WGU D431 OA COMPUTER FORENSICS EXAM
4 2026 CYBER EVIDENCE ANALYSIS STUDY
GUIDE COMPLETE QUESTIONS AND ANSWERS
◉ Demonstrative evidence. Answer: Information that helps explain
other evidence. An example is a chart that explains a technical
concept to the judge and jury.
◉ Denial-of-service (DoS) attack. Answer: An attack designed to
overwhelm the target system so it can no longer reply to legitimate
requests for connection.
◉ Digital evidence. Answer: Information that has been processed
and assembled so that it is relevant to an investigation and supports
a specific finding or determination.
◉ Digital forensics. Answer: Computer forensics expanded to
include smartphones, smart watches, and other current and
forthcoming digital media and devices.
◉ Disaster recovery plan (DRP). Answer: A plan for returning the
business to full normal operations.
,◉ Disk forensics. Answer: The process of acquiring and analyzing
information stored on physical storage media, such as computer
hard drives or smartphones.
◉ Disk Operating System (DOS). Answer: A command-line operating
system.
◉ Disk striping. Answer: Distribution of data across multiple disk
sectors to improve speed (also called RAID 0).
◉ Distributed denial-of-service (DDoS) attack. Answer: An attack in
which the attacker seeks to infect several machines and use those
machines to overwhelm the target system to achieve a denial of
service.
◉ Documentary evidence. Answer: Data stored in written form, on
paper or in electronic files, such as email messages and telephone
call-detail records. Investigators must authenticate documentary
evidence.
◉ Drive geometry. Answer: The functional dimensions of a drive in
terms of the number of heads, cylinders, and sectors per track.
◉ Dump. Answer: A complete copy of every bit of memory or cache
recorded in permanent storage or printed on paper.
,◉ Electronic serial number (ESN). Answer: A unique identification
number developed by the U.S. Federal Communications Commission
(FCC) to identify cell phones.
◉ Email forensics. Answer: The study of the source and content of
email as evidence, including the identification of the sender,
recipient, date, time, and origination location of an email message.
◉ Enhanced data rates for GSM evolution (EDGE). Answer: A
technology that does not fit neatly into the 2G/3G/4G spectrum. It is
technically considered pre-3G but was an improvement on GSM
(2G).
◉ Euler's Totient. Answer: The total number of coprime numbers.
Two numbers are considered coprime if they have no common
factors.
◉ Expert report. Answer: A formal document prepared by a
forensics specialist to document an investigation, including a list of
all tests conducted as well as the specialist's own curriculum vitae
(CV). Anything the specialist plans to testify about at a trial must be
included in the expert report.
, ◉ Expert testimony. Answer: The testimony of an expert witness,
one who testifies on the basis of scientific or technical knowledge
relevant to a case, rather than personal experience.
◉ Feistel function. Answer: A cryptographic function that splits
blocks of data into two parts. It is one of the most influential
developments in symmetric block ciphers.
◉ File allocation table (FAT). Answer: The table used to store
cluster/file information.
◉ File slack. Answer: The unused space between the logical end of
file and the physical end of file. It is also called slack space.
◉ Foreign Intelligence Surveillance Act of 1978 (FISA). Answer: A
U.S. law that prescribes procedures for the physical and electronic
surveillance and collection of "foreign intelligence information"
between foreign powers and agents of foreign powers, which may
include U.S. citizens and permanent residents suspected of
espionage or terrorism.
◉ Fraud. Answer: A broad category of crime that can encompass
many different activities, but essentially any attempt to gain
financial reward through deception.
4 2026 CYBER EVIDENCE ANALYSIS STUDY
GUIDE COMPLETE QUESTIONS AND ANSWERS
◉ Demonstrative evidence. Answer: Information that helps explain
other evidence. An example is a chart that explains a technical
concept to the judge and jury.
◉ Denial-of-service (DoS) attack. Answer: An attack designed to
overwhelm the target system so it can no longer reply to legitimate
requests for connection.
◉ Digital evidence. Answer: Information that has been processed
and assembled so that it is relevant to an investigation and supports
a specific finding or determination.
◉ Digital forensics. Answer: Computer forensics expanded to
include smartphones, smart watches, and other current and
forthcoming digital media and devices.
◉ Disaster recovery plan (DRP). Answer: A plan for returning the
business to full normal operations.
,◉ Disk forensics. Answer: The process of acquiring and analyzing
information stored on physical storage media, such as computer
hard drives or smartphones.
◉ Disk Operating System (DOS). Answer: A command-line operating
system.
◉ Disk striping. Answer: Distribution of data across multiple disk
sectors to improve speed (also called RAID 0).
◉ Distributed denial-of-service (DDoS) attack. Answer: An attack in
which the attacker seeks to infect several machines and use those
machines to overwhelm the target system to achieve a denial of
service.
◉ Documentary evidence. Answer: Data stored in written form, on
paper or in electronic files, such as email messages and telephone
call-detail records. Investigators must authenticate documentary
evidence.
◉ Drive geometry. Answer: The functional dimensions of a drive in
terms of the number of heads, cylinders, and sectors per track.
◉ Dump. Answer: A complete copy of every bit of memory or cache
recorded in permanent storage or printed on paper.
,◉ Electronic serial number (ESN). Answer: A unique identification
number developed by the U.S. Federal Communications Commission
(FCC) to identify cell phones.
◉ Email forensics. Answer: The study of the source and content of
email as evidence, including the identification of the sender,
recipient, date, time, and origination location of an email message.
◉ Enhanced data rates for GSM evolution (EDGE). Answer: A
technology that does not fit neatly into the 2G/3G/4G spectrum. It is
technically considered pre-3G but was an improvement on GSM
(2G).
◉ Euler's Totient. Answer: The total number of coprime numbers.
Two numbers are considered coprime if they have no common
factors.
◉ Expert report. Answer: A formal document prepared by a
forensics specialist to document an investigation, including a list of
all tests conducted as well as the specialist's own curriculum vitae
(CV). Anything the specialist plans to testify about at a trial must be
included in the expert report.
, ◉ Expert testimony. Answer: The testimony of an expert witness,
one who testifies on the basis of scientific or technical knowledge
relevant to a case, rather than personal experience.
◉ Feistel function. Answer: A cryptographic function that splits
blocks of data into two parts. It is one of the most influential
developments in symmetric block ciphers.
◉ File allocation table (FAT). Answer: The table used to store
cluster/file information.
◉ File slack. Answer: The unused space between the logical end of
file and the physical end of file. It is also called slack space.
◉ Foreign Intelligence Surveillance Act of 1978 (FISA). Answer: A
U.S. law that prescribes procedures for the physical and electronic
surveillance and collection of "foreign intelligence information"
between foreign powers and agents of foreign powers, which may
include U.S. citizens and permanent residents suspected of
espionage or terrorism.
◉ Fraud. Answer: A broad category of crime that can encompass
many different activities, but essentially any attempt to gain
financial reward through deception.
