Have an account?
Skip to Content
Build your own quiz
Suggestions for you
20 questions
Show Answers
See Preview
- 1. Multiple Choice
The process of copying data is known as:
data acquisition
data analysis
data documentation
data recovery
- 2. Fill in the Blank
There are 2 types of data acquisition: static and __________.
- 3. Multiple Choice
Warrants are NOT needed during the search and seizure stage if:
we are very sure the suspect is guilty.
destruction of evidence is imminent.
person with authority consents.
the crime committed is in plain sight.
- 4. Multiple Choice
True or false: live acquisition can file metadata, like date and time values.
True
False
- 5. Multiple Choice
True or False: static acquisition will produce the same results no matter how many times the data is acquired.
True
False
- 6. Fill in the Blank
The __________ format is an older, open source disk-to-image file format.
- 7. Multiple Choice
What are the advantages of the raw format?
Fast data transfer
Capability to ignore minor data read errors on the source drive.
Does not require as much storage space as the original disk.
Most forensic tools can read the raw format.
- 8. Multiple Choice
Common hash functions used for validation checks of forensic images are:
MD5
SHA-1 or higher
CRC32
DES3
- 9. Fill in the Blank
In the _________________ stage, documentation/reporting and testifying as an expert witness are the key main tasks.
- 10. Multiple Choice
In the investigation phase, there are _____ sub-stages that take place.
4
5
6
7
- 11. Fill in the Blank
The main goals of a first responder are ________ and early response.
- 12. Multiple Choice
Identify and protect the crime scene occur at the
data analysis stage.
search and seizure stage.
evidence collection stage.
first responder stage.
- 13. Multiple Choice
Malaysia's computer security incident response team is known as:
MyCIRT
MyCERT
Cyber999
DigiCERT
- 14. Multiple Choice
True or False: A computer that is potential evidence at a crime scene; if it is off, we switch it on.
True
False
- 15. Multiple Choice
The stage that occurs after search and seizure is:
securing the evidence
acquiring the evidence
collecting the evidence
analysing the evidence
- 16. Fill in the Blank
An __________ witness is a person who has thorough knowledge on a given subject.
- 17. Multiple Choice
Estimating the impact of a computer incident occurs at the
data acquisition stage.
data assessment stage.
data collection stage.
first responder stage.
- 18. Fill in the Blank
A digital forensics report must be clear and __________.
- 19. Multiple Choice
Preliminary interviews with witnesses are conducted during the
search and seizure stage.
securing the evidence stage.
acquiring the evidence stage.
assessing the evidence stage.
- 20. Multiple Choice
The following are examples of data acquisition tools EXCEPT:
EnCase
dd
FTK Imager
Autopsy
- Answer choicesTagsAnswer choicesTags