NAME : SABA AYUB SHAIKH

ROLL NO. : 17823

SUBJECT : ETI

ASSIGNMENT NO 2
 CHAPTER 3

Q1. Digital forensics is all of them except:

A. Extraction of computer data.

B. Preservation of computer data.

C. Interpretation of computer data.

D. Manipulation of computer data.

Q2. IDIP stands for

A. Integrated Digital Investigation Process.

B. Integrated Data Investigator Process.

C. Integrated Digital Investigator Process.

D. Independent Digital Investigator Process.

Q3. Who proposed Road Map for Digital Forensic Research (RMDFR)

A. G.Gunsh.

B. S.Ciardhuain

C. J.Korn.

D. G.Palmar

Q4. Investigator should satisfy following points:

A. Contribute to society and human being.

B. Avoid harm to others.

C. Honest and trustworthy.

D. All of the above

Q5. In the past, the method for expressing an opinion has been to frame a ____ question based
on available factual evidence.

A. Hypothetical

B. Nested

C. Challenging

D. Contradictory

Q6. More subtle because you are not aware that you are running these macros (the document
opens and the application automatically runs); spread via email

A. The purpose of copyright

B. Danger of macro viruses

C. Derivative works

D. computer-specific crime

Q7. There are three c's in computer forensics. Which is one of the three?

A. Control

B. Chance

C. Chains

D. Core

Q8. When Federal Bureau Investigation program was created?

A.1979

B.1984
C.1995

D.1989

Q9. When the field of PC forensics began?

A.1960's

B.1970's

C.1980's

D.1990's

Q10. What is Digital Forensic?

A. Process of using scientific knowledge in analysis and presentation of evidence in court

B. The application of computer science and investigative procedures for a legal purpose
involving the analysis of digital evidence after proper search authority, chain of custody,
validation with mathematics, use of validated tools, repeatability, reporting, and possible
expert presentation

C. process where we develop and test hypotheses that answer questions about digital events

D. Use of science or technology in the investigation and establishment of the facts or evidence
in a court of law

Q11. Digital Forensics entails _____.

A. Accessing the system's directories viewing mode and navigating through the various systems
files and folders

B. Undeleting and recovering lost files

C. Identifying and solving computer crimes

D. The identification, preservation, recovery, restoration and presentation of digital evidence

from systems and devices
Q12. Which of the following is FALSE?

A. The digital forensic investigator must maintain absolute objectivity

B. It is the investigator’s job to determine someone’s guilt or innocence.

C. It is the investigator’s responsibility to accurately report the relevant facts of a case.

D. The investigator must maintain strict confidentiality, discussing the results of an investigation
on only a “need to know”

Q13. What is the most significant legal issue in computer forensics?

A. Preserving Evidence

B. Seizing Evidence

C. Admissibility of Evidence

D. Discovery of Evidence

Q14. _______phase includes putting the pieces of a digital puzzle together and developing
investigative hypotheses

A. Preservation phase

B. Survey phase

C. Documentation phase

D. Reconstruction phase

E. Presentation phase

Q15. In _______phase investigator transfers the relevant data from a venue out of physical or
administrative control of the investigator to a controlled location

A. Preservation phase
B. Survey phase

C. Documentation phase

D. Reconstruction phase

E. Presentation phase

Q16. Computer forensics do not involve_____activity.

A. Preservation of computer data.

B. Exraction of computer data.

C. Manipulation of computer data.

D. Interpretation of computer data.

Q17. A set of instruction compiled into a program that perform a particular task is known as:

A. Hardware.

B.CPU

C. Motherboard

D. Software

Q18. To collect and analyze the digital evidence that was obtained from the physical
investigation phase, is the goal of which phase?

A. Physical crime investigation

B. Digital crime investigation.

C. Review phase.

D. Deployment phase.
Q19. . To provide mechanism to an incident to be detected and confirmed is purpose of which
phase?

A. Physical crime investigation

B. Digital crime investigation.

C. Review phase.

D. Deployment phase.

Q20. ____________is known as father of computer forensic.

A. G. Palmar

B. J. Korn

C. Michael Anderson

D. S.Ciardhuain.

Q21. ________is well established science where various contribution have been made

A. Forensic

B. Crime

C. Cyber Crime

D. Evidence

Q22. Who proposed End to End Digital Investigation Process (EEDIP)?

A. G. Palmar

B. Stephenson

C. Michael Anderson

D. S.Ciardhuain
Q23. . Which of this is not a computer crime?

A. e-mail harassment

B. Falsification of data.

C. Sabotage.

D. Identification of data

Q24. Which model of Investigation proposed by Carrier and Safford?

A. Extended Model of Cybercrime Investigation (EMCI)

B. Integrated Digital Investigation Process(IDIP)

C. Road Map for Digital Forensic Research (RMDFR)

D. Abstract Digital Forensic Model (ADFM)

Q25. ______can makes or breaks investigation.

A. Crime

B. Security

C: Digital Forensic

D: Evidence
 CHAPTER 4

Q26. The criminological principle which states that, when anyone, or anything, enters a crime
scene he/she takes something of the scene with him/her, and leaves something of
himself/herself behind, is:

A. Locard’s Exchange Principle

B. Differential Association Theory

C. Beccaria’s Social Contract

D. None of the above

Q27. Computers were involved in the investigations into both World Trade Center attacks.

A. True

B. False

Q28. Types of digital evidence

A. Eye witness

B. Picture and video

C. Paper work

D. None of the above

Q29. The process of ensuring that providing or obtaining the data that you have collected is
similar to the data provided or presented in a court is known as___________

A. Evidence validation

B. Relative evidence

C. Best evidence
D. Illustrative evidence

Q30. .When cases got to trial your forensics examiner play one of ____ role.

A. 2

B. 4

C. 3

D. 5

Q31. Digital evidence can be duplicated exactly without any changes to the original data.

A. True

B. False

Q32. Which is not related with digital evidence?

A. Work with the original evidence to develop procedures.

B. Use clean collecting media.

C. Document any extra scope.

D. Consider safety of personnel at the scene.

Q33. Which of the following is not a type of volatile evidence?

A. Routing tables

B. Main memory

C. Log files

D. Cached data
Q34. The digital evidence are used to establish a credible link between____________

A. Attacker and victim and the crime scene

B. Attacker and the crime scene

C. Victim and the crime scene

D. Attacker and Information

Q35. A logon record tells us that, at a specific time:

A. An unknown person logged into the system using the account

B. The owner of a specific account logged into the system

C. The account was used to log into the system

D. None of the above

Q36. What are the three general categories of computer systems that can contain digital
evidence?

A. Desktop, laptop, server

B. Personal computer, Internet, mobile telephone

C. Hardware, software, networks

D. Open computer systems, communication systems, and embedded systems

Q37. In terms of digital evidence, a hard drive is an example of:

A. Open computer systems

B. Communication systems

C. Embedded computer systems

D. None of the above

Q38. Computers can be involved in which of the following types of crime?

A. Homicide and sexual assault

B. Computer intrusions and intellectual property theft

C. Civil disputes

D. All the above

Q39. Cyber trails are advantageous because:

A. They are not connected to the physical world.

B. Nobody can be harmed by crime on the Internet.

C. They are easy to follow.

D. Offenders who are unaware of them leave behind more clues than they otherwise would
have.

Q40. Private networks can be a richer source of evidence than the Internet because:

A. They retain data for longer periods of time.

B. Owners of private networks are more cooperative with law enforcement.

C. Private networks contain a higher concentration of digital evidence.

D. All the above.

Q41. Due to caseload and budget constraints, often computer security professionals attempt to
limit the damage and close each investigation as quickly as possible. Which of the following is
NOT a significant drawback to this approach?

A. Each unreported incident robs attorneys and law enforcement personnel of an opportunity
to learn about the basics of computer-related crime.

B. Responsibility for incident resolution frequently does not reside with the security
professional, but with management.
C. This approach results in under-reporting of criminal activity, deflating statistics that are used
to allocate corporate and government spending on combating computer-related crime.

D. Computer security professionals develop loose evidence processing habits that can make it
more difficult for law enforcement personnel and attorneys to prosecute an offender.

Q42. An argument for including computer forensic training computer security specialists is:

A. It provides an additional credential.

B. It provides them with the tools to conduct their own investigations.

C. It teaches them when it is time to call in law enforcement.

D. None of the above.

Q43. The aim of a forensic examination is to prove with certainty what occurred.

A. True

B. False

Q44. ________ is known as testimonial.

A. Oath affidavit

B. DNA samples

C. Fingerprint

D. Dried blood

Q45. When an incident takes place, a criminal will leave a hint evidence at the scene and
remove a hint from the scene which is called as ____________

A. Locard’s Exchange principle

B. Anderson’s Exchange principle

C. Charles’s Anthony principle

D. Kevin Ashton principle

Q46. Blood, fingerprints, DNA these are examples of____________

A. Illustrative evidence

B. Electronic evidence

C. Documented evidence

D. Substantial evidence

Q47. The evidences or proof can be obtained from the electronic source is called the
___________

A. digital evidence

B. demonstrative evidence

C. Explainable evidence

D. substantial evidence

Q48. From the two given statements 1 and 2, select the correct option from a-d.

a. Original media can be used to carry out digital investigation process.

b. By default, every part of the victim’s computer is considered as unreliable.

A. a and b both are true

B. a is true and b is false

C. a and b both are false

D. a is false and b is true

Q49. Which is example of non-volatile memory.

A. Flash memory

B. Registers and Cache

C. Process table

D. Arp cache

Q50. The author of a series of threatening e-mails consistently uses “im” instead of “I’m.” This is
an example of:

A. An individual characteristic

B. An incidental characteristic

C. A class characteristic

D. An indeterminate characteristic