Computer Forensics 181 Questions
with Certified Solutions
True or False? Disk forensics includes both the recovery of hidden and deleted
information and the process of identifying who created a file or message. -
AnswerTrue
Alice is a computer hacker. She is attempting to cover her tracks by repeatedly
overwriting a cluster of data on a hard disk with patterns of 1s and 0s. What general
term describes Alice's actions?
-A- Obfuscation
-B- Data transformation
-C- Disk forensics
-D- Anti-forensics - AnswerD) Anti-forensics
One must be able to show the whereabouts and custody of evidence, and how it was
handled and stored and by whom, from the time the evidence is first seized by a law
enforcement officer or civilian investigator until the moment it is shown in court. What
standard does this refer to?
-A- Consistent scientific manner
-B- Real evidence
-C- Chain of custody
-D- Demonstrative evidence - AnswerC) Chain of custody
A computer crime suspect stores data where an investigator is unlikely to find it. What is
this technique called?
-A- Data destruction
-B- File system alteration
-C- Data transformation
-D- Data hiding - AnswerD) Data hiding
True or False? In most cases, law enforcement may not search a mobile phone without
a warrant if they do not have the owner's consent. - AnswerTrue
True or False? Internet forensics is the study of the source and content of email as
evidence. - AnswerFalse
True or False? Real evidence means physical objects that can be touched, held, or
directly observed, such as a laptop with a suspect's fingerprints on it. - AnswerTrue
True or False? A sector is the basic unit of data storage on a solid-state disk. -
AnswerFalse
,Which of the following is not true of computer forensics?
-A- A forensic specialist must adhere to stringent guidelines.
-B- The emphasis is on the volume of evidence.
-C- The objective is to recover, analyze, and present computer-based material in such a
way that it can be used as evidence in a court of law.
-D- Any device that can store data is potentially the subject of computer forensics. -
AnswerB) The emphasis is on the volume of evidence.
__________ is the concept that any scientific evidence presented in a trial has to have
been reviewed and tested by the relevant scientific community.
-A- Demonstrative evidence
-B- Documentary evidence
-C- The Daubert Standard
-D- Consistent scientific manner - AnswerC) The Daubert Standard
True or False? The Windows Registry is essentially a repository of all settings, software,
and parameters for Windows. - AnswerTrue
True or False? Disk forensics refers to the process of examining malicious computer
code. - AnswerFalse
What is the definition of a computer virus?
-A- An attacker keeps sending SYN packets but never responds to the SYN/ACK
packets it receives from the server
-B- Any software that self-replicates
-C- An attack in which the attacker seeks to infect several machines and use those
machines to overwhelm the target system to denial service
-D- An attack designed to overwhelm the target system so it can no longer reply to
legitimate requests for connection - AnswerB) Any software that self-replicates
True or False? The act of wrongfully obtaining another person's personal data is a
crime, with or without stealing any money. - AnswerTrue
True or False? Hackers break into computer systems and steal secret defense plans of
the United States. This is an example of a virus. - AnswerFalse
Feedback: This is an example of cyberterrorism.
True or False? Fraud refers to a broad category of crime that can encompass many
different activities, but essentially, it is any attempt to gain financial reward through
deception. - AnswerTrue
Which of the following is not true of cyberstalking?
-A- It involves repeated, threatening behavior.
-B- It occurs via social media or email.
-C- The intent is to target a human victim, not a computer or network.
, -D- Stalkers are often technically savvy computer criminals. - AnswerD) Stalkers are
often technically savvy computer criminals.
Feedback: Stalkers are often not the most technically savvy computer criminals.
Which of the following are subclasses of fraud?
-A- Investment offers and cyberstalking
-B- Investment offers and data piracy
-C- Hacking and cyberterrorism
-D- Cross-site scripting and data piracy - AnswerB) Investment offers and data piracy
Bill is an accountant for a construction firm. He receives an urgent email at 5:30 p.m. on
Friday that appears to be from his company's chief financial officer. The email is
approving a request for funds to be moved from a corporate account to a personal
account for the construction manager. The request is for the funds to be moved
immediately so that the manager can purchase equipment needed for a project to be
completed over the weekend. Bill notices that the sender's actual email account is from
a domain that is not affiliated with the company. What type of attack is likely underway?
-A- Spyware
-B- Phishing
-C- A denial of service (DoS) attack
-D- A SQL injection attack - AnswerB) Phishing
Feedback: Bill is likely experiencing a phishing attack.
True or False? Viruses are difficult to locate but easy to trace back to the creator. -
AnswerFalse
Feedback: Viruses are easy to locate but hard to trace to the creator.
How is cyberterrorism different from other cybercrimes?
-A- Attacks are motivated purely by financial gain.
-B- It is investigated by federal law enforcement.
-C- It is never leveraged by spyware programs.
-D- It always includes a logic bomb. - AnswerB) It is investigated by federal law
enforcement.
True or False? The process of connecting to a server and the exchange of three
packets is referred to as cross-site scripting. - AnswerFalse
Feedback: A three-way handshake involves the exchange of three packets.
True or False? The term "logic bomb" refers to a set pre-calculated hashes used for
cracking passwords. - AnswerFalse
with Certified Solutions
True or False? Disk forensics includes both the recovery of hidden and deleted
information and the process of identifying who created a file or message. -
AnswerTrue
Alice is a computer hacker. She is attempting to cover her tracks by repeatedly
overwriting a cluster of data on a hard disk with patterns of 1s and 0s. What general
term describes Alice's actions?
-A- Obfuscation
-B- Data transformation
-C- Disk forensics
-D- Anti-forensics - AnswerD) Anti-forensics
One must be able to show the whereabouts and custody of evidence, and how it was
handled and stored and by whom, from the time the evidence is first seized by a law
enforcement officer or civilian investigator until the moment it is shown in court. What
standard does this refer to?
-A- Consistent scientific manner
-B- Real evidence
-C- Chain of custody
-D- Demonstrative evidence - AnswerC) Chain of custody
A computer crime suspect stores data where an investigator is unlikely to find it. What is
this technique called?
-A- Data destruction
-B- File system alteration
-C- Data transformation
-D- Data hiding - AnswerD) Data hiding
True or False? In most cases, law enforcement may not search a mobile phone without
a warrant if they do not have the owner's consent. - AnswerTrue
True or False? Internet forensics is the study of the source and content of email as
evidence. - AnswerFalse
True or False? Real evidence means physical objects that can be touched, held, or
directly observed, such as a laptop with a suspect's fingerprints on it. - AnswerTrue
True or False? A sector is the basic unit of data storage on a solid-state disk. -
AnswerFalse
,Which of the following is not true of computer forensics?
-A- A forensic specialist must adhere to stringent guidelines.
-B- The emphasis is on the volume of evidence.
-C- The objective is to recover, analyze, and present computer-based material in such a
way that it can be used as evidence in a court of law.
-D- Any device that can store data is potentially the subject of computer forensics. -
AnswerB) The emphasis is on the volume of evidence.
__________ is the concept that any scientific evidence presented in a trial has to have
been reviewed and tested by the relevant scientific community.
-A- Demonstrative evidence
-B- Documentary evidence
-C- The Daubert Standard
-D- Consistent scientific manner - AnswerC) The Daubert Standard
True or False? The Windows Registry is essentially a repository of all settings, software,
and parameters for Windows. - AnswerTrue
True or False? Disk forensics refers to the process of examining malicious computer
code. - AnswerFalse
What is the definition of a computer virus?
-A- An attacker keeps sending SYN packets but never responds to the SYN/ACK
packets it receives from the server
-B- Any software that self-replicates
-C- An attack in which the attacker seeks to infect several machines and use those
machines to overwhelm the target system to denial service
-D- An attack designed to overwhelm the target system so it can no longer reply to
legitimate requests for connection - AnswerB) Any software that self-replicates
True or False? The act of wrongfully obtaining another person's personal data is a
crime, with or without stealing any money. - AnswerTrue
True or False? Hackers break into computer systems and steal secret defense plans of
the United States. This is an example of a virus. - AnswerFalse
Feedback: This is an example of cyberterrorism.
True or False? Fraud refers to a broad category of crime that can encompass many
different activities, but essentially, it is any attempt to gain financial reward through
deception. - AnswerTrue
Which of the following is not true of cyberstalking?
-A- It involves repeated, threatening behavior.
-B- It occurs via social media or email.
-C- The intent is to target a human victim, not a computer or network.
, -D- Stalkers are often technically savvy computer criminals. - AnswerD) Stalkers are
often technically savvy computer criminals.
Feedback: Stalkers are often not the most technically savvy computer criminals.
Which of the following are subclasses of fraud?
-A- Investment offers and cyberstalking
-B- Investment offers and data piracy
-C- Hacking and cyberterrorism
-D- Cross-site scripting and data piracy - AnswerB) Investment offers and data piracy
Bill is an accountant for a construction firm. He receives an urgent email at 5:30 p.m. on
Friday that appears to be from his company's chief financial officer. The email is
approving a request for funds to be moved from a corporate account to a personal
account for the construction manager. The request is for the funds to be moved
immediately so that the manager can purchase equipment needed for a project to be
completed over the weekend. Bill notices that the sender's actual email account is from
a domain that is not affiliated with the company. What type of attack is likely underway?
-A- Spyware
-B- Phishing
-C- A denial of service (DoS) attack
-D- A SQL injection attack - AnswerB) Phishing
Feedback: Bill is likely experiencing a phishing attack.
True or False? Viruses are difficult to locate but easy to trace back to the creator. -
AnswerFalse
Feedback: Viruses are easy to locate but hard to trace to the creator.
How is cyberterrorism different from other cybercrimes?
-A- Attacks are motivated purely by financial gain.
-B- It is investigated by federal law enforcement.
-C- It is never leveraged by spyware programs.
-D- It always includes a logic bomb. - AnswerB) It is investigated by federal law
enforcement.
True or False? The process of connecting to a server and the exchange of three
packets is referred to as cross-site scripting. - AnswerFalse
Feedback: A three-way handshake involves the exchange of three packets.
True or False? The term "logic bomb" refers to a set pre-calculated hashes used for
cracking passwords. - AnswerFalse
