No student devices needed. Know more
20 questions
The process of copying data is known as:
data acquisition
data analysis
data documentation
data recovery
There are 2 types of data acquisition: static and __________.
Warrants are NOT needed during the search and seizure stage if:
we are very sure the suspect is guilty.
destruction of evidence is imminent.
person with authority consents.
the crime committed is in plain sight.
True or false: live acquisition can file metadata, like date and time values.
True
False
True or False: static acquisition will produce the same results no matter how many times the data is acquired.
True
False
The __________ format is an older, open source disk-to-image file format.
What are the advantages of the raw format?
Fast data transfer
Capability to ignore minor data read errors on the source drive.
Does not require as much storage space as the original disk.
Most forensic tools can read the raw format.
Common hash functions used for validation checks of forensic images are:
MD5
SHA-1 or higher
CRC32
DES3
In the _________________ stage, documentation/reporting and testifying as an expert witness are the key main tasks.
In the investigation phase, there are _____ sub-stages that take place.
4
5
6
7
The main goals of a first responder are ________ and early response.
Identify and protect the crime scene occur at the
data analysis stage.
search and seizure stage.
evidence collection stage.
first responder stage.
Malaysia's computer security incident response team is known as:
MyCIRT
MyCERT
Cyber999
DigiCERT
True or False: A computer that is potential evidence at a crime scene; if it is off, we switch it on.
True
False
The stage that occurs after search and seizure is:
securing the evidence
acquiring the evidence
collecting the evidence
analysing the evidence
An __________ witness is a person who has thorough knowledge on a given subject.
Estimating the impact of a computer incident occurs at the
data acquisition stage.
data assessment stage.
data collection stage.
first responder stage.
A digital forensics report must be clear and __________.
Preliminary interviews with witnesses are conducted during the
search and seizure stage.
securing the evidence stage.
acquiring the evidence stage.
assessing the evidence stage.
The following are examples of data acquisition tools EXCEPT:
EnCase
dd
FTK Imager
Autopsy
Explore all questions with a free account