What is the First Step required in preparing a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency level of the examination
Who is responsible for the following tasks?
A. Non-Laboratory Staff
B. System administrators
C. Local managers or other non-forensic staff
D. Lawyers
Consistency in the investigative report is more important than the exact format in the report to eliminate uncertainty and confusion.
A. True
B. False
When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on
A. True
B. False
Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader?
A. Open code steganography
B. Visual semagrams steganography
C. Text semagrams steganography
D. Technical steganography
Data Acquisition is the process of imaging or otherwise obtaining information from a digital device and its peripheral equipment and media
A. True
B. False
LBA (Logical Block Address) addresses data by allotting a ___________to each sector of the hard disk.
A. Sequential number
B. Index number
C. Operating system number
D. Sector number
At the time of evidence transfer, both sender and receiver need to give the information about date and time of transfer in the chain of custody record.
A. True
B. False
Dumpster Diving refers to:
A. Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes
B. Looking at either the user's keyboard or screen while he/she is logging in
C. Convincing people to reveal the confidential information
D. Creating a set of dictionary words and names, and trying all the possible combinations to crack the password
Identify the attack from following sequence of actions? Step 1: A user logs in to a trusted site and creates a new session Step 2: The trusted site stores a session identifier for the session in a cookie in the web browser Step 3: The user is tricked to visit a malicious site Step 4: the malicious site sends a request from the user's browser using his session cookie
A. Web Application Denial-of-Service (DoS) Attack
B. Cross-Site Scripting (XSS) Attacks
C. Cross-Site Request Forgery (CSRF) Attack
D. Hidden Field Manipulation Attack
Which one of the following statements is not correct while preparing for testimony?
A. Go through the documentation thoroughly
B. Do not determine the basic facts of the case before beginning and examining the evidence
C. Establish early communication with the attorney
D. Substantiate the findings with documentation and by collaborating with other computer forensics
professionals
SMTP (Simple Mail Transfer protocol) receives outgoing mail from clients and validates source and destination addresses, and also sends and receives emails to and from other SMTP servers.
A. True
B. False
According to US federal rules, to present a testimony in a court of law, an expert witness needs to furnish certain information to prove his eligibility. Jason, a qualified computer forensic expert who has started practicing two years back, was denied an expert testimony in a computer crime case by the US Court of Appeals for the Fourth Circuit in Richmond, Virginia. Considering the US federal rules, what could be the most appropriate reason for the court to reject Jason's eligibility as an expert witness?
A. Jason was unable to furnish documents showing four years of previous experience in the field
B. Being a computer forensic expert, Jason is not eligible to present testimony in a computer crime case
C. Jason was unable to furnish documents to prove that he is a computer forensic expert
D. Jason was not aware of legal issues involved with computer crimes
Mobile phone forensics is the science of recovering digital evidence from a mobile phone under forensically sound conditions.
A. True
B. False
Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information?
A. Man-in-the-middle (MITM) attack
B. Replay attack
C. Rainbow attack
D. Distributed network attack