Emerging Trends in Computer &IT (MSBTE) 3-14

Basics of Digital Forensics

Multiple Choice Questions (MCQS)

Q.1 Digital forensics is all them eXcept:
a) Extraction of computer data. b) Preservation of computer data.
Interpretation of computer data. d) Manipulation of computer data.
Q. 2 IDIP stands for
a
Integrated Digital Investigation Process. b) Integrated Data Investigator Process.
c) Integrated Digital Investigator Process. d) Independent Digital Investigator Process.
Q.3 Who proposed Road Map for Digital Forensic Research (RMDFR)
a G.Gunsh. b) S.Ciardhuain
c) J.Kon. d) G.Palmar
Q, 4 The investigator should satisfy the following points:
a) Contribute to society and human beings.
b) Avoid harm to others.
Honest and trustworthy. d) All of the above
Q. 5 In the past, the method for expressing an opinion has been to frame a question based on available factual
evidence.
a) Hypothetical b) -Nested
c) Challenging d) Contradictory
Q. 6
More subtile because you are not aware that you are running these macros (the document opens and the application
automatically runs); spread via email
a) The purpose of the copyright b) The danger of macro viruses
c) Derivative works d) Computer-specific crime
Q. 7 There are three c's in computer forensics. Which is one of the three?
a) Control b) Chance
c) Chains d) Core
Q. 8 When Federal Bureau Investigation program was created?
a) 1979 b) 1984
1995 d) 1989
Q. 9 When the field of PC forensics began?
a) 1960's b) 1970's
c) 1980's d) 1990's
Q.10 What is Digital Forensic ?
a Process of using scientific knowledge in analysis and presentation of evidence in cout
b) The application of computer sciernce and investigative procedures for a legal purpose involving the analysis of
digital evidence after proper search authority, the chain of Custody, validation with mathematics, use of validated
tools, repeatability, reporting, and possible expert presentation
c) process where we develop and test hypotheses that answer questions about digital events
d) Use of science or technology in the investigation and establishment of the facts or evidence in a court of law.
Techkooeledge
uatatts4
 Emerging Trends in Computer &IT (MSBTE) 3-15 Basics of Digital Forensics
Q. 11 Digital Forensics entails
a) Accessing the system's directories viewing mode and navigating through the various systems files and folders
b Undeleting and recovering lost files
c) ldentifying and solving computer crimes
The identification, preservation, recovery, restoration, and presentation of digital evidence from systems and
devices

a.12 Which of the following is FALSE?

a) The digital forenslc investigator must maintain absolute
objectivity
b) It is the investigator's job to determine someone's guilt or innocence.
c) It is the investigator's responsibility to accurately report the
relevant facts of a case.
d)
The investigator must maintain strict confidentiality, discussing the results of an investigation on only a "need to
know

Q. 13 What is the most significant legal issue in computer forensics?

a) Preserving Evidence b) Seizing Evidence
c) Admissibility of Evidence d) Discovery of Evidence
Q. 14
phase includes putting the pieces of a digital puzzle together and developing investigative hypotheses.
a) Preservation phase b) Survey phase
c) Documentation phase d) Reconstruction phase
e) Presentation phase
Q. 15 In phase investigator transfers the relevant data from a venue out of physical or administrative control of the
investigator to a controlled location
a) Preservation phase b) Survey phase
c) Documentation phase d) Reconstruction phase
e) Presentation phase
Q. 16 In phase investigator transfers the relevant data from a venue out of physical or administrative control of the
investigator to a controlled location
a) Preservation phase b) Surveyphase
c) Documentation phase d) Reconstruction phase
e)Presentation phase
Q. 17 Computer forensics do not involve activity.
a) Preservation of computer data. b) Extraction of computer data.
c) Manipulation of computer data. d) Interpretation of computer data.
Q. 18 Aset of instruction compiled intoa program that perfom a particular task is known as:
a) Hardware. b) CPU
c) Motherboard d) Software
Q. 19 Which of following is not a rule of digital forensics?
a) An examination should be performed on the original data
b) A copy is made onto torensically sterile media. New media should always be used if available.
The copy of the evidence must be an exact, bit-by-bit copy
d) The examination must be conducted in such a way as to prevent any modification of the evidence.
TechKnowietye
PUDIIatton s
 Basks of Dul
Emerging Trends in Computer &IT (MSBTE) 3-16
investigaton Fress
obtained tromthe physical
Q. 20 To collect and analyze the digital evidence that was
which phase? crime
investigation
a) Physical crimo investigatlon b) Digital
d) Deployment phase.
c) Review phase. which phase?
and contirmedis purpose of
Q. 21 To provide a mechanism to an incident to be detected invesigation.
b) Digitalcrime
a) Physical crime investigation d) Deployment phaso
Review phase. inprovernen?
and identifies an area of
investigation
Q. 22 Which phase entails a review of the whole
crirme invostigation
b) Digital
a) Physical crime investigation d) Deployment phase
c) Review phase
forensic.
Q. 23 is known as father of computer (b) J. Korn
(a) G. Palmar (d) S.Ciardhuain.
(c) Michael Anderson
where various contribution have been made
Q. 24 IS well established science b) Crime
a) Forensic
) Evidence
c) Cyber Crime
Digital Investigation Process (EEDIP)?
Q. 25 Who proposed End to End b) Stephenson
a) G. Palmar d) S.Ciardhuain
Michael Anderson

proposed by Carrier and Safford?

Q. 26 Which model of Investigation
Investigation (EMCI)
a) Extended Model of Cybercrime
Process(|DIP)
b) Integrated Digital Investigation
Road Map for
c) Digital Forensic Research (RMDFR)
d) Abstract Digital Forensic
Model (ADFM)
property of computer evidence?
Q. 27 Which of the following is not a
Accurate.
Authentic and
b) Complete and Convincing.
a)
d) Confom and Human Readable.
c) Duplicated and Preserved.
a. 28 can makes or breaks investigation.
Crime
b) Security
a
DigitalForensic d) Evidence
c)
connecting t0 your computer.
a. 29 is software that blocks unauthorized users from
Firewall b) Quick launch
a)
c) OnelLogin d) Centrity
for Investigator?
a.30 Which of the following are general Ethlcal norms
To avoid han to others.
a) Tocontribute tosociety and human beings. b)
c) To be honest and trustworthy. d) Allof the above
e) None of the above
#etltatit
 Emerging Trends in Computer &IT (MSBTE) 3-17 Basics of DigitalForensics
o 31 Which of the following are Unethical norms for Investigator?
a) Uphold any relevant evidence.
Declare any confidential matters or knowledge.
Distort or falsify education, training, credentials.
d) All of the above

e) None of the above

a. 32 Which of the following is not a general ethical norm for Investigator?

a) To contribute to society and human beings.
b) Uphold any relevant Evidence.
c) To be honest and trustworthy. d) To honor confidentially.
Q. 33 Which of the following is a not unethical norm for Digital Forensics Investigation?
a) Uphold any relevant evidence.
b) Declare any confidential matters or knowledge.
c) Distort or falsify education, training, credentials.
d) To respect the privacy of others.
Q. 34. What is called as the process of creation a duplicate of digital media for purpose of examining it?
a) Acquisition b) Steganography.
c) Live analysis d) Hashing.

Q. 35 Which term refers to modifying a computer in a way which was not originally intended to view information?
a) Metadata b) Live analysis
c) Hacking d) Bit Copy
Q. 36 The ability to recover and read deleted or damaged files from a criminal's computer is an
example of a law enforcement specialty called?
a Robotics b) Simulation
C) Computer Forensics d) Animation
a. 37 What are the important parts of the mobile device which used in Digital forensic?
a) SIM b) RAM
c) ROM. d) MMC chip
Q. 38 Using what, data hiding in encrypted images be carried out in digital forensics?
a) Acquisition. b) Steganography.
c) Live analysis d) Hashing.
Q. 39 Which of this is nota computer crime?
a) e-mail harassment b) Falsification of data.
c Sabotage. d) Identification of data
Q. 40 Which file is used to store the user entered passWord?
a) .exe b) .txt
c) .iso .sam

Tech Kaowiedse
PUDIcatios
 Ermeryjny Trends in Computer&iT (MKTE) repots and anasis
to create
Q. 41 much data as possithe
is the process of recoding ss
on user input.
b) Data caring
a) Data rrining d Data Spoofing.
c) Metadata
eyem
wthout usi ja fle
a, 42 BOarches through rau data on a hard drve
b) Data caving
Data rminirg
d) Data Spoofing
c) Metadata
Hard Drve?
Q. 43 What is theefirst step to Hardls Retrieing Data from an Encrypted
b) Storing dala
a) Fornatting disk
d) Deleting Fles
c) Finding cortiguratikon fies

Answers

0.7
O.1 Q.2

Q.14 0.15 Q.18

a.9 Q.10 b Q.11 Q.12 b 0.13 C

a.22 O.23 0.24

Q.17 0.18 0.19 Q.20 b Q.21

a30 Q31 O32

Q.25 b Q.28 b 0.27 d Q.28 Q.29

Q37 Q38 b Q.39 Q40

Q.33 Q.34 Q.35 Q.36

O.41 Q42 b Q43

 Emerging Trends in Computer& IT (MSBTE) 3-18
Basics of Digital
Q. 41
is the process of recording as much data as
possible to create
reports and analysis Porenstes,
on user input.
a) Data mining b) Data carving
c) d) Data Spoofing.
Metadata
Q.42 Searches through raw data on a bard drive without using a fle sysie
a
Data mining b) Data carving

c) Metadata d) Data Spoofing.

Q. 43 What is the first step to Handle Retrieving Data from an Encrypted Hard Dver
a) Formatting disk b) Storing data
c) Finding configuration files d) Deleting Files

Answers

Q.6 Q.7 0.8

Q.1 Q.2 Q.3 Q.4 Q.5

Q.9 Q.14 Q.15 Q.16

C Q.10 b Q.11 Q.12 b Q.13

Q.17 Q.22 C Q.23 Q.24

C Q.18 Q.19 Q.20 b Q.21

Q.25 b Q.29 Q.30 Q.31 Q.32

Q.26 b Q.27 d Q.28

Q.33 Q.34 Q.35 Q.36 C Q.37 b Q.38 b Q.39 Q.40 a

Q.41 Q.42 b Q.43

O00