Digital Forensics Quiz: Concepts, Tools, and Procedures

Verified

Added on 2023/06/04

AI Summary

This assignment is a digital forensics quiz consisting of twenty true or false questions. The questions cover a wide range of digital forensics topics including file signature analysis, volatile and latent data, slack space, the Locard Principle, read/write blockers, cloning and hashing, memory data, the Windows registry, metadata, link artifacts, anti-forensics techniques, electronic discovery, and the analysis of internet history. The quiz assesses the student's understanding of core concepts, tools, and procedures used in digital forensics investigations, emphasizing the importance of evidence handling, data integrity, and the application of forensic principles.

Q U E S T I O N 1
1. Because a file extension isn't the most reliable way of identifying a given file - a good
forensic tool should be able to identify files based on the header, not the file extension. This
comparison is generally known as a file signature analysis.
True
False
Q U E S T I O N 2
1. Data in RAM are considered volatile data and thus of value to investigators.
True
False
Q U E S T I O N 3
1. Latent data is a term to describe data that has been deleted or partially overwritten.
True
False
Q U E S T I O N 4
1. When you see unallocated space, it is okay to ignore them as it can be considered empty
space.
True
False
Q U E S T I O N 5
1. Slack space (or "file slack")should be of interest to investigators as you may be able to
recover fragments of the previous file.
True
False
Q U E S T I O N 6
1. The Locard Principle is a great way to guide your thinking as there will be some kind of a
digital "fingerprint" should an compute or network is accessed. There's always a trace!
True
False
Q U E S T I O N 7
1. There are two kinds of read/write blockers: software and hardware based.
True

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

False
Q U E S T I O N 8
1. FTK Imager would be considered a software read/write blocker.
True
False
Q U E S T I O N 9
1. Following the order of volatility is a good way to prioritize the evidence to be collected.
True
False
Q U E S T I O N 1 0
1. Following the chain of custody process is not a necessary element of making sure the
evidence is considered trustworthy and admissible.
True
False
Q U E S T I O N 1 1
1. Cloning a hard drive means you are making a copy of the active data on the hard drive.
True
False
Q U E S T I O N 1 2
1. Hashing helps you confirm that a clone is an exact duplicate of the evidence drive.
True
False
Q U E S T I O N 1 3
1. When collecting memory (or RAM data)- one file to collect is the hibernation file
(hiberfile.sys)
True
False
Q U E S T I O N 1 4
1. The windows registry, a database of configuration files, does not play a role in forensic
investigations and thus can be ignored.
True

False
Q U E S T I O N 1 5
1. Metadata can be highly valuable in giving you additional insights as to how and when the
data was manipulated (and in some cases - even the identify of the author!)
True
False
Q U E S T I O N 1 6
1. Link artifacts (.LNK) can be useful in proving the existence of an actual file e.g. an bad actor
may delete an file but not delete the .LNK artifacts which can show when someone
actually opened the file in question.
True
False
Q U E S T I O N 1 7
1. Anti forensics can include techniques like encryption, steganography, data destruction, or
timestomping.
True
False
Q U E S T I O N 1 8
1. Before collecting evidence, you don't need to worry about whether or not you have search
authority. It's better to do it and then ask for forgiveness later.
True
False
Q U E S T I O N 1 9
1. Electronic discovery is very similar to digital forensics where the person may be using the
same tools because it is all about making sure you can show chain of custody, integrity and
admissibility of the data that is offered to court.
True
False
Q U E S T I O N 2 0
1. When analyzing an user's Internet history - the NTUSER.Dat is one of the many valuable
artifacts because it includes the user's browser's history.
True
False

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the
internet. Academic press.
Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. digital investigation, 7,
S64-S73.