Question24Max. score: 2.00Which of these might represent what the analysis stage of the digital forensics process entails?Making conclusions about dataWriting down the chain of custodyHandling evidence with glovesGathering work and home computers

Which of these might represent what the analysis stage of the digital forensics process entails?Making conclusions about dataWriting down the chain of custodyHandling evidence with glovesGathering work and home computers

Question22Max. score: 1.00The stage of digital forensics process touches all other stages in the process is called?CommunicationDocumentationPresentationCollection

Question2Max. score: 2.00Which of following is not a rule of digital forensics?A copy is made onto forensically sterile media. New media should always be used if availableAn examination should be performed on the original dataThe copy of the evidence must be an exact, bit-by-bit copyThe examination must be conducted in such a way as to prevent any modification of the evidence

1.Question 1Digital forensics is commonly applied to which of the following activities?1 pointCriminal investigationIncident handlingData recoveryAll of the above2.Question 2NIST includes which three (3) as steps in collecting data? (Select 3)1 pointNormalize the dataVerify the integrity of the dataDevelop a plan to aquire the dataAcquire the data3.Question 3What is the primary purpose of maintaining a chain of custody?1 pointTo keep valuable hardware securely locked to tables or floors.So a person in possession of evidence will know who they are allowed to give it to nextTo avoid allegations of mishandling or tampering of evidence.To allow for accurate client billing4.Question 4True or False. Digital forensics had been used to solve a number of high-profile violent crimes.1 pointTrueFalse5.Question 5True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.1 pointTrueFalse6.Question 6Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?1 pointOverview & Case SummaryForensic Acquisition & Examination PreparationFindings & AnalysisConclusion7.Question 7Which types of files are appropriate subjects for forensic analysis?1 pointData filesImage and video filesApplication filesAll of the above8.Question 8Deleting a file results in what action by most operating systems?1 pointThe memory registers used by the file are erased and marked as available for new storage.Random data is immediately copied into the memory registers used by the file to obfuscate the previous contents.The memory registers used by the file are marked as available for new storage but are otherwise not changed.The file is copied to a trash or recycle folder and the original memory registers are erased.9.Question 9Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?1 pointA logical backupA disk-to-file backupAn incremental backupA disk-to-disk backup10.Question 10How does a forensic analysis use hash sets acquired from NIST's Software Reference Library project?1 pointThey provide a record of known encrypted malware.Hashes will help you quickly zero in on deleted files.They are useful in identifying files that were created outside the United States.They can quickly eliminate known good operating system and application files from consideration.11.Question 11Which three (3) of the following data types are considered non-volatile? (Select 3)1 pointFree spaceSwap filesLogsDump files12.Question 12Configuration files are considered which data type?1 pointVolatileNon-volatileStaticDynamic13.Question 13True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.1 pointTrueFalse14.Question 14Which three (3) of the following are application components? (Select 3)1 pointData filesOSI Application Layer protocolsApplication architectureAuthentication mechanisms15.Question 15Which of these applications would likely be of the least interest in a forensic analysis?1 pointWeb host dataPatch filesEmailChat16.Question 16The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)1 pointUDPICMPLDAPIPv4 / IPv617.Question 17Which device would you inspect if you were looking for event data correlated across a number of different network devices?1 pointRemote access serverIntrusion detection systemPacket snifferFirewall18.Question 18Which of these sources might require a court order in order to obtain the data for forensic analysis?1 pointSystem Event Management systemsIntrusion detection systemsISP recordsFirewalls

According to NIST, which step in the digital forensics process involves drawing conclusions from data?reportinganalysisexaminationcollection