Digital Forensics Practice Quiz

DF6 W04: Q01. Which type of data is captured in Live Acquisition?

Archived log files Volatile data from RAM and active processes Deleted files from storage Encrypted files

DF6 W04: Q02. Which of the following is NOT considered a type of digital evidence?

Emails Hard drive images Thumbprint Browser history

DF6 W04: Q03. What tool is commonly used to capture network traffic in real time?

Wireshark Volatility Magnet AXIOM Scalpel

DF6 W04: Q04. In digital forensics, which of the following would be the best choice for imaging a hard drive to prevent data loss?

Disk cloning software Simple file copy commands A physical camera snapshot of the drive Manual recording of file names

DF6 W04: Q05. Which of the following terms is associated with Audit Trail Documentation in relation to digital evidence handling?

Verification Protocol Steganography Chain of Custody Metadata

DF6 W04: Q06. During forensic analysis, what is the significance of volatile memory?

It permanently stores data even after the device is powered off It contains temporary data that may disappear when the system is powered off It provides more storage space than hard drives It stores data faster than traditional hard drives

DF6 W04: Q07. Which technique is used to prevent digital devices from connecting to wireless networks during forensic examination?

Disabling the device’s Bluetooth Using a write blocker Storing the device in a Faraday bag Deleting all network configurations

DF6 W04: Q08. What is the main purpose of a "forensic image" of a hard drive?

To improve hard drive performance To provide a mirror copy of data without modifying the original To reduce the size of files for easier storage To permanently delete irrelevant data

DF6 W04: Q09. Which of the following is a type of Operating System?

Windows X1 Windows Open Windows NT Wind-Linux

DF6 W04: Q10. Which of the following is NOT a common use of forensic imaging tools?

Creating a copy of the data for analysis Preserving the integrity of original data Enhancing the speed of the original system Allowing analysis without altering the evidence

DF6 W04: Q11. What is a common challenge investigators face with encrypted files?

File recovery software fails to recognize them Breaking the encryption often requires significant time and resources They cannot be cloned or copied Metadata is lost during decryption

DF6 W04: Q12. What kind of data is typically NOT recovered through file carving?

Deleted files Overwritten files Fragmented files Hidden files

DF6 W04: Q13. Which file attribute would indicate a file has been accessed but NOT modified?

Creation date Access date Modification date Signature

DF6 W04: Q14. Which of the following can be used to identify the geographic origin of an IP address?

HTTP headers IP geolocation databases System BIOS Domain name servers

DF6 W04: Q15. Which one of the following is considered a primary tool in digital forensics investigations?

Adobe Photoshop Microsoft Excel FTK (Forensic Toolkit) VLC Media Player

DF6 W04: Q16. What is a potential risk of using the original device for examination in a digital forensic case?

It speeds up the examination process It ensures the data remains secure It may modify or delete critical evidence It ensures better accuracy in analysis

DF6 W04: Q17. In digital forensics, what is the main function of 'data carving'?

Creating a backup of files for later use Recovering files without relying on the file system’s structure Compressing files for efficient storage Encrypting files to enhance security

DF6 W04: Q18. In mobile device forensics, what type of memory is commonly extracted to retrieve deleted data?

ROM RAM SSD BIOS

Digital Forensics Week 04 Practice Quiz (18 Questions)

Score 11 or greater to pass.