WGU C840 OA DIGITAL FORENSICS
ACTUAL QUESTIONS AND ANSWERS FULL
SOLUTION STUDY GUIDE
●● Testimonial evidence
Answer: Information that forensic specialists use to support or interpret
real or documentary evidence; for example, to demonstrate that the
fingerprints found on a keyboard are those of a specific individual.
●● Daubert standard
Answer: The standard holding that only methods and tools widely
accepted in the scientific community can be used in court.
●● If the computer is turned on when you arrive, what does the Secret
Service recommend you do?
Answer: Shut down according to the recommended Secret Service
procedure.
●● Communications Assistance to Law Enforcement Act of 1994
Answer: The Communications Assistance to Law Enforcement Act of
1994 is a federal wiretap law for traditional wired telephony. It was
expanded to include wireless, voice over packet, and other forms of
electronic communications, including signaling traffic and metadata.
,●● Digital evidence
Answer: Digital evidence is information processed and assembled so
that it is relevant to an investigation and supports a specific finding or
determination.
●● Federal Privacy Act of 1974
Answer: The Federal Privacy Act of 1974, a United States federal law
that establishes a code of Fair Information Practice that governs the
collection, maintenance, use, and dissemination of information about
individuals that is maintained in systems of records by U.S. federal
agencies.
●● Power Spy, Verity, ICU, and WorkTime
Answer: Spyware
●● good fictitious e-mail response rate
Answer: 1-3%
●● Which crime is most likely to leave e-mail evidence?
Answer: Cyberstalking
●● Where would you seek evidence that ophcrack had been used on a
Windows Server 2008 machine?
Answer: In the logs of the server; look for the reboot of the system
,●● A SYN flood is an example of what?
Answer: DoS attack
●● definition of a virus, in relation to a computer?
Answer: a type of malware that requires a host program or human help
to propagate
●● What is the starting point for investigating the denial of service
attacks?
Answer: Tracing the packets
●● China Eagle Union
Answer: The cyberterrorism group, the China Eagle Union, consists of
several thousand Chinese hackers whose stated goal is to infiltrate
Western computer systems. Members and leaders of the group insist that
not only does the Chinese government have no involvement in their
activities, but that they are breaking Chinese law and are in constant
danger of arrest and imprisonment. However, most analysts believe this
group is working with the full knowledge and support of the Chinese
government.
●● Rules of evidence
Answer: Rules that govern whether, when, how, and why proof of a legal
case can be placed before a judge or jury.
, ●● file slack
Answer: The unused space between the logical end of the file and the
physical end of the file. It is also called slack space.
●● The Analysis Plan
Answer: Before forensic examination can begin, an analysis plan should
be created. This plan guides work in the analysis process. How will you
gather evidence? Are there concerns about evidence being changed or
destroyed? What tools are most appropriate for this specific
investigation? A standard data analysis plan should be created and
customized for specific situations and circumstances.
●● What is the most important reason that you not touch the actual
original evidence any more than you have to?
Answer: Each time you touch digital data, there is some chance of
altering it.
●● You should make at least two bitstream copies of a suspect drive.
Answer: TRUE
●● To preserve digital evidence, an investigator should
Answer: make two copies of each evidence item using different imaging
tools
ACTUAL QUESTIONS AND ANSWERS FULL
SOLUTION STUDY GUIDE
●● Testimonial evidence
Answer: Information that forensic specialists use to support or interpret
real or documentary evidence; for example, to demonstrate that the
fingerprints found on a keyboard are those of a specific individual.
●● Daubert standard
Answer: The standard holding that only methods and tools widely
accepted in the scientific community can be used in court.
●● If the computer is turned on when you arrive, what does the Secret
Service recommend you do?
Answer: Shut down according to the recommended Secret Service
procedure.
●● Communications Assistance to Law Enforcement Act of 1994
Answer: The Communications Assistance to Law Enforcement Act of
1994 is a federal wiretap law for traditional wired telephony. It was
expanded to include wireless, voice over packet, and other forms of
electronic communications, including signaling traffic and metadata.
,●● Digital evidence
Answer: Digital evidence is information processed and assembled so
that it is relevant to an investigation and supports a specific finding or
determination.
●● Federal Privacy Act of 1974
Answer: The Federal Privacy Act of 1974, a United States federal law
that establishes a code of Fair Information Practice that governs the
collection, maintenance, use, and dissemination of information about
individuals that is maintained in systems of records by U.S. federal
agencies.
●● Power Spy, Verity, ICU, and WorkTime
Answer: Spyware
●● good fictitious e-mail response rate
Answer: 1-3%
●● Which crime is most likely to leave e-mail evidence?
Answer: Cyberstalking
●● Where would you seek evidence that ophcrack had been used on a
Windows Server 2008 machine?
Answer: In the logs of the server; look for the reboot of the system
,●● A SYN flood is an example of what?
Answer: DoS attack
●● definition of a virus, in relation to a computer?
Answer: a type of malware that requires a host program or human help
to propagate
●● What is the starting point for investigating the denial of service
attacks?
Answer: Tracing the packets
●● China Eagle Union
Answer: The cyberterrorism group, the China Eagle Union, consists of
several thousand Chinese hackers whose stated goal is to infiltrate
Western computer systems. Members and leaders of the group insist that
not only does the Chinese government have no involvement in their
activities, but that they are breaking Chinese law and are in constant
danger of arrest and imprisonment. However, most analysts believe this
group is working with the full knowledge and support of the Chinese
government.
●● Rules of evidence
Answer: Rules that govern whether, when, how, and why proof of a legal
case can be placed before a judge or jury.
, ●● file slack
Answer: The unused space between the logical end of the file and the
physical end of the file. It is also called slack space.
●● The Analysis Plan
Answer: Before forensic examination can begin, an analysis plan should
be created. This plan guides work in the analysis process. How will you
gather evidence? Are there concerns about evidence being changed or
destroyed? What tools are most appropriate for this specific
investigation? A standard data analysis plan should be created and
customized for specific situations and circumstances.
●● What is the most important reason that you not touch the actual
original evidence any more than you have to?
Answer: Each time you touch digital data, there is some chance of
altering it.
●● You should make at least two bitstream copies of a suspect drive.
Answer: TRUE
●● To preserve digital evidence, an investigator should
Answer: make two copies of each evidence item using different imaging
tools
