True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.

Practice More Questions From: Digital Forensics Assessment

Q:

Digital forensics is commonly applied to which of the following activities?

Q:

NIST includes which three (3) as steps in collecting data? (Select 3)

Q:

What is the primary purpose of maintaining a chain of custody?

Q:

True or False. Digital forensics had been used to solve a number of high-profile violent crimes.

Q:

True or False. Digital forensics report is a summary of your findings. If your case goes to trial, your testimony can, and usually does, involve far more detail than is in the report.

Q:

Which section of a digital forensics report would include using the best practices of taking lots of screenshots, use built-in logging options of your digital forensics tools, and exporting key data items into a .csv or .txt file?

Q:

Which types of files are appropriate subjects for forensic analysis?

Q:

Deleting a file results in what action by most operating systems?

Q:

Forensic analysis should always be conducted on a copy of the original data. What type of copying is appropriate for getting data from a live system that cannot be taken offline?

Q:

How does a forensic analysis use hash sets acquired from NIST’s Software Reference Library project?

Q:

Which three (3) of the following data types are considered non-volatile? (Select 3)

Q:

Configuration files are considered which data type?

Q:

True or False. When collecting forensic data from a running system, you should always attempt to collect non-volatile data first.

Q:

Which three (3) of the following are application components? (Select 3)

Q:

Which of these applications would likely be of the least interest in a forensic analysis?

Q:

The Internet layer of the TCP/IP stack, also known as the Network layer in the OSI model, contains which two (2) protocols that are very useful to a forensic investigation? (Select 2)

Q:

Which device would you inspect if you were looking for event data correlated across a number of different network devices?

Q:

Which of these sources might require a court order in order to obtain the data for forensic analysis?

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments