ITN 276 Digital Forensics pt 1
questions with 100% correct
answers(100% accuracy)
Alice is a computer hacker. She is attempting to cover her tracks by
repeatedly overwriting a cluster of data on a hard disk with patterns of 1s
and 0s. What general term describes Alice's actions? - answer Anti-
forensics
What term describes information that forensic specialists use to support
or interpret real or documentary evidence? For example, a specialist might
demonstrate that a user stored specific photographs on a desktop. -
answer Testimonial evidence
__________ is the concept that any scientific evidence presented in a trial
has to have been reviewed and tested by the relevant scientific
community. - answer The Daubert Standard
True or False? Investigators must authenticate documentary evidence. -
answer True
Assume you run the __________ command on a computer. The command
displays the computer's Internet Protocol (IP) address, the IP address for
the default gateway, and more information. - answer ipconfig
One must be able to show the whereabouts and custody of evidence, and
how it was handled and stored and by whom, from the time the evidence
is first seized by a law enforcement officer or civilian investigator until the
moment it is shown in court. What standard does this refer to? - answer
Chain of custody
Which of the following is the process of examining data traffic, including
transaction logs and real-time monitoring using sniffers and tracing? -
answer Network forensics
, True or False? The Electronic Communications Privacy Act of 1986 protects
children 13 years of age and younger from the collection and use of their
personal information by websites. - answer False
True or False? Two ways to present evidence in a forensic case are the
expert report and expert testimony. - answer True
True or False? In most cases, law enforcement may not search a mobile
phone without a warrant if they do not have the owner's consent. - answer
True
True or False? A warrant is not needed when evidence is in plain sight. -
answer True
Which of the following is the best definition of "forensics"? - answer The
use of science and technology to investigate and establish facts in
criminal or civil courts of law
The __________ was passed to improve the security and privacy of sensitive
information in federal computer systems. The law requires the
establishment of minimum acceptable security practices, creation of
computer security plans, and training of system users or owners of
facilities that house sensitive information. - answer Computer Security Act
of 1987
Which of the following is not true of random access memory (RAM)? -
answer It cannot be changed.
__________ is the continuity of control of evidence that makes it possible to
account for all that has happened to evidence between its original
collection and its appearance in court, preferably unaltered. - answer The
chain of custody
True or False? Internet forensics is the study of the source and content of
email as evidence. - answer False
questions with 100% correct
answers(100% accuracy)
Alice is a computer hacker. She is attempting to cover her tracks by
repeatedly overwriting a cluster of data on a hard disk with patterns of 1s
and 0s. What general term describes Alice's actions? - answer Anti-
forensics
What term describes information that forensic specialists use to support
or interpret real or documentary evidence? For example, a specialist might
demonstrate that a user stored specific photographs on a desktop. -
answer Testimonial evidence
__________ is the concept that any scientific evidence presented in a trial
has to have been reviewed and tested by the relevant scientific
community. - answer The Daubert Standard
True or False? Investigators must authenticate documentary evidence. -
answer True
Assume you run the __________ command on a computer. The command
displays the computer's Internet Protocol (IP) address, the IP address for
the default gateway, and more information. - answer ipconfig
One must be able to show the whereabouts and custody of evidence, and
how it was handled and stored and by whom, from the time the evidence
is first seized by a law enforcement officer or civilian investigator until the
moment it is shown in court. What standard does this refer to? - answer
Chain of custody
Which of the following is the process of examining data traffic, including
transaction logs and real-time monitoring using sniffers and tracing? -
answer Network forensics
, True or False? The Electronic Communications Privacy Act of 1986 protects
children 13 years of age and younger from the collection and use of their
personal information by websites. - answer False
True or False? Two ways to present evidence in a forensic case are the
expert report and expert testimony. - answer True
True or False? In most cases, law enforcement may not search a mobile
phone without a warrant if they do not have the owner's consent. - answer
True
True or False? A warrant is not needed when evidence is in plain sight. -
answer True
Which of the following is the best definition of "forensics"? - answer The
use of science and technology to investigate and establish facts in
criminal or civil courts of law
The __________ was passed to improve the security and privacy of sensitive
information in federal computer systems. The law requires the
establishment of minimum acceptable security practices, creation of
computer security plans, and training of system users or owners of
facilities that house sensitive information. - answer Computer Security Act
of 1987
Which of the following is not true of random access memory (RAM)? -
answer It cannot be changed.
__________ is the continuity of control of evidence that makes it possible to
account for all that has happened to evidence between its original
collection and its appearance in court, preferably unaltered. - answer The
chain of custody
True or False? Internet forensics is the study of the source and content of
email as evidence. - answer False
