2
C840 D431 - Digital Forensics Practice Questions || || || || || || ||
with accurate detailed solutions || || ||
Which law requires a free opt-out option? - ✔✔CAN-SPAM Act. The CAN-SPAM Act is a U.S.
|| || || || || || || || || || || || || || || ||
law that sets the rules for commercial email, establishes requirements for commercial messages,
|| || || || || || || || || || || || ||
gives recipients the right to have emails stopped from being sent to them, and spells out tough
|| || || || || || || || || || || || || || || || ||
penalties for violations. || ||
Which law led to the creation of the Electronic Crimes Task Force? - ✔✔USA PATRIOT Act.
|| || || || || || || || || || || || || || || ||
The USA PATRIOT Act included provisions for the establishment of the ECTF to combat
|| || || || || || || || || || || || || ||
electronic crimes, including cyberterrorism and other computer-related offenses. || || || || || || ||
Where would they find logs about connections to remote computers? - ✔✔The ForwardedEvents
|| || || || || || || || || || || || ||
log is used to store events collected from remote computers. This has data in it only if event
|| || || || || || || || || || || || || || || || || ||
forwarding has been configured. || || ||
A forensic specialist is getting ready to collect digital evidence. What should they do first? -
|| || || || || || || || || || || || || || || ||
✔✔Review the Chain of Custody. The first step in collecting digital evidence is to carefully || || || || || || || || || || || || || || ||
review and document the chain of custody. This involves documenting who has had access to the
|| || || || || || || || || || || || || || || ||
device or data, when it was accessed, and any changes made to it since the incident occurred. By
|| || || || || || || || || || || || || || || || || ||
carefully documenting the chain of custody, the specialist can ensure that the evidence is
|| || || || || || || || || || || || || ||
admissible in court and has not been tampered with. || || || || || || || ||
Which law suggests setting up forensic laboratories? - ✔✔US Patriot Act. The USA Patriot Act is
|| || || || || || || || || || || || || || ||
a law passed by the US Congress in response to the 9/11 terrorist attacks. It includes provisions
|| || || || || || || || || || || || || || || || || ||
for the establishment and funding of forensic laboratories to assist law enforcement agencies in
|| || || || || || || || || || || || || ||
the investigation and prosecution of terrorism and other crimes. The Act also provides for the
|| || || || || || || || || || || || || || ||
training and certification of forensic specialists and the development of standards and protocols
|| || || || || || || || || || || || ||
for the collection and analysis of evidence.
|| || || || || ||
What is steganography used for? - ✔✔Steganography is the practice of concealing a message,
|| || || || || || || || || || || || || ||
image, or file within another message, image, or file in such a way that it is difficult to detect or
|| || || || || || || || || || || || || || || || || || || ||
decipher the hidden content. || || ||
, 2
What would be used to make a bit-by-bit copy of a windows 8 computer? - ✔✔FTK Imager can
|| || || || || || || || || || || || || || || || || ||
create a forensic disk image of a Windows 8 computer by creating a bit-by-bit copy of the entire
|| || || || || || || || || || || || || || || || || ||
hard drive or storage media, including any deleted or hidden data.
|| || || || || || || || || ||
What would be used to detect files leaving the network using steganography? - ✔✔FTK is likely
|| || || || || || || || || || || || || || || ||
to be most effective in detecting steganographically hidden files leaving the network.
|| || || || || || || || || || ||
What's inside an email header? - ✔✔An email header is a section of an email message that
|| || || || || || || || || || || || || || || || ||
contains metadata about the message, such as the sender and recipient information, date and time
|| || || || || || || || || || || || || || ||
of sending, and information about the email server that handled the message.
|| || || || || || || || || || ||
Which storage tech uses NAND? - ✔✔NAND is a type of flash memory technology commonly
|| || || || || || || || || || || || || || ||
used in SSDs, USB drives, and memory cards.
|| || || || || || ||
How does NAND work? - ✔✔Most SSDs use Negated AND (NAND) gate-based flash memory,
|| || || || || || || || || || || || || ||
which retains memory even without power.
|| || || || ||
What is AFF? - ✔✔The Advanced Forensic Format (AFF) is a file format used in digital
|| || || || || || || || || || || || || || || ||
forensics to store disk images, file systems, and other digital evidence.
|| || || || || || || || || ||
What programs uses AFF file format? - ✔✔Autopsy and Sleuth Kit use the AFF format because it
|| || || || || || || || || || || || || || || ||
offers flexibility, scalability, compression, and encryption, which are important features for
|| || || || || || || || || || || ||
digital forensic investigations. || ||
What can be used to unlock an iPhone? - ✔✔XRY can be used to bruteforce iPhone devices it
|| || || || || || || || || || || || || || || || || ||
tries multiple pins to gain access to device.
|| || || || || || ||
Which tool can do a workflow check of steganography? - ✔✔StegExpose is an open-source
|| || || || || || || || || || || || || ||
steganalysis tool that can detect hidden information in image files. It can detect a wide range of
|| || || || || || || || || || || || || || || || ||
steganographic techniques, including JSteg, F5, and OutGuess. || || || || || ||
C840 D431 - Digital Forensics Practice Questions || || || || || || ||
with accurate detailed solutions || || ||
Which law requires a free opt-out option? - ✔✔CAN-SPAM Act. The CAN-SPAM Act is a U.S.
|| || || || || || || || || || || || || || || ||
law that sets the rules for commercial email, establishes requirements for commercial messages,
|| || || || || || || || || || || || ||
gives recipients the right to have emails stopped from being sent to them, and spells out tough
|| || || || || || || || || || || || || || || || ||
penalties for violations. || ||
Which law led to the creation of the Electronic Crimes Task Force? - ✔✔USA PATRIOT Act.
|| || || || || || || || || || || || || || || ||
The USA PATRIOT Act included provisions for the establishment of the ECTF to combat
|| || || || || || || || || || || || || ||
electronic crimes, including cyberterrorism and other computer-related offenses. || || || || || || ||
Where would they find logs about connections to remote computers? - ✔✔The ForwardedEvents
|| || || || || || || || || || || || ||
log is used to store events collected from remote computers. This has data in it only if event
|| || || || || || || || || || || || || || || || || ||
forwarding has been configured. || || ||
A forensic specialist is getting ready to collect digital evidence. What should they do first? -
|| || || || || || || || || || || || || || || ||
✔✔Review the Chain of Custody. The first step in collecting digital evidence is to carefully || || || || || || || || || || || || || || ||
review and document the chain of custody. This involves documenting who has had access to the
|| || || || || || || || || || || || || || || ||
device or data, when it was accessed, and any changes made to it since the incident occurred. By
|| || || || || || || || || || || || || || || || || ||
carefully documenting the chain of custody, the specialist can ensure that the evidence is
|| || || || || || || || || || || || || ||
admissible in court and has not been tampered with. || || || || || || || ||
Which law suggests setting up forensic laboratories? - ✔✔US Patriot Act. The USA Patriot Act is
|| || || || || || || || || || || || || || ||
a law passed by the US Congress in response to the 9/11 terrorist attacks. It includes provisions
|| || || || || || || || || || || || || || || || || ||
for the establishment and funding of forensic laboratories to assist law enforcement agencies in
|| || || || || || || || || || || || || ||
the investigation and prosecution of terrorism and other crimes. The Act also provides for the
|| || || || || || || || || || || || || || ||
training and certification of forensic specialists and the development of standards and protocols
|| || || || || || || || || || || || ||
for the collection and analysis of evidence.
|| || || || || ||
What is steganography used for? - ✔✔Steganography is the practice of concealing a message,
|| || || || || || || || || || || || || ||
image, or file within another message, image, or file in such a way that it is difficult to detect or
|| || || || || || || || || || || || || || || || || || || ||
decipher the hidden content. || || ||
, 2
What would be used to make a bit-by-bit copy of a windows 8 computer? - ✔✔FTK Imager can
|| || || || || || || || || || || || || || || || || ||
create a forensic disk image of a Windows 8 computer by creating a bit-by-bit copy of the entire
|| || || || || || || || || || || || || || || || || ||
hard drive or storage media, including any deleted or hidden data.
|| || || || || || || || || ||
What would be used to detect files leaving the network using steganography? - ✔✔FTK is likely
|| || || || || || || || || || || || || || || ||
to be most effective in detecting steganographically hidden files leaving the network.
|| || || || || || || || || || ||
What's inside an email header? - ✔✔An email header is a section of an email message that
|| || || || || || || || || || || || || || || || ||
contains metadata about the message, such as the sender and recipient information, date and time
|| || || || || || || || || || || || || || ||
of sending, and information about the email server that handled the message.
|| || || || || || || || || || ||
Which storage tech uses NAND? - ✔✔NAND is a type of flash memory technology commonly
|| || || || || || || || || || || || || || ||
used in SSDs, USB drives, and memory cards.
|| || || || || || ||
How does NAND work? - ✔✔Most SSDs use Negated AND (NAND) gate-based flash memory,
|| || || || || || || || || || || || || ||
which retains memory even without power.
|| || || || ||
What is AFF? - ✔✔The Advanced Forensic Format (AFF) is a file format used in digital
|| || || || || || || || || || || || || || || ||
forensics to store disk images, file systems, and other digital evidence.
|| || || || || || || || || ||
What programs uses AFF file format? - ✔✔Autopsy and Sleuth Kit use the AFF format because it
|| || || || || || || || || || || || || || || ||
offers flexibility, scalability, compression, and encryption, which are important features for
|| || || || || || || || || || || ||
digital forensic investigations. || ||
What can be used to unlock an iPhone? - ✔✔XRY can be used to bruteforce iPhone devices it
|| || || || || || || || || || || || || || || || || ||
tries multiple pins to gain access to device.
|| || || || || || ||
Which tool can do a workflow check of steganography? - ✔✔StegExpose is an open-source
|| || || || || || || || || || || || || ||
steganalysis tool that can detect hidden information in image files. It can detect a wide range of
|| || || || || || || || || || || || || || || || ||
steganographic techniques, including JSteg, F5, and OutGuess. || || || || || ||
