Digital Forensics

Question 1

What is Digital Forensics?

Answer 1

The process of applying computer science to investigate cybercrime by identifying and extracting digital evidence.

Question 2

What is Cybercrime?

Answer 2

Crime involving the use of a computer system or network.

Question 3

What is Cyber-dependent crime?

Answer 3

Crime carried out solely using technology, e.g., hacking.

Question 4

What is Cyber-enabled crime?

Answer 4

Traditional crimes enhanced by technology, e.g., fraud or theft.

Question 5

What are the three phases of forensic investigation?

Answer 5

Pre-investigation, Investigation, Post-investigation.

Question 6

What is Steganography?

Answer 6

The art of hiding information within other non-secret text or data.

Question 7

How is Steganography different from Cryptography?

Answer 7

Cryptography obscures meaning; steganography hides the existence of the message.

Question 8

What is the Chain of Custody?

Answer 8

The documented process that tracks the collection, transfer, and storage of evidence.

Question 9

What are Volatile Data examples?

Answer 9

Data lost after shutdown: RAM contents, running processes.

Question 10

What are Non-volatile Data examples?

Answer 10

Data retained after shutdown: files on hard disks, system logs.

Question 11

What is a Write Blocker?

Answer 11

A tool that allows read-only access to storage media to prevent modification.

Question 12

What is a Hash Value?

Answer 12

A numeric value that uniquely identifies data, ensuring evidence integrity.

Question 13

What are Live and Dead Acquisition?

Answer 13

Live: collecting data from a running system; Dead: collecting from a powered-off system.

Question 14

What is Bit-stream Imaging?

Answer 14

A bit-by-bit copy of an entire storage device.

Question 15

What is Slack Space?

Answer 15

Unused space within a disk cluster after a file is stored.

Question 16

What is a Lost Cluster?

Answer 16

A cluster marked used but not linked to any file.

Question 17

What is the File Allocation Table (FAT)?

Answer 17

A file system used with DOS and early Windows versions.

Question 18

What is NTFS?

Answer 18

New Technology File System, standard for modern Windows systems.

Question 19

Name a forensic imaging tool.

Answer 19

AccessData FTK Imager.

Question 20

What are the ACPO Principles?

Answer 20

Guidelines ensuring proper handling of digital evidence.

Question 21

What are examples of digital forensic tools?

Answer 21

Autopsy, Sleuth Kit, EnCase.

Question 22

What is an SSD?

Answer 22

A Solid-State Drive, faster than HDDs because it has no moving parts.

Question 23

What is the importance of documenting a crime scene?

Answer 23

To preserve the integrity and authenticity of evidence.

Question 24

What does Data Acquisition mean?

Answer 24

Extracting electronically stored information from devices for investigation.

Question 25

What is Sparse Acquisition?

Answer 25

Capturing fragments of unallocated data for forensic investigation.

Question 26

What happens during the Booting process?

Answer 26

The OS is loaded from storage into RAM.

Question 27

What is the purpose of hashing in forensic investigations?

Answer 27

To verify that acquired data has not been altered.