2
C702 Exam Newest 2026-2027 with accurate || || || || || ||
detailed solutions ||
Computer Forensics ||
Deals with the process of finding evidence related to a digital crime
|| || || || || || || || || || ||
Cybercrime
Any illegal act that involves a computer, its systems, or its applications
|| || || || || || || || || || ||
Internal Attacks ||
Insider attacks, considered as a primary threat, refer to attacks by disgruntled
|| || || || || || || || || || ||
individuals working in the same firm or household as the victim. Examples of internal attacks
|| || || || || || || || || || || || || ||
include espionage, theft of intellectual property, manipulation of records, and Trojan horse
|| || || || || || || || || || ||
attack.
External Attacks ||
External attacks originate from outside of an organization or can be remote in
|| || || || || || || || || || || ||
nature. Such attacks occur when there are inadequate information security policies and
|| || || || || || || || || || ||
procedures.
Rules of Forensics Investigation
|| || ||
A forensic examiner must keep in mind certain rules to follow during a computer forensic
|| || || || || || || || || || || || || ||
examination, as well as to handle and analyze the evidence. This will safeguard the integrity of
|| || || || || || || || || || || || || || ||
the evidence and render it acceptable in a court of law.
|| || || || || || || || || ||
,2
The forensic examiner must make duplicate copies of the original evidence and start by
|| || || || || || || || || || || || ||
examining only the duplicates. The duplicate copies must be accurate replications of the
|| || || || || || || || || || || ||
originals, and the forensic examiner must also authenticate the duplicate copies to avoid
|| || || || || || || || || || || ||
questions about the integrity of the evidence. || || || || || ||
The computer forensic examiner must not continue with the investigation if the examination is
|| || || || || || || || || || || || ||
going to be beyond his or her knowledge level or skill level.
|| || || || || || || || || || ||
Forensic Investigator Rules || ||
Limit access and examination of the original evidence
|| || || || || || ||
Record changes made to the evidence files
|| || || || || ||
Create a chain of custody document
|| || || || ||
Set standards for investigating the evidence
|| || || || ||
Comply with standards || ||
Hire professionals for analysis of evidence
|| || || || ||
Evidence should be strictly related to the incident || || || || || || ||
The evidence should comply with the jurisdiction standards
|| || || || || || ||
Document the procedures applied on the evidence || || || || || ||
Securely store the evidence || || ||
Use recognized tools for analysis
|| || || ||
Enterprise Theory of Investigation (ETI) || || || ||
ETI is a methodology for investigating criminal activity. It adopts a holistic approach toward any
|| || || || || || || || || || || || || ||
criminal activity as a criminal operation rather than as a single criminal act.
|| || || || || || || || || || || ||
,2
Understanding Digital Evidence || ||
Digital evidence includes all such information that is either stored or transmitted in digital form
|| || || || || || || || || || || || || ||
and has probative value. Investigators should take utmost care while gathering digital evidence
|| || || || || || || || || || || ||
as it is fragile in nature. According to Locard's Exchange Principle, "anyone or anything,
|| || || || || || || || || || || || ||
entering a crime scene takes something of the scene, and leaves something of themselves
|| || || || || || || || || || || || ||
behind."
Locard's Exchange Principle || ||
Every contact leaves a trace
|| || || ||
Digital Forensics Challenge || ||
Forensic investigators face many challenges during forensics investigation of a digital crime,
|| || || || || || || || || || ||
such as extracting, preserving, and analyzing the digital evidence. For example, system data that
|| || || || || || || || || || || || ||
an intruder can easily change or destroy should have priority while assembling the evidence.
|| || || || || || || || || || || || ||
, 2
Volatile Data||
Temporary information on a digital device that requires a constant power supply and is deleted if
|| || || || || || || || || || || || || || || ||
the power supply is interrupted. Important volatile data includes: system time, logged on user(s),
|| || || || || || || || || || || || || ||
open files, network information, process information, process-to-port mapping, process memory,
|| || || || || || || || || ||
clipboard contents, service/driver information, command history, etc.
|| || || || || ||
Non-volatile Data ||
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
|| || || || || || || || || || || || || ||
Information stored in non-volatile form includes: hidden files, slack space, swap file, index.dat
|| || || || || || || || || || || || ||
files, unallocated clusters, unused partitions, registry settings, and event logs.
|| || || || || || || || ||
Characteristics of Digital Evidence || || ||
Admissible
Authentic
Complete
Reliable
Believable
Admissible Evidence ||
Relevant to the case, acts in support of the client presenting it, and be well communicated and
|| || || || || || || || || || || || || || || || ||
non-prejudiced.
Authentic Evidence ||
investigators must provide supporting documents regarding the authenticity,
|| || || || || || ||
accuracy, and integrity of the evidence with details such as source and its relevance to the case.
|| || || || || || || || || || || || || || || ||
C702 Exam Newest 2026-2027 with accurate || || || || || ||
detailed solutions ||
Computer Forensics ||
Deals with the process of finding evidence related to a digital crime
|| || || || || || || || || || ||
Cybercrime
Any illegal act that involves a computer, its systems, or its applications
|| || || || || || || || || || ||
Internal Attacks ||
Insider attacks, considered as a primary threat, refer to attacks by disgruntled
|| || || || || || || || || || ||
individuals working in the same firm or household as the victim. Examples of internal attacks
|| || || || || || || || || || || || || ||
include espionage, theft of intellectual property, manipulation of records, and Trojan horse
|| || || || || || || || || || ||
attack.
External Attacks ||
External attacks originate from outside of an organization or can be remote in
|| || || || || || || || || || || ||
nature. Such attacks occur when there are inadequate information security policies and
|| || || || || || || || || || ||
procedures.
Rules of Forensics Investigation
|| || ||
A forensic examiner must keep in mind certain rules to follow during a computer forensic
|| || || || || || || || || || || || || ||
examination, as well as to handle and analyze the evidence. This will safeguard the integrity of
|| || || || || || || || || || || || || || ||
the evidence and render it acceptable in a court of law.
|| || || || || || || || || ||
,2
The forensic examiner must make duplicate copies of the original evidence and start by
|| || || || || || || || || || || || ||
examining only the duplicates. The duplicate copies must be accurate replications of the
|| || || || || || || || || || || ||
originals, and the forensic examiner must also authenticate the duplicate copies to avoid
|| || || || || || || || || || || ||
questions about the integrity of the evidence. || || || || || ||
The computer forensic examiner must not continue with the investigation if the examination is
|| || || || || || || || || || || || ||
going to be beyond his or her knowledge level or skill level.
|| || || || || || || || || || ||
Forensic Investigator Rules || ||
Limit access and examination of the original evidence
|| || || || || || ||
Record changes made to the evidence files
|| || || || || ||
Create a chain of custody document
|| || || || ||
Set standards for investigating the evidence
|| || || || ||
Comply with standards || ||
Hire professionals for analysis of evidence
|| || || || ||
Evidence should be strictly related to the incident || || || || || || ||
The evidence should comply with the jurisdiction standards
|| || || || || || ||
Document the procedures applied on the evidence || || || || || ||
Securely store the evidence || || ||
Use recognized tools for analysis
|| || || ||
Enterprise Theory of Investigation (ETI) || || || ||
ETI is a methodology for investigating criminal activity. It adopts a holistic approach toward any
|| || || || || || || || || || || || || ||
criminal activity as a criminal operation rather than as a single criminal act.
|| || || || || || || || || || || ||
,2
Understanding Digital Evidence || ||
Digital evidence includes all such information that is either stored or transmitted in digital form
|| || || || || || || || || || || || || ||
and has probative value. Investigators should take utmost care while gathering digital evidence
|| || || || || || || || || || || ||
as it is fragile in nature. According to Locard's Exchange Principle, "anyone or anything,
|| || || || || || || || || || || || ||
entering a crime scene takes something of the scene, and leaves something of themselves
|| || || || || || || || || || || || ||
behind."
Locard's Exchange Principle || ||
Every contact leaves a trace
|| || || ||
Digital Forensics Challenge || ||
Forensic investigators face many challenges during forensics investigation of a digital crime,
|| || || || || || || || || || ||
such as extracting, preserving, and analyzing the digital evidence. For example, system data that
|| || || || || || || || || || || || ||
an intruder can easily change or destroy should have priority while assembling the evidence.
|| || || || || || || || || || || || ||
, 2
Volatile Data||
Temporary information on a digital device that requires a constant power supply and is deleted if
|| || || || || || || || || || || || || || || ||
the power supply is interrupted. Important volatile data includes: system time, logged on user(s),
|| || || || || || || || || || || || || ||
open files, network information, process information, process-to-port mapping, process memory,
|| || || || || || || || || ||
clipboard contents, service/driver information, command history, etc.
|| || || || || ||
Non-volatile Data ||
Permanent data stored on secondary storage devices, such as hard disks and memory cards.
|| || || || || || || || || || || || || ||
Information stored in non-volatile form includes: hidden files, slack space, swap file, index.dat
|| || || || || || || || || || || || ||
files, unallocated clusters, unused partitions, registry settings, and event logs.
|| || || || || || || || ||
Characteristics of Digital Evidence || || ||
Admissible
Authentic
Complete
Reliable
Believable
Admissible Evidence ||
Relevant to the case, acts in support of the client presenting it, and be well communicated and
|| || || || || || || || || || || || || || || || ||
non-prejudiced.
Authentic Evidence ||
investigators must provide supporting documents regarding the authenticity,
|| || || || || || ||
accuracy, and integrity of the evidence with details such as source and its relevance to the case.
|| || || || || || || || || || || || || || || ||
