint Identification Systems (AFIS) - ✔✔✔-A computerized system for
identifying fingerprints that's connected to a central database; used to identify criminal suspects
and review thousands of fingerprint samples at high speed.
bit-stream copy - ✔✔✔-A bit-by-bit duplicate of data on the original storage medium. This
process is usually called "acquiring an image" or "making an image."
bit-stream image - ✔✔✔-The file where the bit-stream copy is stored; usually referred to as an
"image," "image save," or "image file."
bitmap images - ✔✔✔-Collections of dots, or pixels, in a grid format that form a graphic.
bootstrap process - ✔✔✔-Information contained in ROM that a computer accesses during
startup; this information tells the computer how to access the OS and hard drive.
brute-force attack - ✔✔✔-The process of trying every combination of characters—letters,
numbers, and special characters typically found on a keyboard—to find a matching password or
passphrase value for an encrypted file.
, Study Guide Digital Forensics Midterm Exam with Updated Questions and
Answers (2025-2026) – 100% Solved
business case - ✔✔✔-A document that provides justification to upper management or a lender
for purchasing new equipment, software, or other tools when upgrading your facility. In many
instances, a business case shows how upgrades will benefit the company.
carving - ✔✔✔-The process of recovering file fragments that are scattered across a disk..
Certified Computer Examiner (CCE) - ✔✔✔-A certification from the International Society of
Forensic Computer Examiners.
Certified Cyber Forensic Professional (CCFP) - ✔✔✔-A certification from ISC² for completing the
education and work experience and passing the exam.
Certified Forensic Computer Examiner (CFCE) - ✔✔✔-A certificate awarded by IACIS at
completion of all portions of the exam.
chain of custody - ✔✔✔-The route evidence takes from the time the investigator obtains it until
the case is closed or goes to court.
clusters - ✔✔✔-Storage allocation units composed of groups of sectors. Clusters are 512, 1024,
2048, or 4096 bytes each.
Computer Forensics Tool Testing (CFTT) - ✔✔✔-A project sponsored by the National Institute of
Standards and Technology to manage research on digital forensics tools.
Computer Technology Investigators Network (CTIN) - ✔✔✔-A nonprofit group based in Seattle-
Tacoma, WA, composed of law enforcement members, private corporation security
professionals, and other security professionals whose aim is to improve the quality of high-
technology investigations in the Pacific Northwest.
