Digital Forensics Essentials Certification Exam | Complete Solutions (Answered)

Digital Forensics Essentials Certification Exam | Complete Solutions (Answered) Jack, a disgruntled employee of an organization, gained access to the organization's database server. He manipulated client records stored on the database server to damage the reputation of the organization and to make the organization face legal consequences for losing integrity. Identify the type of attack performed by Jack in the above scenario. External attack Brute-force attack Internal attack Trojan horse attack Identify the SWGDE standards and criteria stating that the agency management must review the SOPs on an annual basis to ensure their continued suitability and effectiveness. Standards and Criteria 1.1 Standards and Criteria 1.2 Standards and Criteria 1.3 Standards and Criteria 1.4 James, a newly recruited employee of an organization, received an email containing a fake appointment letter. The letter claims to have been sent by the real organization. James failed to identify the legitimacy of the letter and downloaded it. Consequently, malicious software was installed on his system, and it provided remote access to the attacker. Identity the type of cybercrime performed by James in the above scenario. Denial-of-service attack Privilege escalation attack SQL injection attack Phishing attack Which of the following types of cybercrime involves taking advantage of unsanitized input vulnerabilities to pass commands through a web application and thereby retrieve information from the target database? SQL injection attack Brute-force attack Espionage Trojan horse attack Benjamin, a professional hacker, joined as an intern in an organization and obtained some permissions to access the resources related to his job. Soon after gaining trust in the organization, he obtained elevated permissions to access restricted parts of the network. Thus, he gained access to confidential data of the organization. Identify the type of attack performed by Benjamin in the above scenario. Session hijacking attack SQL injection attack Privilege escalation attack Denial-of-service attack Henry, a professional hacker, targeted an organization to gain illegitimate access to its server. He launched an SQL injection attack from a remote location on the target server to obtain users' credentials. Which of the following types of attack has Henry performed in the above scenario? Insider attack Trojan horse attack External attack Internal attack Medicing Inc. targeted their competitor organization to steal information about their product that gained immense popularity within a brief period. For this purpose, Medicing Inc. employed Don, a professional hacker. Don performed open-source intelligence gathering and analyzed the target product's details. Using the obtained information, Medicing Inc. created a similar product and launched it with a lower price. Identify the cybercrime demonstrated in the above scenario. Privilege escalation Espionage Spoofing Phishing Don, a professional hacker, targeted Johana's official email account to steal her project-related files stored in it. In this process, Don tried all the possible combinations of password characters through the trial-and-error method and finally logged into her account. Identify the type of cybercrime demonstrated in the above scenario. Keylogger attack Brute-force attack Hybrid attack Dictionary attack Which of the following types of attack is performed using a seemingly harmless program containing malicious code that can later gain control and cause damage, such as destruction of the file allocation table on a hard disk? Trojan Horse Attack Identify the type of cybercrime that involves the theft of trade secrets, copyrights, or patent rights of an asset or material belonging to individuals or entities, resulting in huge losses to the target organization. Intellectual property theft Data manipulation Phishing Trojan horse attack Which of the following types of cybercrime is an offensive activity in which a computer connected to the web is employed as a source point to damage an organization's reputation? Privilege escalation Cyber defamation Data manipulation Intellectual property theft Which of the following types of digital evidence in a computer system will be lost as soon as the system is powered off? Swap file Slack space Non-volatile data Volatile data Which of the following types of digital evidence is temporary information on a digital device that requires constant power supply to retain and is deleted if the power supply is interrupted? Unallocated clusters Slack space Non-volatile data Volatile data Grayson, a forensic investigator, was able to retrieve evidence from a device by authenticating with the information of a card and the user through the level of access, configurations, and permissions. Identify the device utilized by Grayson to obtain the evidence Surveillance camera Thumb drive Router Biometric scanner Calvin, a forensic crime investigator, retrieved evidence from a device that consists of usage logs, time and date information, network identity information, and ink cartridges. Identify the device from which Calvin obtained the evidence. Switch Printer Modem Hub Which of the following rules of evidence states that investigators must provide supporting documents regarding the legitimacy of the evidence, with details such as the source of the evidence and its relevance to the case? Authentic Admissible Reliable Complete Identify the rule of evidence stating that investigators and prosecutors must present evidence in a clear and comprehensible manner to the members of the jury. Reliable Authentic Understandable Admissible John, a security specialist, was investigating a criminal case. He extracted all the possible evidence from a suspected laptop, created an exact copy of the evidence, and submitted the evidence as is to the jury members without any intermediary tampering. Identify the evidence rule demonstrated in the above scenario. Understandable Authentic Admissible Reliable Jayden, a forensic investigator, was appointed to investigate a powered-off system recovered from a crime scene. He found many locked files in that computer and suspected that those files might contain information useful to identify the criminals. Which of the following evidence sources provided Jayden with useful information during the investigation? Password-protected files Compressed files Hidden files Misnamed files Which of the following is a user-created evidence source that can assist forensic investigators in recording and analyzing whether the victim stored any malicious links or URLs? Database files Internet bookmarks Address books Media files Aiden, an investigation officer, was investigating a suspected system from which a critical document was sent without permission. In this process, he discovered potential evidence from documents, film cartridges, and phone numbers to which the document was sent. Identify the source of potential evidence from which Aiden gathered the above information. Thumb drive Scanner Global Positioning System Fax machine Asher, a forensics specialist, was able to retrieve evidence from a device through its address book, notes, appointment calendars, phone numbers, email, etc. Which of the following devices did Asher acquire the evidence from? Network interface card Digital watch Fax machine Router Identify the SWGDE standards and criteria insisting that all the activities related to the seizure, storage, examination, or transfer of digital evidence must be recorded in writing and made available for review and testimony. Standards and Criteria 1.2 Standards and Criteria 1.1 Standards and Criteria 1.6 Standards and Criteria 1.5 Which of the following Federal Rules of Evidence states, "rules should be construed so as to administer every proceeding fairly, eliminating unjustifiable expense and delay, and promoting the development of evidence law, to the end of ascertaining the truth and securing a just determination"? Rule 103: Rulings on Evidence Rule 101: Scope Rule 102: Purpose Preserving a claim of error Identify the SWGDE standards and criteria stating that the agency must use hardware and software appropriate and effective for the seizure or examination procedure. Standards and Criteria 1.5 Standards and Criteria 1.1 Standards and Criteria 1.4 Standards and Criteria 1.2 Identify the SWGDE standards and criteria stating that the agency must maintain written copies of appropriate technical procedures. Standards and Criteria 1.2 Standards and Criteria 1.1 Standards and Criteria 1.5 Standards and Criteria 1.4 Given below are the different steps involved in forensic readiness planning. 1. Determine the sources of evidence. 2. Establish a legal advisory board to guide the investigation process. 3. Establish a policy for securely handling and storing the collected evidence. 4. Identify the potential evidence required for an incident. 5. Keep an incident response team ready to review the incident and preserve the evidence. 6. Identify if the incident requires a full or formal investigation. 7. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption. 8. Create a process for documenting the procedure. What is the correct sequence of steps involved in forensic readiness planning? 4 - 1 - 7 - 3 - 6 - 8 - 2 - 5 6 - 8 - 4 - 2 - 7 - 5 - 3 - 1 1 - 3 - 4 - 2 - 5 - 7- 6 - 8 2 - 3 - 5 - 7 - 8 - 1 - 4 - 6 Which of the following steps of forensic readiness planning defines the purpose of evidence collection and gathering information to determine evidence sources that can help deal with the crime and design the best methods of collection? Determine the sources of evidence Identify if the incident requires full or formal investigation Identify the potential evidence required for an incident Create a process for documenting the procedure In which of the following steps of forensic readiness planning does an investigator determine what currently happens to the potential evidence data and its impact on the business while retrieving the information? Identify the potential evidence required for an incident Establish a legal advisory board to guide the investigation process Determine the sources of evidence Create a process for documenting the procedure In which of the following steps of forensic readiness planning do investigators devise a strategy to ensure the collection of evidence from all relevant sources and ensure its preservation in a legally sound manner while causing minimal disruption to work? Define a policy that determines the pathway to legally extract electronic evidence Identify if the incident requires full or formal investigation Establish a legal advisory board to guide the investigation process Create a process for documenting the procedure Identify the benefit an incident response team offers an organization if the team is forensically ready. Maximizes the cost of regulatory or legal requirements for disclosure of data Ensures that the investigation meets all regulatory requirements Allows attackers to cover their tracks Increases the complexity of evidence gathering Which of the following tasks is the responsibility of a forensic investigator? Configure network components Update and release patches for devices Manage servers and operating systems Evaluate the damage due to a security breach Which of the following is a quality that makes one a good computer forensics investigator? Well-versed in a single computer platform or technology Inability to control emotions when dealing with issues that induce anger Lack of patience and willingness to work long hours Knowledge of the laws relevant to the case Which of the following qualities is required for a good computer forensics investigator? Well-versed in more than one computer platform Lack of patience and willingness to work long hours Well-versed in a specific computer platform Minimal analytical skills to find evidence Which of the following tasks is NOT the responsibility of a forensic investigator? Ensure appropriate handling of the evidence Identify and recover data required for investigation Configure network components Reconstruct the damaged storage devices Which of the following practices is NOT a good quality of a computer forensics investigator? Excellent writing skills to detail findings in the report Interviewing skills to gather extensive information Lack of patience and willingness to work long hours Has knowledge of the laws relevant to the case Which of the following laws was enacted in 1999 and requires financial institutions—companies offering consumers financial products or services such as loans, financial or investment advice, or insurance—to explain their information-sharing practices to their customers and to safeguard sensitive data? GDPR - General Data Protection Regulation HIPAA - Health Insurance Portability and Accountability Act PCI DSS - Payment Card Industry Data Security Standard GLBA - Gramm-Leach-Bliley Act Which of the following acts was passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations? DPA - Data Processing Agreement SOX - The Sarbanes-Oxley Act of 2002 GDPR - General Data Protection Regulation ECPA - Electronic Communications Privacy Act of 1986 Which of the following titles of ECPA addresses the privacy of the contents of files stored by service providers and records held about the subscriber by service providers, such as subscriber name, billing records, and IP addresses? Title II Title I Title III Title IV Title II: Also called the Stored Communications Act (SCA), Title II protects the privacy of the contents of files stored by service providers and of records held about the subscriber by service providers, such as subscriber name, billing records, or IP addresses. Which of the following is a proprietary information security standard for organizations that handle cardholder information for major debit, credit, prepaid, e-purse, ATM, and POS cards? PCI DSS - Payment Card Industry Data Security Standard FISMA - Federal Information Security Modernization Act 2002 GDPR - General Data Protection Regulation HIPAA - Health Insurance Portability and Accountability Act Identify HIPAA's administrative statute and rules that require employers to have standard national numbers that identify them on standard transactions. Electronic Transaction and Code Sets Standards Enforcement Rule National Provider Identifier Standard Employer Identifier Standard Which of the following countries implements the cyber law "Regulation of Investigatory Powers Act 2000"? United States United Kingdom India Australia In which of the following investigation phases does the forensic officer perform data acquisition, preservation, and analysis of evidentiary data to identify the source of a crime and the culprit? Preparatory phase Post-investigation phase Investigation phase Pre-investigation phase Which of the following phases of the forensics investigation process involves setting up a computer forensics lab, building a forensics workstation, developing an investigation toolkit, building an investigation team, and obtaining approval from the relevant authority? Pre-investigation phase Investigation phase Documenting phase Post-investigation phase Lincoln, a forensic investigator, collected evidence from a crime scene. He used some hardware and software tools to complete the investigation process. Lincoln then created a report and documented all the actions performed during the investigation. Identify the investigation phase Lincoln is currently in. Investigation phase Pre-investigation phase Post-investigation phase Preparatory phase Thomas, a forensic investigator, was working on a suspected machine to gather potential evidence. In this process, he went through all the evidence sources such as logs, configuration files, and cookies. Subsequently, he analyzed the evidentiary data to identify the criminal. Identify the forensics investigation phase demonstrated in the above scenario. Investigation phase Post-investigation phase Pre-investigation phase Preparatory phase Before investigating a cybercrime, Joyce, a forensic investigator, sets up a computer forensics lab, builds a forensics workstation, develops an investigation toolkit, and secures the case perimeter and involved devices. Identify the investigation phase Joyce is currently in. Investigation phase Post-investigation phase Documenting phase Pre-investigation phase Identify the member in the forensics investigation team who offers a formal opinion in the form of a testimony in a court of law. Evidence manager Evidence examiner Expert witness Evidence documenter A company, Finance Miracle, hired Harry for a role in a forensics investigation team. Harry is responsible for examining incidents as per their type, how they affect the systems, the different threats, and the vulnerabilities associated with them. Identify the designation of Harry in the investigation team. Evidence examiner Photographer Incident analyzer Evidence manager Cooper, a member of a forensics investigation team, was investigating a cyber-attack performed on an organization. During the investigation process, Cooper secured the incident area and collected all the evidence, following which he disconnected the affected systems from other systems to stop the spread of the incident. Identify the role played by Cooper in the investigation team. Attorney Incident analyzer Incident responder Evidence examiner Robert, a forensics team member, was tasked with investigating an attack on a system. He investigated the attack based on the evidence, identified its type, determined how it affected the system, and identified other threats and vulnerabilities associated with the target system. What was the designation of Robert in the investigation team? Photographer Evidence documenter Incident analyzer Incident responder Charles, a forensics team member familiar with all the applicable laws, participated in a crime investigation process. The role of Charles in the team was to assist the forensic investigators by providing legal advice on how to conduct the investigation and address the legal issues involved in various tasks. Which of the following roles did Charles play in the above scenario? Expert witness Evidence examiner Evidence manager Attorney Given below are various activities involved in the computer forensics investigation methodology. 1 Evidence preservation 2 Documentation of the electronic crime scene 3 Search and seizure