Program: Diploma in Computer Engineering Program Code:- CO

Scheme:- I Semester:- SIXTH

Course:- Emerging Trends in Computer & IT Course Code:- 22618

Unit 03 – Basics of Digital Forensic Marks:- 08

3.1 Digital forensics Introduction to digital forensic, History of forensic, Rules of digital forensic,
Definition of digital forensic, Digital forensics investigation and its goal
3.2 Models of Digital Forensic Investigation Road map for Digital Forensic Research (RMDFR)
Investigative Model Abstract Digital Forensics Model (ADFM) Integrated Digital Investigation Process
(IDIP) End to End digital investigation process (EEDIP) An extended model for cybercrime investigation
UML modeling of digital forensic process model (UMDFPM)
3.3 Ethical issues in digital forensic
General ethical norms for investigators, Unethical norms for investigation

1. Digital forensics is all of them except:

A. Extraction of computer data.

B. Preservation of computer data.

C. Interpretation of computer data.

D. Manipulation of computer data.

2. IDIP stands for

A. Integrated Digital Investigation Process.

B. Integrated Data Investigator Process.

C. Integrated Digital Investigator Process.

D. Independent Digital Investigator Process.

3. Who proposed Road Map for Digital Forensic Research (RMDFR)

A. G.Gunsh.

B. S.Ciardhuain

C. J.Korn.

D. G.Palmar

4. The investigator should satisfy the following points:

A. Hypothetical

B. Nested

C. Challenging

D. Contradictory

6. More subtle because you are not aware that you are running these macros (the document opens
and the application automatically runs); spread via email

A. The purpose of the copyright

B. The danger of macro viruses

C. Derivative works

D. computer-specific crime

7. There are three c's in computer forensics. Which is one of the three?

A. Control

B. Chance

C. Chains

D. Core

8. When Federal Bureau Investigation program was created?

9. When the field of PC forensics began?

10. What is Digital Forensic?

A. Process of using scientific knowledge in analysis and presentation of evidence in court

B. The application of computer science and investigative procedures for a legal purpose involving
the analysis of digital evidence after proper search authority, the chain of custody, validation with
mathematics, use of validated tools, repeatability, reporting, and possible expert presentation

C. process where we develop and test hypotheses that answer questions about digital events

D. Use of science or technology in the investigation and establishment of the facts or evidence in a
court of law
11. Digital Forensics entails .

A. Accessing the system's directories viewing mode and navigating through the various systems files
and folders

B. Undeleting and recovering lost files

C. Identifying and solving computer crimes

D. The identification, preservation, recovery, restoration, and presentation of digital evidence from
systems and devices

12. Which of the following is FALSE?

A. The digital forensic investigator must maintain absolute objectivity

B. It is the investigator’s job to determine someone’s guilt or innocence.

C. It is the investigator‟s responsibility to accurately report the relevant facts of a case.

D. The investigator must maintain strict confidentiality, discussing the results of an investigation on
only a “need to know”

13. What is the most significant legal issue in computer forensics?

A. Preserving Evidence

B. Seizing Evidence

C. Admissibility of Evidence

D. Discovery of Evidence

14. phase includes putting the pieces of a digital puzzle together and developing investigative
hypotheses

A. Preservation phase

B. Survey phase

C. Documentation phase

D. Reconstruction phase

E. Presentation phase
15. In phase investigator transfers the relevant data from a venue out of physical or administrative
control of the investigator to a controlled location

A. Preservation phase

B. Survey phase

C. Documentation phase

D. Reconstruction phase

E. Presentation phase

16. In phase investigator transfers the relevant data from a venue out of physical or administrative
control of the investigator to a controlled location

A. Preservation phase

B. Survey phase

C. Documentation phase

D. Reconstruction phase

E. Presentation phase

17. Computer forensics do not involve activity.

A. Preservation of computer data.

B. Extraction of computer data.

C. Manipulation of computer data.

D. Interpretation of computer data.

18. A set of instruction compiled into a program that perform a particular task is known as:

A. Hardware. B.CPU

C. Motherboard

D. Software

19. Which of following is not a rule of digital forensics?

A. An examination should be performed on the original data

B. A copy is made onto forensically sterile media. New media should always be used if available.

C. The copy of the evidence must be an exact, bit-by-bit copy

D. The examination must be conducted in such a way as to prevent any modification of the evidence.
20. To collect and analyze the digital evidence that was obtained from the physical investigation
phase, is the goal of which phase?

A. Physical crime investigation

B. Digital crime investigation.

C. Review phase.

D. Deployment phase.

21. To provide a mechanism to an incident to be detected and confirmed is purpose of which

A. Physical crime investigation

B. Digital crime investigation.

C. Review phase.

D. Deployment phase.

22. Which phase entails a review of the whole investigation and identifies an area of
improvement?

A. Physical crime investigation

B. Digital crime investigation.

C. Review phase.

D. Deployment phase

23. is known as father of computer forensic.

A. G. Palmar

B. J. Korn

C. Michael Anderson

D. S.Ciardhuain.

24. _is well established science where various contribution have been made

A. Forensic

B. Crime

C. Cyber Crime

D. Evidence
25. Who proposed End to End Digital Investigation Process (EEDIP)?

A. G. Palmar

B. Stephenson

C. Michael Anderson

D. S.Ciardhuain

26. Which model of Investigation proposed by Carrier and Safford?

A. Extended Model of Cybercrime Investigation (EMCI)

B. Integrated Digital Investigation Process(IDIP)

C. Road Map for Digital Forensic Research (RMDFR)

D. Abstract Digital Forensic Model (ADFM)

27. Which of the following is not a property of computer evidence?

A. Authentic and Accurate.

B. Complete and Convincing.

C. Duplicated and Preserved.

D. Conform and Human Readable.

28. can makes or breaks investigation.

A. Crime

B. Security

C: Digital Forensic

D: Evidence

29. is software that blocks unauthorized users from connecting to your computer.

A. Firewall

B. Quick launch

C. OneLogin

D. Centrify
30. Which of the following are general Ethical norms for Investigator?

A. To contribute to society and human beings. B. To avoid harm to others.

C. To be honest and trustworthy. D. All of the above

E. None of the above

31. Which of the following are Unethical norms for Investigator?

A. Uphold any relevant evidence.

B. Declare any confidential matters or knowledge.

C. Distort or falsify education, training, credentials.

D. All of the above

E. None of the above

32. Which of the following is not a general ethical norm for Investigator?

A. To contribute to society and human beings. B. Uphold any relevant Evidence.

C. To be honest and trustworthy. D. To honor confidentially.

33. Which of the following is a not unethical norm for Digital Forensics Investigation?

A. Uphold any relevant evidence.

B. Declare any confidential matters or knowledge.

C. Distort or falsify education, training, credentials.

D. To respect the privacy of others.

34. What is called as the process of creation a duplicate of digital media for purpose of examining
it?

A. Acquisition.

B. Steganography.

C. Live analysis

D. Hashing.
35. Which term refers to modifying a computer in a way which was not originally intended to view
Information?

A. Metadata

B. Live analysis

C. Hacking

D. Bit Copy

36. The ability to recover and read deleted or damaged files from a criminal’s computer is an
example of a law enforcement specialty called?

A. Robotics

B. Simulation

C. Computer Forensics

D. Animation

37. What are the important parts of the mobile device which used in Digital forensic?

A. SIM

B. RAM

C. ROM.

D.EMMC chip

38. Using what, data hiding in encrypted images be carried out in digital forensics?

A. Acquisition.

B. Steganography.

C. Live analysis

D. Hashing.

39. Which of this is not a computer crime?

A. e-mail harassment

B. Falsification of data.

C. Sabotage.

D. Identification of data
40. Which file is used to store the user entered password?

A. .exe

B. .txt

C. .iso

D. .sam

41. is the process of recording as much data as possible to create reports and analysis on user
input.

A. Data mining

B. Data carving

C. Metadata

D. Data Spoofing.

42. searches through raw data on a hard drive without using a file system.

A. Data mining

B. Data carving

C. Metadata

D. Data Spoofing.

43. What is the first step to Handle Retrieving Data from an Encrypted Hard Drive?

A. Formatting disk

B. Storing data

C. Finding configuration files.

D. Deleting Files