Who is the Father of Computer

Forensics?

(a)

(c)

Digital forensics is all of them except

2
______.

(a)

(b)

(c)

(d)

In which year, Federal Bureau of

3
Investigation program was created?
 (a)

(c)

4 Digital Forensics refers to ______.

(a)

(b)

(c)
 (d)

Which of following is not a rule of

5
digital forensics?

(a)

(b)

(c)

(d)

6 Which of the following is FALSE?

(a)

(b)

(c)
 (d)

7 Digital Forensics is______.

(a)

(b)
 (c)

(d)

8 When the field of PC forensics began?

(a)

(c)

In which year, the first FBI Regional

9 Computer Forensic Laboratory was
recognized?
 (a)

(c)

10 Which of this is not a computer crime?

(a)

(c)

Which file is used to store the user

11
entered password?

(a)
 (c)

______ is the process of recording as

12 much data as possible to creature ports
and analysis on user input.

(a)

(c)

______searches through raw data on a

13
hard drive without using a file system.

(a)
 (c)

What is first step to Handle Retrieving

14
Data from an Encrypted Hard Drive?
(a)

(b)

(c)

(d)
 ______ is the Rule of Digital
15
Forensics.

(a)

(b)

(c)

(d)
 What is the Major goal of Digital
16
Forensics?

(a)

(b)

(c)
 (d)

17 DFI stands for ______.

(a)

(b)

(c)

(d)

The main objective Digital forensic

18
investigation is ______.

(a)
 (b)

(c)

(d)

The Digital Forensic Investigation

19 process must be able to handle the
below obstacles ______.
(a)

(b)

(c)

(d)
 The Digital Forensic investigation
20 process must be able to handle the
below obstacles ______.

(a)

(b)
 (c)

(d)

21 RMDFR stands for ______.

(a)

(b)

(c)

(d)

Who designed the RMDFR

22
framework?

(a)
(c)
 How many phases are in RMDFR
23
framework?

(a)
(c)

______ recognizes an incident from

24
indicators and determines its type.

(a)

(c)

_____ involves operations such as

preventing people from using
computers during collection, stopping
25
on going deletion processes, and
choosing the safest way to collect
information.

(a)

(c)
 ______ consists of finding and
26 collecting digital information that may
be relevant to the investigation.

(a)

(c)

______ consists of “in-depth

27 systematic search of evidence” relating
to the incident being investigated.

(a)

(c)

The output of examination stage

28
includes ______.

(a)

(b)

(c)

(d)
 The aim of ______ stage is to “draw
29
conclusions based on evidence found”.

(a)

(c)

______ entails writing a report

outlining the examination process and
30
pertinent data recovered from the
overall investigation.

(a)

(c)

Using what, data hiding in encrypted

31 images be carried out in digital
forensics?

(a)

(c)
32 IDIP stands for______.

(a)

(b)

(c)

(d)

What is the most significant legal

33
issue in computer forensics?

(a)

(b)

(c)

(d)
 What are the important parts of the
34 mobile device which used in Digital
forensic?

(a)

(c)

35 ADFM stands for ______.

(a)

(b)

(c)

(d)

Who developed Abstract Digital

36
Forensic Model (ADFC)?

(a)

(c)
 ______ it involves the isolation,
37 securing and preserving the state of
physical and digital evidence.

(a)

(c)

______ is an in-depth systematic

38 search of evidence relating to the
suspected crime.

(a)

(c)

______ includes Summary and

39
explanation of conclusion.

(a)

(c)

40 Who proposed the IDIP model?

(a)
 (c)

Which are the five groups of IDIP

41
model?

(a)

(b)

(c)
 (d)

The Readiness phase of IDIP includes

42
______.

(a)

(b)

(c)

(d)

The Deployment phase of IDIP

43
includes ______.

(a)

(b)

(c)

(d)
 ______ the goal of these phases is to
collect and analyse the physical
44
evidence and reconstruct the actions
that took place during the incident.

(a)

(b)

(c)

(d)

______ requires an investigator to

walk through the physical crime scene
45
and identify pieces of physical
evidence.

(a)

(c)

46 EEDIP stands for ______.

 (a)

(b)

(c)

(d)

47 Who proposed the EEDIP model?

(a)

(c)

48 UMDFPM stands for ______.

(a)

(b)
 (c)

(d)

49 Who proposed the UMDFPM model?

(a)

(b)

(c)

(d)

Which term refers form codifying a

compute run a way which was not
50
originally intended to view
Information?

(a)

(c)
 The ability to recover and read deleted
or damaged files from a criminal’s
51
computer is an example of a law
enforcement specialty called ______.

(a)

(c)

In ______ phase investigator transfers

the relevant data from avenue out of
52 physical or administrative control of
the investigator to a controlled
location

(a)

(c)
 ______ phase includes putting the
53 pieces of a digital puzzle together and
developing investigative hypotheses

(a)

(c)

Computer forensics do not involve

54
_____ activity.

(a)

(b)

(c)

(d)

Which of the following is not a

55
property of computer evidence?
 (a)

(b)

(c)

(d)

______ can make or break

56
investigation.

(a)

(c)

______ is software that block sun

57 authorized users from connecting to
your computer.

(a)

(c)

Which of following is not general

58
ethical norm for Investigator?

(a)
 (b)

(c)

(d)

Which of the following is the ethical

59
norm for investigator?

(a)

(b)

(c)

(d)
 Which of the following is the ethical
60 norms that should be satisfied by an
Investigator?

(a)

(b)

(c)

(d)

(e)

(f)

What is called the process of creation

61 a duplicate of digital media for
purpose of examining it?
 (a)

(c)

Which of following are Unethical

62
norms for Investigator?

(a)

(b)

(c)

(d)

Which of following is a not unethical

63 norm for Digital Forensics
Investigation?

(a)

(b)
 (c)

(d)

If the Internet History, file has been

deleted, ______ may still provide
64
information about what Web sites the
user has visited.

(a)

(c)

When shutting down a computer, what

65
information is typically lost?

(a)

(b)

(c)

(d)
Michael Anderson (b) John McCarthy

Seymour Papert (d) Nicklaus Wirth

Extraction of computer data

Preservation of computer data

Interpretation of computer data

Manipulation of computer data

1987 (b) 1984

1980 (d) 1978

A branch of forensic science

encompassing the recovery and
investigation of material found in
digital devices.

A process where we develop and test

hypotheses that answer questions
about digital events.

A use of science or technology in the

investigation and establishment of
the facts or evidences in a court of
law.
A process of using scientific
knowledge in analysis and
presentation of evidence in court.

An examination should be
performed on the original data.

A copy is made onto forensically

sterile media. New media should
always be used if available.

The copy of the evidence must be an

exact, bit-by-bit copy

The examination must be conducted

in such a way as to prevent any
modification of the evidence
The digital forensic investigator
must maintain absolute objectivity.

It is the investigator’s job to

determine someone’s guilt or
innocence.

It is the investigator’s responsibility

to accurately report the relevant facts
of a case.
The investigator must maintain strict
confidentiality, discussing the results
of an investigation on only a “need
to know”.

Accessing the system’s directories

viewing mode and navigating
through the various systems files and
folders

Un-deleting and recovering lost files

Identifying and solving computer
crimes

The identification, preservation,

recovery, restoration and
presentation of digital evidence from
systems and devices

1967 (b) 1984

1980 (d) 1990

2000 (b) 2003

1996 (d) 2001

e-mail harassment (b) Falsification of data

Sabotage (d) Identification of data

.exe (b) .txt

.iso (d) .sam

Data mining (b) Data carving

Metadata (d) Data Spoofing

Data mining (b) Data carving

Metadata (d) Data Spoofing
Formatting disk

Storing data

Finding configuration files

Deleting files
An examination should never be
performed on the original media.

A copy is made on to forensically

sterile media. New media should
always be used if available.

The computer and the data on it must

be protected during the acquisition
of the media to ensure that the data
is not modified.

All of above.
To duplicate original data and
preserve original evidence and then
performing the series of
investigation by collecting,
identifying and validating digital
information for the purpose of
restructuring past events.

Accessing the system’s directories

viewing mode and navigating
through the various systems files and
folders.

Un-deleting and recovering lost files.

Identifying and solving computer
crimes.

Digital forensic investigation

Detail forensic investigation

Digital forensic information

Detail forensic information

Data may be stored in damaged

device, but the investigator searches
the data in working devices.
To examine digital evidence and to
ensure that they have not been
tampered in any manner.

The digital data found should be

protected from being modified.

Accessing the system’s directories

viewing mode and navigating
through the various systems files and
folders
Handle and locate certain amount of
valid data from large number of files
stored in computer system.

It is viable that the information has

been deleted, I such situation
searching inside the file is worthless.

If the files are secured by some

passwords, investigators must find
away to read the protected data in an
unauthorized manner.

All of above.
Data may be stored in damaged
device, but the investigator searches
the data in working devices.

Major obstacle is that each and every

case is different identifying the
techniques and tools will take long
time.
The digital data found should be
protected from being modified. It is
very tedious to prove that data under
examination is unaltered.

All of above.

Road matrix for Digital Forensic

Research

Roadmap for Data Forensic

Research

Road map for Digital Forensic

Research

Roadmap for Direct Forensic

Research

Palmar (b) Reith

Gunsh (d) Carr
5 (b) 6
8 (d) 4

Preservation (b) Identification

Collection (d) Examination

Preservation (b) Identification

Collection (d) Examination

Preservation (b) Identification

Collection (d) Examination

Preservation (b) Identification

Collection (d) Examination

Log files

Data files containing specific

phrases

Times-stamps

All of the above

Preservation (b) Identification

Analysis (d) Examination

Reporting (b) Identification

Analysis (d) Examination

Acquisition (b) Steganography

Live analysis (d) Hashing

Integrated Digital Investigation
Process

Integrated Data Investigator Process

Integrated Data Investigator Process

Independent Data Investigator

Process

Preserving Evidence

Seizing Evidence

Admissibility of Evidence

Discovery of Evidence
SIM (b) RAM

ROM (d) EMMC chip

Abstract Data Forensic Model

Abstract Digital Forensic Model

Absolute Digital Forensic Model

Absolute Data Forensic Model

Reith, Carr, Gunsh (b) Palmar

Carrier (d) Safford

Preservation (b) Identification

Analysis (d) Examination

Preservation (b) Identification

Analysis (d) Examination

Preservation (b) Presentation

Analysis (d) Examination

Reith, Carr, Gunsh (b) Palmar

Carrier and Safford (d) Stephenson

Readiness, Deployment Physical

Crime, Investigation Digital Crime,
Investigation, Review

Preservation, Deployment Physical

Crime, Investigation Digital Crime,
Investigation, Review

Readiness, Deployment Physical

Crime, Investigation Digital Crime,
Investigation, Analysis
Identification, Deployment Physical
Crime, Investigation Digital Crime,
Investigation, Review

Operations Readiness phase

Infrastructure Readiness phase

Both a and b

None of above

Detection and Notification phase

Confirmation and Authorization

phase

Both a and b

None of above
Investigation Digital Crime

Physical Crime Investigation phase

Review

Deployment

Preservation phase (b) Reconstruction phase

Documentation phase (d) Survey phase

Equal to Equal Digital Investigation
Process

End to End Digital Investigation

Process

End to End Data Investigation

Process

Equal to End Digital Investigation

Process

Reith, Carr, Gunsh (b) Palmar

Carrier and Safford (d) Stephenson

User modelling of digital forensic

process model

User modelling of data forensic

process model
UML modelling of digital forensic
process model

UML modelling of digital forensic

program model

Reith, Carr, Gunsh

Kohn, Eloff, and Oliver

Carrier and Safford

Stephenson

Metadata (b) Live analysis

Hacking (d) Bit Copy

Robotics (b) Simulation

Computer Forensics (d) Animation

Survey phase (b) Documentation phase

Reconstruction phase (d) Presentation phase

Preservation phase (b) Survey phase

Documentation phase (d) Reconstruction phase

Preservation of computer data

Extraction of computer data

Manipulation of computer data

Interpretation of computer data

Authentic and Accurate

Complete and Convincing

Conform and Human Readable

Duplicated and Preserved

Crime (b) Evidence

Security (d) Digital Forensic

Firewall (b) Quick launch

One Login (d) Authentication

Should contribute to the society and

human being
Should avoid harm to others

Uphold any relevant Evidence

Should be honest and trust worthy

Should be fair and take action not to

discriminate

Should honor property rights,

including copy rights and patents

Should give proper credit to

intellectual property

All of the above

Should contribute to the society and
human being

Should avoid harm to others

Should be honest and trustworthy

Should be fair and take action not to

discriminate

All of above

Only (a) and (b)

Acquisition (b) Steganography

Live analysis (d) Hashing

Uphold any relevant evidence

Declare any confidential matters or

knowledge

Distort or falsify education, training,

credentials

All of the above

Uphold any relevant evidence

Declare any confidential matters or

knowledge
Distort or falsify education, training,
credentials

To respect the privacy of others

Cookies (b) Metadata

User profiles (d) Sessions

Data in RAM memory

Running processes

Current network connections

All of the above

Who is the Father of Computer Forensics?

Digital forensics is all of them except

______.

In which year, Federal Bureau of

Investigation program was created?

Digital Forensics refers to ______.

Which of the following is FALSE?

Digital Forensics is______.

When the field of PC forensics began?

In which year, the first FBI Regional

Computer Forensic Laboratory was
recognized?

Which of this is not a computer crime?

Which file is used to store the user entered
password?

______ is the process of recording as much

data as possible to creature ports and
analysis on user input.

______searches through raw data on a hard

drive without using a file system.

What is first step to Handle Retrieving Data

from an Encrypted Hard Drive?

______ is the Rule of Digital Forensics.

What is the Major goal of Digital Forensics?

DFI stands for ______.

The main objective Digital forensic

investigation is ______.

The Digital Forensic Investigation process

must be able to handle the below obstacles
______.

The Digital Forensic investigation process

must be able to handle the below obstacles
______.

RMDFR stands for ______.

Who designed the RMDFR framework?

How many phases are in RMDFR

framework?
______ recognizes an incident from
indicators and determines its type.

_____ involves operations such as

preventing people from using computers
during collection, stopping on going deletion
processes, and choosing the safest way to
collect information.

______ consists of finding and collecting

digital information that may be relevant to
the investigation.
______ consists of “in-depth systematic
search of evidence” relating to the incident
being investigated.

The output of examination stage includes

______.

The aim of ______ stage is to “draw

conclusions based on evidence found”.

______ entails writing a report outlining the

examination process and pertinent data
recovered from the overall investigation.
Using what, data hiding in encrypted images
be carried out in digital forensics?

IDIP stands for______.

What is the most significant legal issue in

computer forensics?

What are the important parts of the mobile

device which used in Digital forensic?

ADFM stands for ______.

Who developed Abstract Digital Forensic

Model (ADFC)?
______ it involves the isolation, securing
and preserving the state of physical and
digital evidence.

______ is an in-depth systematic search of

evidence relating to the suspected crime.

______ includes Summary and explanation

of conclusion.

Who proposed the IDIP model?

Which are the five groups of IDIP model?

The Readiness phase of IDIP includes

______.

The Deployment phase of IDIP includes

______.
______ the goal of these phases is to collect
and analyse the physical evidence and
reconstruct the actions that took place during
the incident.

______ requires an investigator to walk

through the physical crime scene and
identify pieces of physical evidence.

EEDIP stands for ______.

Who proposed the EEDIP model?

UMDFPM stands for ______.

Who proposed the UMDFPM model?

Which term refers form codifying a compute
run a way which was not originally intended
to view Information?

The ability to recover and read deleted or

damaged files from a criminal’s computer is
an example of a law enforcement specialty
called ______.
In ______ phase investigator transfers the
relevant data from avenue out of physical or
administrative control of the investigator to a
controlled location

______ phase includes putting the pieces of

a digital puzzle together and developing
investigative hypotheses

Computer forensics do not involve _____

activity.

Which of the following is not a property of

computer evidence?
______ can make or break investigation.

______ is software that block sun authorized

users from connecting to your computer.

Which of following is not general ethical

norm for Investigator?

Which of the following is the ethical norm

for investigator?

Which of the following is the ethical norms

that should be satisfied by an Investigator?
What is called the process of creation a
duplicate of digital media for purpose of
examining it?

Which of following are Unethical norms for

Investigator?

Which of following is a not unethical norm

for Digital Forensics Investigation?

If the Internet History, file has been deleted,

______ may still provide information about
what Web sites the user has visited.
When shutting down a computer, what
information is typically lost?