Forensics and Network Intrusion Final Exam 2024/2025
Which web application weakness allows sensitive data to be unintentionally revealed
to an unauthorized user? (Correct Answers) Information Leakage
Which situation leads to a civil investigation? (Correct Answers) Disputes between
two parties that relate to a contract violation
What is a benefit of forensic readiness? (Correct Answers) Establishes procedures
for fast and efficient investigations
What should be considered when creating a forensic readiness plan? (Correct
Answers) Source of the evidence
Which rule does a forensic investigator need to follow? (Correct Answers) Use well-
known standard procedures
What is the focus of Locard's exchange principle? (Correct Answers) Anyone
entering a crime scene takes something with them and leaves something behind.
What is the focus of the enterprise theory of investigation (ETI)? (Correct Answers)
Solving one crime can tie it back to a criminal organization's activities
What allows for a lawful search to be conducted without a warrant or probable
cause? (Correct Answers) Consent of person with authority
A forensic investigator is tasked with retrieving evidence where the primary server
has been erased. The investigator needs to rely on network logs and backup tapes
to base their conclusions on while testifying in court.
Which information found in rules of evidence, Rule 1001, helps determine if this
testimony is acceptable to the court? (Correct Answers) Definition of original
evidence
When can a forensic investigator collect evidence without formal consent? (Correct
Answers) When properly worded banners are displayed on the computer screen
What do some states require before beginning a forensic investigation? (Correct
Answers) License
Which law protects customers' sensitive data by requiring financial institutions to
inform their customers of their information-sharing practices? (Correct Answers)
Gramm-Leach-Bliley Act (GLBA)
, Who determines whether a forensic investigation should take place if a situation is
undocumented in the standard operating procedures? (Correct Answers) Decision
Maker
What should a forensic lab do to maintain quality assurance during a digital forensic
investigation? (Correct Answers) Conduct validity testing on the tools
What is a common task of a computer forensic investigator? (Correct Answers)
Recovering deleted files, hidden files, and temporary data that could be used as
evidence
What is the process of live data acquisition? (Correct Answers) Acquiring volatile
data from a working system
What is the least volatile source of information when collecting evidence? (Correct
Answers) DVD-ROM
What is the type of analysis that a forensic investigator performs when running an
application in a sandbox environment? (Correct Answers) Dynamic
Which documentation should a forensic examiner prepare prior to a dynamic
analysis? (Correct Answers) The full path and location of the file being investigated
Which type of information can a forensic investigator find in a common metadata
field for a file? (Correct Answers) Network name
What is a forensic investigator analyzing when looking at the
/var/log/crashreporter.log from a Mac? (Correct Answers) Applications that stop
working
A forensic investigator is tasked with finding out if a suspect recently accessed a
specific folder on a network. Which registry key should the investigator analyze to
retrieve only the folder information? (Correct Answers) BagMRU
Which category of storage systems is characterized as being an independent node
having its own IP address? (Correct Answers) Network-Attached Storage (NAS)
What is an example of volatile data? (Correct Answers) Command history
Where can evidence be found on routers? (Correct Answers) Configuration files
What is a characteristic of Unicode UTF-32? (Correct Answers) Fixed-Width
Encoding
What is 4DD hexadecimal notation in binary? (Correct Answers) 10011011101
A forensic investigator is using a hex editor to view file signatures for graphics.
Which type of file is the investigator viewing when the first hexadecimal characters
are 42 4D? (Correct Answers) BMP
Which web application weakness allows sensitive data to be unintentionally revealed
to an unauthorized user? (Correct Answers) Information Leakage
Which situation leads to a civil investigation? (Correct Answers) Disputes between
two parties that relate to a contract violation
What is a benefit of forensic readiness? (Correct Answers) Establishes procedures
for fast and efficient investigations
What should be considered when creating a forensic readiness plan? (Correct
Answers) Source of the evidence
Which rule does a forensic investigator need to follow? (Correct Answers) Use well-
known standard procedures
What is the focus of Locard's exchange principle? (Correct Answers) Anyone
entering a crime scene takes something with them and leaves something behind.
What is the focus of the enterprise theory of investigation (ETI)? (Correct Answers)
Solving one crime can tie it back to a criminal organization's activities
What allows for a lawful search to be conducted without a warrant or probable
cause? (Correct Answers) Consent of person with authority
A forensic investigator is tasked with retrieving evidence where the primary server
has been erased. The investigator needs to rely on network logs and backup tapes
to base their conclusions on while testifying in court.
Which information found in rules of evidence, Rule 1001, helps determine if this
testimony is acceptable to the court? (Correct Answers) Definition of original
evidence
When can a forensic investigator collect evidence without formal consent? (Correct
Answers) When properly worded banners are displayed on the computer screen
What do some states require before beginning a forensic investigation? (Correct
Answers) License
Which law protects customers' sensitive data by requiring financial institutions to
inform their customers of their information-sharing practices? (Correct Answers)
Gramm-Leach-Bliley Act (GLBA)
, Who determines whether a forensic investigation should take place if a situation is
undocumented in the standard operating procedures? (Correct Answers) Decision
Maker
What should a forensic lab do to maintain quality assurance during a digital forensic
investigation? (Correct Answers) Conduct validity testing on the tools
What is a common task of a computer forensic investigator? (Correct Answers)
Recovering deleted files, hidden files, and temporary data that could be used as
evidence
What is the process of live data acquisition? (Correct Answers) Acquiring volatile
data from a working system
What is the least volatile source of information when collecting evidence? (Correct
Answers) DVD-ROM
What is the type of analysis that a forensic investigator performs when running an
application in a sandbox environment? (Correct Answers) Dynamic
Which documentation should a forensic examiner prepare prior to a dynamic
analysis? (Correct Answers) The full path and location of the file being investigated
Which type of information can a forensic investigator find in a common metadata
field for a file? (Correct Answers) Network name
What is a forensic investigator analyzing when looking at the
/var/log/crashreporter.log from a Mac? (Correct Answers) Applications that stop
working
A forensic investigator is tasked with finding out if a suspect recently accessed a
specific folder on a network. Which registry key should the investigator analyze to
retrieve only the folder information? (Correct Answers) BagMRU
Which category of storage systems is characterized as being an independent node
having its own IP address? (Correct Answers) Network-Attached Storage (NAS)
What is an example of volatile data? (Correct Answers) Command history
Where can evidence be found on routers? (Correct Answers) Configuration files
What is a characteristic of Unicode UTF-32? (Correct Answers) Fixed-Width
Encoding
What is 4DD hexadecimal notation in binary? (Correct Answers) 10011011101
A forensic investigator is using a hex editor to view file signatures for graphics.
Which type of file is the investigator viewing when the first hexadecimal characters
are 42 4D? (Correct Answers) BMP
