Eti Unit 4

Government Polytechnic, Ratnagiri
Computer Engineering Department

ETI 22618 QUESTION BANK
UNIT NO 4 Digital Forensics
______________is a branch of forensic science a. Analog forensic
encompassing the recovery and investigation of material
b. Digital forensic
1
found in digital devices c. Cyber forensic
often in relation to computer crime d. Direct Forensic
. ______________ includes the identification, recovery,
a. Analog forensic
investigation, validation and presentation of facts b. Digital forensic
2
regarding digital c. Cyber forensic
evidence found on computer and similar storage media d. Direct Forensic
a. 1977
3 Field of pc forensics began in b. 1980
c. 1982
d.1992
a. Federal Bureau of Investigation
b. Fiber Bureau of Investment
4 FBI stands for_______
c. Fideral Block of Investment
d. Fideral business of Investment
a. Computer Analysis and Request Time
b. Computer Analysis and Response Time
5 CART stands for _______
c. Crime Analysis and Response Time
d. Computer Attack Representative Team
a. Michael paterson
b. Michael Andrew
6 ____________the Father of Computer Forensics.
c. Michael Anderson
d. Massive Andrew
a. 1995
International organization on Computer Evidence(IOCE) b. 1992
7
was formed in c. 1990
d. 1993
a. International police organization
INTERPOL stands for ________ b. International Criminal patrol organization
8
c. International Criminal police organization
d. International political organization
a. Electronic fund transfer fraud
All are cyber crimes except b. Copyright violation.
9
c. Kidnapping
d. Cyber bullying
a. Roll map for digital forensic research.
RMDFR stands for_______ b. Road map for digital forensic research.
10
c. Road model for digital forensic research.
d. Road model for digital forest research.
a. Analog digital forensic model
ADFM stands for _________ b. Abstract digital forensic model
11
c. Analytical digital forensic model
d. Analytical direct forensic model
a. Investigated digital Integration process
IDIP stands for ______ b. Integrated digital investigation process
12
c. Inherited digital investigation process
d. Inherited digital investment process
ADFM model Proposed by______ a. carrier and safford.
b. Palmar
13
c. Reith,carr,gunsh
d. J.Korn.
a. carrier and safford.
IDIP model Proposed by______ b. Palmar
14
c. Reith,carr,gunsh
d. J.Korn.
Who proposed Road Map for Digital Forensic Research A. G.Gunsh.
B. S.Ciardhuain
15 (RMDFR)
C. J.Korn.
D. G.Palmar
A. Extraction of computer data.
B. Preservation of computer data.
16 Digital forensics is all of them except:
C. Interpretation of computer data.
D. Manipulation of computer data.
A. Integrated Digital Investigation Process.
B. Integrated Data Investigator Process.
17 IDIP stands for
C. Integrated Digital Investigator Process.
D. Independent Digital Investigator Process.
A. Contribute to society and human beings.
B. Avoid harm to others.
18 The investigator should satisfy the following points:
C. Honest and trustworthy.
D. All of the above
A. Hypothetical
In the past, the method for expressing an opinion has
B. Nested
19 been to frame a ____ question based on
C. Challenging
available factual evidence.
D. Contradictory
A. The purpose of the copyright
More subtle because you are not aware that you are
More subtle because you are not aware that you are
B. The danger of macro viruses
20 running these macros (the document opens and the
C. Derivative works
application automatically runs); spread via email
D. computer-specific crime
A. Control
There are three c's in computer forensics. Which is one B. Chance
21
of the three? C. Chains
D. Core
A.1979
When Federal Bureau Investigation program was B.1984
22
created? C.1995
D.1989
A. Process of using scientific knowledge in analysis and presentation of evidence in court
B. The application of computer science and investigative procedures for a legal purpose involving the
analysis of digital evidence after proper search authority, the chain of custody, validation with
23 What is Digital Forensic? mathematics, use of validated tools, repeatability, reporting, and possible expert presentation
C. process where we develop and test hypotheses that answer questions about digital events
D. Use of science or technology in the investigation and establishment of the facts or evidence in a court
of law
A. Accessing the system's directories viewing mode and navigating through the various systems files
and folders
B. Undeleting and recovering lost files
24 Digital Forensics entails _____.
C. Identifying and solving computer crimes
D. The identification, preservation, recovery, restoration, and presentation of digital evidence from
systems and devices
A. The digital forensic investigator must maintain absolute objectivity
B. It is the investigator’s job to determine someone’s guilt or innocence.
25 Which of the following is FALSE? C. It is the investigator’s responsibility to accurately report the relevant facts of a case.
D. The investigator must maintain strict confidentiality, discussing the results of an investigation on
only a “need to know”
A. Preserving Evidence
What is the most significant legal issue in computer B. Seizing Evidence
26
forensics? C. Admissibility of Evidence
D. Discovery of Evidence
A. Preservation phase
_______phase includes putting the pieces of a digital
B. Survey phase
27 puzzle together and developing
C. Documentation phase
investigative hypotheses
D. Reconstruction phase
In _______phase investigator transfers the relevant data A. Preservation phase
from a venue out of physical or B. Survey phase
28
administrative control of the investigator to a controlled C. Documentation phase
location D. Reconstruction phase
A. Preservation of computer data.
Computer forensics do not involve_____activity.
B. Extraction of computer data.
29 administrative control of the investigator to a controlled
C. Manipulation of computer data.
location
D. Interpretation of computer data.
A. Hardware.
A set of instruction compiled into a program that B.CPU
30
perform a particular task is known as: C. Motherboard
D. Software
A. An examination should be performed on the original data
B. A copy is made onto forensically sterile media. New media should always be used if available.
31 Which of following is not a rule of digital forensics?
C. The copy of the evidence must be an exact, bit-by-bit copy
D. The examination must be conducted in such a way as to prevent any modification of the evidence.
A. Physical crime investigation
To collect and analyze the digital evidence that was
B. Digital crime investigation.
32 obtained from the physical investigation
C. Review phase.
phase, is the goal of which phase?
D. Deployment phase.
To provide a mechanism to an incident to be detected
B. Digital crime investigation.
33 and confirmed is purpose of which
C. Review phase.
phase?
D. Deployment phase.
Which phase entails a review of the whole investigation B. Digital crime investigation.
34
and identifies an area of improvement? C. Review phase.
D. Deployment phase
A. G. Palmar
B. J. Korn
35 ____________is known as father of computer forensic.
C. Michael Anderson
D. S.Ciardhuain.
A. Forensic
___________is well established science where various B. Crime
36
contribution have been made C. Cyber Crime
D. Evidence
A. G. Palmar
Who proposed End to End Digital Investigation Process B. Stephenson
37
(EEDIP)? C. Michael Anderson
D. S.Ciardhuain
A. Extended Model of Cybercrime Investigation (EMCI)
Which model of Investigation proposed by Carrier and B. Integrated Digital Investigation Process(IDIP)
38
Safford? C. Road Map for Digital Forensic Research (RMDFR)
D. Abstract Digital Forensic Model (ADFM)
A. Authentic and Accurate.
Which of the following is not a property of computer B. Complete and Convincing.
39
evidence? C. Duplicated and Preserved.
D. Conform and Human Readable.
A. Crime
B. Security
40 _______can makes or breaks investigation.
C: Digital Forensic
D: Evidence
A. Firewall
__________ is software that blocks unauthorized users B. Quick launch
41
from connecting to your computer. C. OneLogin
D. Centrify
A. To contribute to society and human beings.
Which of the following are general Ethical norms for B. To avoid harm to others.
42
Investigator? C. To be honest and trustworthy.
D. All of the above
A. Uphold any relevant evidence.
Which of the following are Unethical norms for B. Declare any confidential matters or knowledge.
43
Investigator? C. Distort or falsify education, training, credentials.
D. All of the above
A. To contribute to society and human beings.
Which of the following is not a general ethical norm for B. Uphold any relevant Evidence.
44
Investigator? C. To be honest and trustworthy.
D. To honor confidentially.
A. Uphold any relevant evidence.
Which of the following is a not unethical norm for B. Declare any confidential matters or knowledge.
45
Digital Forensics Investigation? C. Distort or falsify education, training, credentials.
D. To respect the privacy of others.
A. Acquisition.
What is called as the process of creation a duplicate of
B. Steganography.
46 digital media for purpose of
C. Live analysis
examining it?
D. Hashing.
A. Metadata
Which term refers to modifying a computer in a way
B. Live analysis
47 which was not originally intended to
C. Hacking
view Information?
D. Bit Copy
A. Robotics
The ability to recover and read deleted or damaged files
B. Simulation
48 from a criminal’s computer is an
C. Computer Forensics
example of a law enforcement specialty called?
D. Animation
A. SIM
What are the important parts of the mobile device which B. RAM
49
used in Digital forensic? C. ROM.
D.EMMC chip
A. Acquisition.
Using what, data hiding in encrypted images be carried B. Steganography.
50
out in digital forensics? C. Live analysis
D. Hashing.
A. e-mail harassment
B. Falsification of data.
51 Which of this is not a computer crime?
C. Sabotage.
D. Identification of data
A. .exe
B. .txt
52 Which file is used to store the user entered password?
C. .iso
D. .sam
A. Data mining
__________is the process of recording as much data as B. Data carving
53
possible to create reports and analysis on user input. C. Metadata
D. Data Spoofing.
A. Data mining
________searches through raw data on a hard drive B. Data carving
54
without using a file system. C. Metadata
D. Data Spoofing.
A. Formatting disk
What is the first step to Handle Retrieving Data from an B. Storing data
55
Encrypted Hard Drive? C. Finding configuration files.
D. Deleting Files
A)International Organization on Computer Evidence
Full Form Of IOCE B)Internet of Computer Education
56
C) Internet of Computer Evidence
D)None
A)1992
When was the first FBI Regional Computer Forensic B)1980
57
laboratory was Recognize ?. C)19490
D)2000
A)12
B)19
58 How Many Rules in Digital forensic
C)10
D)6
A)Digital Forensic Investigation
What is the Long form of DFI B)Digital Fraud Industry
59
C)Defining Form In
D)None
A)12
How Many Phases in RDMDFR B)19
60
C)10
D)6
A)Contribute to the society and human being
B)Avoid harm to others
61 Investigator should satisfy the following point:
C)honest and trustworthy
D)All Of the Above
A)Office File
B)E-mail Messages
62 Digital Evidence in the form of the:
C)Either A or B
D)Both A and B
A)File System
In Computer intrusions the attacker will be leave B)Registry
63
multiple traces of there presence in: C)System Logs
D)All of the Above
A)Hard Drive
What are the Form of Electronic Evidence: B)E-mail
64
C)Either A or B
D)Both A and B
A)12
B)19
65 How Many Types of the Evidence
C)10
D)6
A)Business Process Outsourcing
66 What is the full form of BPO
A)Attacker and victim and the crime scene

The Digital evidence are used to established a credible B)Attacker And information
67
link between………. C)Either A or B
D)Both A and B
A)Digital Evidence
The evidence and proof that can be obtained from the B)Explainable evidence
68
electronic source is called the……. C)Either A or B
D)Both A and B
A)Routing Tables
B) Main Memory
69 Which of the following is not type of volatile evidence:
C)Log Files
D) Cached Data
A)Ideal Evidence Rule
70 Digital Evidence must follow the requirement of the B)Best Evidence Rule
C)Exchange Rule
D)All of the mentioned
a) Forensics science
71 . ……….pays vital role in criminal justice systems b) Digital evidences
c) Volatile Evidence
d) All of the Above
a) Magnet Media Program
Federal Bureau of Investigation program is currently b) Computer Analysis and Response Team (CART)
72
referred to as……………. c) INTERPOL
d) Computer Forensic Laboratory
a) An examination should never be performed on the original data
b)The copy of the evidence must be an exact, bit-by-bit copy
73 Which of following are rule of digital forensics? c)The chain of custody of all evidence must be clearly maintained
d)The examination must be conducted in such a way as to prevent any modification of the evidence.
e) All of the Above
a) An examination should be performed on the original data
b) A copy is made onto forensically sterile media
74 Which of following is not a rule of digital forensics?
c) The copy of the evidence must be an exact, bit-by-bit copy
d) The chain of custody of all evidence must be clearly maintained
a) Extended Model of Cybercrime Investigation (EMCI)
Which model of Investigation proposed by b) Integrated Digital Investigation Process(IDIP)
75
S.Ciardhuain? c) Road Map for Digital Forensic Research (RMDFR)
d) Extended Model of Cybercrime Investigation (EMCI)
a) Abstract Digital Forensic model (ADFM)
Which Forensic Model is more likely the most b) Integrated Digital Investigation Process(IDIP)
76
comprehensive till date? c) Extended Model of Cybercrime Investigation (EMCI)
d) Road Map for Digital Forensic Research (RMDFR)
a) Identification
Which phase record the physical scene and duplicate
b) Preservation
77 digital evidence using standardized and accepted
c) Collection
procedures?
d) Examination
a) Readiness phase
Which phase provides a mechanism for an incident to be b) Deployment phase
78
detected and confirmed? c) Physical Crime Investigation phase
d) Digital Crime Investigation phase
a)Preservation phase
Which phase includes putting the pieces of a digital
b)Survey phase
79 puzzle together and developing investigative
c)Documentation phase
hypotheses?
d)Reconstruction phase
a) Preservation phase
Which phase investigator transfers the relevant data b) Survey phase
80 from a venue out of physical or administrative control c) Documentation phase
of the investigator to a controlled location? d) Reconstruction phase
e) Presentation phase
a) Physical crime investigation
Which phase entails a review of the whole investigation b) Digital crime investigation.
81
and identifies area of improvement? c) Review phase.
d) Deployment phase
a) Honesty towards the investigation
Ethical decision making in digital forensic work consist b) Prudence means carefully handling the digital evidences
82
which of the following: c) Compliance with the law and professional norms.
d) All of the Above
a) To contribute to society and human being.
Which of following is not general ethical norm for
83 b) To express an opinion on the guilt or innocence belonging to any party
Investigator?
c) To be honest and trustworthy.
d) To honor confidentially.
a) Uphold any relevant evidence.
Which of following is a not unethical norm for Digital b) Declare any confidential matters or knowledge.
84
Forensics Investigation? c) Distort or falsify education, training, credentials.
d) Should be fair and take action not to discriminate.
a) Authentic and Accurate.
Which of the following is not a property of computer b) Complete and Convincing.
85
evidence? c) Duplicated and Preserved.
d) Conform and Human Readable.
a) Crime
b) Security
86 . ……….can breaks investigation.
c) Digital Forensic
d) Evidence
a) Attacker and victim and the crime scene
The digital evidence are used to establish a credible link b) Attacker and the crime scene
87
between……………… c) Victim and the crime scene
d) Attacker and Information
a) Ideal Evidence rule
Digital evidences must follow the requirements of the b) Best Evidence rule
88
……………. c) Exchange rule
d) All of the above
a) Superior evidence
The true or real copy of the evidence media which is b) Best Evidence
89
given by victim/client. c) Original Evidence
d) All of the Above
a) Admissible
Which property defines evidence must be usable in the b) Authentic
90
court. c) Complete
d) Reliable
From the two given statements 1 and 2, select the correct a) 1 and 2 both are true
option from a-d.
1. Original media can be used to carry out digital b) 1 is true and 2 is false
91
investigation process. c) 1 and 2 both are false
2. By default, every part of the victim’s computer is
considered as unreliable d) 1 is false and 2 is true
a) Internet-based
b) Stand-alone computers
92 Which of following is/are sources of digital evidence?
c) Mobile devices
d) All of the Above
The criminological principle which states that, when a) Locard’s Exchange Principle
anyone, or anything, enters a crime scene he/she takes b) Differential Association Theory
93
something of the scene with him/her, and leaves c) Beccaria’s Social Contract
something of himself/herself behind, is: d) None of the above
a) Locard’s Exchange principle
When an incident takes place, a criminal will leave hint
b) Anderson’s Exchange principle
94 evidence at the scene and remove a hint from the
c) Charles’s Anthony principle
scene which is called as ………………..
d) Kevin Ashton principle
a) Victims and offenders
Evidence transfer in the physical and digital dimensions
b) Victims and crime scenes
95 helps investigators establish connections
c) Offenders and crime scenes
between………….
d) Victims, offenders and crime scenes
a) Stored on electronic device
Digital evidence is also defined as Information and data b) Transmitted by an electronic device
96
of value to an investigation that is ………. c) Received by an electronic device
d) All of the above
a) Digital evidence
The evidences or proof that can be obtained from the b) Demonstrative evidence
97
electronic source is called as……… c) Explainable evidence
d) Substantial evidence
a) Demonstrative evidence
Photographs, videos, sound recordings, graphs, and b) Explainable Evidence
98
charts are examples of which type of evidence. c) Substantial Evidence
d) Testimonial
a) Illustrative evidence
Dried blood, fingerprints, DNA samples, casts of
b) Explainable Evidence
99 footprints at the crime scene are examples which type of
c) Documented evidence
evidence.
d) Substantial evidence
a) Demonstrative evidence
The evidence spoken by the spectator under the oath is b) Documented Evidence
100
which type of evidence c) Substantial Evidence
d) Testimonial
a) Complete
For an evidence to be admissible, it is necessary that it b) Authenticated
101
should be…………… c) Reliable
d) Believable
a) Save the original materials.
b) Take photos of physical evidence.
102 Which is the important to establish a chain of custody? c) Take screenshots of digital evidence content.
d) Document date, time, and any other information of receipt.
e) All of the Above
a) Work with the original evidence to develop procedures.
b) Use clean collecting media.
103 Which is not related with digital evidence?
c) Document any extra scope.
d) Consider safety of personnel at the scene.
a) Evidence verification
The process of ensuring that providing the data that you
b) Evidence validation
104 have collected is similar to the data presented in a court
c) Evidence authentication
is known as……………
d) Best evidence
a) Main memory
b) Temporary file systems
105 Which of following is a most volatile evidence source?
c) Registers and cache
d) Secondary memory
a) Homicide and sexual assault
Computers can be involved in which of the following b) Computer intrusions and intellectual property theft
106
types of crime? c) Civil disputes
d) All the above

Eti Unit 4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eti Unit 4

Uploaded by

Copyright:

Available Formats

Government Polytechnic, Ratnagiri

Computer Engineering Department

66 What is the full form of BPO

A)Attacker and victim and the crime scene

You might also like