WGU D431 LATEST 2026 STUDY GUIDE QUESTIONS AND
SOLUTIONS GUARANTEE A+
✔✔The Digital Millennium Copyright Act (DMCA) - ✔✔This controversial law was
enacted in 1998. It makes it a crime to publish methods or techniques to circumvent
copyright protection. It is controversial because it has been used against legitimate
researchers publishing research papers.
✔✔18 USC § 1028A Identity Theft and Aggravated Identity Theft - ✔✔As the name
suggests, this law targets any crime related to identity theft. It is often applied in stolen
credit card cases.
✔✔18 USC § 2251 Sexual Exploitation of Children - ✔✔This law covers a range of child
exploitation crimes and is often seen in child pornography cases. Related laws:
18 U.S.C. § 2260: Production of sexually explicit depictions of a minor for importation
into the United States
18 U.S.C. § 2252: Certain activities relating to material involving the sexual exploitation
of minors (possession, distribution, and receipt of child pornography)
18 U.S.C. § 2252A: Certain activities relating to material constituting or containing child
pornography
✔✔Security log - ✔✔This is probably the most important log from a forensics point of
view. It has both successful and unsuccessful login events. [anything about external
connections]
✔✔Application log - ✔✔This log contains various events logged by applications or
programs. Many applications record their errors here.
✔✔System log - ✔✔Contains events logged by Windows system components. This
includes events like driver failures. This particular log is not as interesting from a
forensics perspective as the other logs are.
✔✔Forwarded Events log - ✔✔Used to store events collected from remote computers.
This has data in it only if event forwarding has been configured.
✔✔Applications and Services logs - ✔✔This log is used to store events from a single
application or component rather than events that might have system wide impact.
✔✔GUID Partition Table - ✔✔Used primarily with computers that have an Intel-based
processor. It requires OS X v10.4 or later. Intel-based Mac OS machines can boot only
from drives that use it.
, ✔✔DFRWS Framework The Digital Forensic Research Workshop (DFRWS) -
✔✔Identification-Preservation-Collection-Examination-Analysis-Presentation
✔✔SWGDE Framework - ✔✔Collect
Preserve
Examine
Transfer
✔✔Event-Based Digital Forensics Investigation Framework - ✔✔Readiness phase
- contains the Operations Readiness subphase: training people and testing investigation
tools, and the Infrastructure Readiness subphase: configuring the equipment
Deployment phase
- includes the Detection and Notification subphase: someone detects an incident and
alerts investigators, and the Confirmation and Authorization subphase: investigators
receive authorization to conduct the investigation
Physical Crime Scene Investigation phase
Digital Crime Scene Investigation phase
Presentation phase
✔✔Macro Virus - ✔✔infect the macros in office documents. Many office products,
including Microsoft Office, allow users to write mini-programs. They can also be written
as a virus. This type of virus is very common due to the ease of writing such a virus.
✔✔Memory-resident virus - ✔✔installs itself and then remains in RAM from the time the
computer is booted up to when it is shut down.
✔✔Multi-partite virus - ✔✔attacks the computer in multiple ways—for example, infecting
the boot sector of the hard disk and one or more files.
✔✔Armored virus - ✔✔uses techniques that make it hard to analyze. This is done by
either compressing the code or encrypting it with a weak encryption method.
✔✔Sparse infector virus - ✔✔attempts to elude detection by performing its malicious
activities only sporadically. The user will see symptoms for a short period, then no
symptoms for a time. In some cases, the virus targets a specific program but the it only
executes every 10th time or 20th time that target program runs.
✔✔Polymorphic virus - ✔✔literally changes its form from time to time to avoid detection
by antivirus software. A more advanced form of this is called the Metamorphic virus; it
can completely rewrite itself.
✔✔Techniques of forensic analysis - ✔✔Live
Physical
Logical
SOLUTIONS GUARANTEE A+
✔✔The Digital Millennium Copyright Act (DMCA) - ✔✔This controversial law was
enacted in 1998. It makes it a crime to publish methods or techniques to circumvent
copyright protection. It is controversial because it has been used against legitimate
researchers publishing research papers.
✔✔18 USC § 1028A Identity Theft and Aggravated Identity Theft - ✔✔As the name
suggests, this law targets any crime related to identity theft. It is often applied in stolen
credit card cases.
✔✔18 USC § 2251 Sexual Exploitation of Children - ✔✔This law covers a range of child
exploitation crimes and is often seen in child pornography cases. Related laws:
18 U.S.C. § 2260: Production of sexually explicit depictions of a minor for importation
into the United States
18 U.S.C. § 2252: Certain activities relating to material involving the sexual exploitation
of minors (possession, distribution, and receipt of child pornography)
18 U.S.C. § 2252A: Certain activities relating to material constituting or containing child
pornography
✔✔Security log - ✔✔This is probably the most important log from a forensics point of
view. It has both successful and unsuccessful login events. [anything about external
connections]
✔✔Application log - ✔✔This log contains various events logged by applications or
programs. Many applications record their errors here.
✔✔System log - ✔✔Contains events logged by Windows system components. This
includes events like driver failures. This particular log is not as interesting from a
forensics perspective as the other logs are.
✔✔Forwarded Events log - ✔✔Used to store events collected from remote computers.
This has data in it only if event forwarding has been configured.
✔✔Applications and Services logs - ✔✔This log is used to store events from a single
application or component rather than events that might have system wide impact.
✔✔GUID Partition Table - ✔✔Used primarily with computers that have an Intel-based
processor. It requires OS X v10.4 or later. Intel-based Mac OS machines can boot only
from drives that use it.
, ✔✔DFRWS Framework The Digital Forensic Research Workshop (DFRWS) -
✔✔Identification-Preservation-Collection-Examination-Analysis-Presentation
✔✔SWGDE Framework - ✔✔Collect
Preserve
Examine
Transfer
✔✔Event-Based Digital Forensics Investigation Framework - ✔✔Readiness phase
- contains the Operations Readiness subphase: training people and testing investigation
tools, and the Infrastructure Readiness subphase: configuring the equipment
Deployment phase
- includes the Detection and Notification subphase: someone detects an incident and
alerts investigators, and the Confirmation and Authorization subphase: investigators
receive authorization to conduct the investigation
Physical Crime Scene Investigation phase
Digital Crime Scene Investigation phase
Presentation phase
✔✔Macro Virus - ✔✔infect the macros in office documents. Many office products,
including Microsoft Office, allow users to write mini-programs. They can also be written
as a virus. This type of virus is very common due to the ease of writing such a virus.
✔✔Memory-resident virus - ✔✔installs itself and then remains in RAM from the time the
computer is booted up to when it is shut down.
✔✔Multi-partite virus - ✔✔attacks the computer in multiple ways—for example, infecting
the boot sector of the hard disk and one or more files.
✔✔Armored virus - ✔✔uses techniques that make it hard to analyze. This is done by
either compressing the code or encrypting it with a weak encryption method.
✔✔Sparse infector virus - ✔✔attempts to elude detection by performing its malicious
activities only sporadically. The user will see symptoms for a short period, then no
symptoms for a time. In some cases, the virus targets a specific program but the it only
executes every 10th time or 20th time that target program runs.
✔✔Polymorphic virus - ✔✔literally changes its form from time to time to avoid detection
by antivirus software. A more advanced form of this is called the Metamorphic virus; it
can completely rewrite itself.
✔✔Techniques of forensic analysis - ✔✔Live
Physical
Logical
