WGU D431 DIGITAL FORENSICS IN
CYBERSECURITY EXAM 2026 INCIDENT
RESPONSE QUESTION BANK FORENSIC
WORKBOOK SOLVED ITEMS
◉ Expert Report. Answer: A formal document that lists the tests you
conducted, what you found, and your conclusions. It also includes
your curriculum vita (CV), is very thorough, and tends to be very
long. In most cases an expert cannot directly testify about anything
not in his or her expert report.
◉ Curriculum Vitae (CV). Answer: Like a resume, only much more
thorough and specific to your work experience as a forensic
investigator.
◉ Deposition. Answer: Testimony taken from a witness or party to a
case before a trial; less formal and is typically held in an attorney's
office.
◉ Digital Evidence. Answer: Information that has been processed
and assembled so that it is relevant to an investigation and supports
a specific finding or determination.
,◉ Chain of Custody. Answer: The continuity of control of evidence
that makes it possible to account for all that has happened to
evidence between its original collection and its appearance in court,
preferably unaltered.
◉ Objectives of Computer Forensics. Answer: Recover computer-
based material
Analyze computer-based material
Present computer-based material
◉ Goals of Opposing Counsel in a Deposition. Answer: To find out as
much as possible about your position, methods, conclusions, and
even your side's legal strategy
To get you to commit to a position you may not be able to defend
later
◉ Real Evidence. Answer: A physical object that someone can touch,
hold, or directly observe. Examples: include a laptop with a suspect's
fingerprints on the keyboard, a hard drive, a universal serial bus
(USB) drive, or a handwritten note.
,◉ Documentary Evidence. Answer: Data stored as written matter, on
paper or in electronic files; includes memory-resident data and
computer files. Examples: e-mail messages, logs, databases,
photographs, and telephone call-detail records
◉ Testimonial Evidence. Answer: Information that forensic
specialists use to support or interpret real or documentary evidence
◉ Demonstrative Evidence. Answer: Information that helps explain
other evidence. An example is a chart that explains a technical
concept to the judge and jury
◉ Disk Forensics. Answer: The process of acquiring and analyzing
information stored on physical storage media, such as computer
hard drives, smartphones, GPS systems, and removable media.
includes both the recovery of hidden and deleted information and
the process of identifying who created a file or message
◉ E-mail Forensics. Answer: The study of the source and content of
e-mail as evidence. Includes the process of identifying the sender,
recipient, date, time, and origination location of an e-mail message.
Used to identify harassment, discrimination, or unauthorized
activities.
, ◉ Network Forensics. Answer: The process of examining network
traffic, including transaction logs and real-time monitoring using
sniffers and tracing
◉ Internet Forensics. Answer: The process of piecing together
where and when a user has been on the Internet.
◉ Software Forensics. Answer: The process of examining malicious
computer code; also called malware forensics
◉ Live System Forensics. Answer: The process of searching memory
in real time, typically for working with compromised hosts or to
identify system abuse.
◉ Extended data out dynamic random access memory (EDO DRAM).
Answer: Single-cycle EDO has the ability to carry out a complete
memory transaction in one clock cycle. Otherwise, each sequential
RAM access within the same page takes two clock cycles instead of
three, once the page has been selected.
◉ Asynchronous dynamic random access memory (ADRAM).
Answer: Not synchronized to the CPU clock
◉ Synchronous dynamic random access memory (SDRAM). Answer:
A replacement for EDO
CYBERSECURITY EXAM 2026 INCIDENT
RESPONSE QUESTION BANK FORENSIC
WORKBOOK SOLVED ITEMS
◉ Expert Report. Answer: A formal document that lists the tests you
conducted, what you found, and your conclusions. It also includes
your curriculum vita (CV), is very thorough, and tends to be very
long. In most cases an expert cannot directly testify about anything
not in his or her expert report.
◉ Curriculum Vitae (CV). Answer: Like a resume, only much more
thorough and specific to your work experience as a forensic
investigator.
◉ Deposition. Answer: Testimony taken from a witness or party to a
case before a trial; less formal and is typically held in an attorney's
office.
◉ Digital Evidence. Answer: Information that has been processed
and assembled so that it is relevant to an investigation and supports
a specific finding or determination.
,◉ Chain of Custody. Answer: The continuity of control of evidence
that makes it possible to account for all that has happened to
evidence between its original collection and its appearance in court,
preferably unaltered.
◉ Objectives of Computer Forensics. Answer: Recover computer-
based material
Analyze computer-based material
Present computer-based material
◉ Goals of Opposing Counsel in a Deposition. Answer: To find out as
much as possible about your position, methods, conclusions, and
even your side's legal strategy
To get you to commit to a position you may not be able to defend
later
◉ Real Evidence. Answer: A physical object that someone can touch,
hold, or directly observe. Examples: include a laptop with a suspect's
fingerprints on the keyboard, a hard drive, a universal serial bus
(USB) drive, or a handwritten note.
,◉ Documentary Evidence. Answer: Data stored as written matter, on
paper or in electronic files; includes memory-resident data and
computer files. Examples: e-mail messages, logs, databases,
photographs, and telephone call-detail records
◉ Testimonial Evidence. Answer: Information that forensic
specialists use to support or interpret real or documentary evidence
◉ Demonstrative Evidence. Answer: Information that helps explain
other evidence. An example is a chart that explains a technical
concept to the judge and jury
◉ Disk Forensics. Answer: The process of acquiring and analyzing
information stored on physical storage media, such as computer
hard drives, smartphones, GPS systems, and removable media.
includes both the recovery of hidden and deleted information and
the process of identifying who created a file or message
◉ E-mail Forensics. Answer: The study of the source and content of
e-mail as evidence. Includes the process of identifying the sender,
recipient, date, time, and origination location of an e-mail message.
Used to identify harassment, discrimination, or unauthorized
activities.
, ◉ Network Forensics. Answer: The process of examining network
traffic, including transaction logs and real-time monitoring using
sniffers and tracing
◉ Internet Forensics. Answer: The process of piecing together
where and when a user has been on the Internet.
◉ Software Forensics. Answer: The process of examining malicious
computer code; also called malware forensics
◉ Live System Forensics. Answer: The process of searching memory
in real time, typically for working with compromised hosts or to
identify system abuse.
◉ Extended data out dynamic random access memory (EDO DRAM).
Answer: Single-cycle EDO has the ability to carry out a complete
memory transaction in one clock cycle. Otherwise, each sequential
RAM access within the same page takes two clock cycles instead of
three, once the page has been selected.
◉ Asynchronous dynamic random access memory (ADRAM).
Answer: Not synchronized to the CPU clock
◉ Synchronous dynamic random access memory (SDRAM). Answer:
A replacement for EDO
