Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Investigation > Digital Forensics > Flashcards

Digital Forensics Flashcards

1
Q

Which of the following is a unique challenge of cloud forensics that is not encountered in traditional forensic investigations?

A. Jurisdiction of storage
B. A lack of frameworks and specialist tools
C. A lack of data control
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The information in a computer system’s event logs can yield valuable evidence because such logs record events and transactions that have occurred on the computer.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

During the analysis phase in digital forensic investigations, the fraud examiner should look for exculpatory evidence but not inculpatory evidence.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is TRUE regarding the types of information that digital forensic experts can typically recover from computer systems?

A. Digital forensic experts can recover time and date information about files, such as when they were created or modified
B. Digital forensic experts can recover information about websites that were visited on the computer system
C. Digital forensic experts can recover deleted emails, link files, and documents
D. All of the above

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When seizing a computer that is running, a fraud examiner should generally NOT search the computer for evidence because doing so might damage and taint relevant evidence.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

If you are seizing a computer for forensic analysis, it is generally unnecessary to seize printers connected to it.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is a matter that fraud examiners should consider when engaging in examinations involving computers?

A. Whether law enforcement should be notified
B. What to look for and where to look for it
C. Whether an outside digital forensic expert is needed
D all

A

D. All of the above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Forensic analysis should NOT be performed directly on suspect devices because doing so can alter or damage digital evidence.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is the MOST ACCURATE statement about the types of information that digital forensic experts can typically recover from computer systems?

A. Hidden files can never be recovered.
B. Communications sent via instant message or email cannot be recovered.
C. Data that are corrupted cannot be uncorrupted.
D. Deleted files that have been overwritten generally cannot be recovered.

A

D. Deleted files that have been overwritten generally cannot be recovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

When seizing a running computer for forensic examination, the seizing party should perform a graceful shutdown by turning off the computer using the normal shutdown process.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

During the analysis phase in digital forensic investigations, it is BEST to use just one forensic tool for identifying, extracting, and collecting digital evidence.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When a digital forensic examiner is seizing a running computer for examination, they can retrieve data from the computer while the system is open and operating like normal if the evidence needed exists only in the form of volatile data.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When seizing a computer for examination, the seizing party should look around the area for passwords because many people leave passwords written down near their computers.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

During the analysis phase in digital forensic investigations, the fraud examiner’s primary concern is to protect the collected information from seizure.

A. True
B. False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Even if files have been deleted from a target computer, it might be possible to recover those files.

A. True
B. False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Internet browsers create _____________, which store information about websites that a user has visited and images previously viewed online.

A. Operating system files
B. Temporary files
C. Event logs
D. System logs

A

B. Temporary files

17
Q

Which of the following is TRUE about using computer-created metadata in digital forensic investigations?

A. Metadata can help determine who edited or made changes to a document
B. Metadata can help determine when a document was copied and moved
C. Metadata can help determine who created or accessed a document
D. All of the above

A

D. All of the above

18
Q

Which of the following BEST describes the image acquisition process used in examinations involving digital evidence?

A. Taking photos of the digital equipment’s physical layout and connections
B. Creating an exact duplicate of the original storage media
C. Acquiring the digital evidence from the suspect
D. Analyzing the system’s data to identify evidence

A

B. Creating an exact duplicate of the original storage media

19
Q

Ashton, a digital forensic examiner for Cadence Irrigation, is conducting an internal investigation into the alleged theft of trade secrets from Cadence. Kirby, a Cadence employee, is the prime suspect. Ashton decides to seize Kirby’s work computer for forensic examination. If, at the time of seizure, Kirby’s computer is off, then Ashton should turn it on before seizing it.

A. True
B. False

A

False

20
Q

Which of the following steps should a fraud examiner take prior to seizing evidence in a digital forensic investigation to ensure its admissibility?

A. Consider potential privacy issues related to the item(s) being searched.
B. Determine appropriate remote evidence collection procedures and legal considerations.
C. Ensure that only trained professionals use any digital forensic tools.
D. All of the above are steps that should be taken prior to seizing evidence.

A

D. All of the above are steps that should be taken prior to seizing evidence.

21
Q

Digital forensic investigations in cloud environments can be complicated by the jurisdiction of storage, as cloud providers commonly store data in servers across multiple jurisdictions.

A. True
B. False

A

True

22
Q

Because digital evidence is different from tangible evidence, the rules regarding its admissibility in court are very different from the rules governing the admissibility of tangible evidence.

A. True
B. False

A

False

23
Q

Tangible evidence is more volatile than digital evidence because tangible information is subject to claims of spoliation whereas digital evidence is not.

A. True
B. False

A

False

24
Q

Encryption refers to procedures used to convert information using an algorithm (called a cipher) that makes the information unreadable.

A. True
B. False

A

True

25
Q

Fraud examiners should take which of the following steps when securing a computer to help ensure that the machine can be fully analyzed?

A. Examine and document the machine’s surroundings
B. Implement a system to manage the evidence
C. Inspect the machine for traps
D. All of the above

A

D. All of the above

26
Q

Which of the following computer event logs records events executed on an operating system, such as starting up and shutting down, configuration updates, and system crashes?

A. Application log
B. System log
C. Security log
D. None of the above

A

B. System log

27
Q

Before removing a computer system from a scene for further analysis, it is important to document the system’s setup with photographs or diagrams.

A. True
B. False

A

True

28
Q

Similar to traditional forensics, cloud forensics has step-by-step frameworks and specialist tools designed to operate within the cloud environment to enable fraud examiners the ability to locate and preserve data in the cloud.

A. True
B. False

A

False

29
Q

If you are seizing a computer for forensic analysis, it is generally unnecessary to seize copiers connected to it.

A. True
B. False

A

False

30
Q

Generally, the rules of admissibility for digital evidence are stricter than such rules for tangible evidence.

A. True
B. False

A

False

Investigation (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions