4.

DIGITAL EVIDENCES
(a) Best Evidence (b) Relevant Evidence
1. To meet the requirements of the judging body and to
with stand or face any challenges, it is essential to (c) Digital Evidence (d) Correct Evidence
follow the______. 11. Rule of evidence is also called ______.
(a) Evidence-handling procedure (a) Best Evidence (b) Law of evidence
(b) Security Rules (c) Proper Evidence (d) Digital Evidence
(c) Criminals Rules 12. Private networks can be a richer source of evidence
(d) All of the above than the Internet, because ______.
2. Any information that can be confident or trusted and (a) They retain data for longer periods of time
can prove something related to a case in trial that is, (b) Owners of private networks are more
indicating that a certain substance or condition is cooperative with law enforcement
present is referred as ______. (c) Private networks contain a higher concentration
(a) Not an Evidence (b) Relevant Evidence of digital evidence
(c) Digital Evidence (d) Correct Evidence (d) All the above
3. ______ is an information which has a positive 13. The digital evidence is used to establish a credible
impact on the action occurred, such as the link between ______.
information supporting an incident. (a) Attacker and victim and the crime scene
(a) Evidence (b) Relevant Evidence (b) Attacker and the crime scene
(c) Digital Evidence (d) Correct Evidence (c) Victim and the crime scene
4. Digital Evidence is defined as______. (d) Attacker and Information
(a) Any probative information stored or transmitted 14. Digital evidence must follow the requirements of the
in digital form that a party to a court case may ______.
use at trial (a) Ideal Evidence rule (b) Best Evidence rule
(b) Data stored or transmitted using a computer (c) Exchange rule (d) All the mentioned
(c) Information of probative value 15. The evidence or proofs can be obtained from the
(d) Any random digital information electronic source is called the ______.
5. Before accepting digital evidence, a court will (a) Digital evidence
determine ______. (b) Demonstrative evidence
(a) If the evidence is relevant (c) Explainable evidence
(b) Whether it is authentic (d) Substantial evidence
(c) Whether a copy is acceptable or the original is 16. Rule of evidence must be ______.
required (a) Admissible (b) Authentic
(d) All of the above (c) Complete (d) All of the above
6. Which are the major forensic categories of digital 17. Locard’s exchange principle states ______.
devices where evidence can be found?
(a) When two items make contact, there will be an
(a) Internet-based interchange
(b) Stand-alone computers or devices (b) When two items make contact, there will be no
(c) Mobile devices interchange
(d) All of the above (c) Hackers are perfectionists for clarifying the
7. ______ is not a form of digital evidence. problem before they start generating ideas
(a) Cache files (b) Images (d) Hacking is identifying weakness in computer
(c) Fingerprint (d) Log files systems or networks to exploit its weaknesses to
8. The digital evidences are used to establish a credible gain access
link between the attacker, victim, and the ______. 18. “When two items make contact, there will be an
(a) Crime scene (b) Computer inter change” is stated by which principle?
(c) Evidence (d) Internet (a) Colley (b) Stephenson
9. ______ is the form of Digital Evidence. (c) John McCarthy (d) Locard’s
(a) Recycle Bin (b) Web History 19. According to Locard’s Exchange Principle, there
will always be evidence of the ______.
(c) Cookies (d) All of the above
(a) Interaction (b) Crime
10. The most complete copy or which includes all
necessary parts of evidence, which is closely related (c) Investigation (d) None
to the original evidence is known as ______.

P.1
Physics Motion in One Dimension

20. In an e-mail harassment case, investigators may be (a) Digital Evidence

able to obtain related information from Hot mail, (b) Documented Evidence
including ______. (c) Explainable Evidence
(a) Web server access logs (d) Substantial Evidence
(b) IP addresses 32. Contracts, wills, invoices etc. are forms of ______.
(c) Entire message in the sent mail folder of the of (a) Digital Evidence
fender’s e-mail account
(b) Documented Evidence
(d) All of the above
(c) Explainable Evidence
21. Cohen refers to digital evidence as a ______.
(d) Substantial Evidence
(a) Bag of bits (b) Proper Evidence
33. ______ is typically used in criminal cases in which
(c) Exact Evidence (d) Complete Evidence it supports the dependent, either partially or totally
22. ______ is a type of digital evidence. removing their guilt in the case.
(a) Eye witness (b) Picture and video (a) Digital Evidence
(c) Paper work (d) None of the above (b) Documented Evidence
23. ______ refers to digital evidence as a bag of bits. (c) Explainable Evidence
(a) Colley (b) Stephenson (d) Substantial Evidence
(c) John McCarthy (d) Cohen 34. A proof that is introduced in the form of a physical
24. Cohen refers to ______ as a bag of bits. object, whether whole or in part is referred to
(a) Digital evidence (b) Physical evidence as______.
(c) Correct evidence (d) Complete evidence (a) Digital Evidence
25. According to Cohen, ______ is used to port ray data (b) Documented Evidence
more specifically and is helpful in determining the (c) Explainable Evidence
background of digital evidence. (d) Substantial Evidence
(a) Data structure (b) Metadata 35. Substantial Evidence is also called______.
(c) Database (d) Serial data (a) Physical evidence
26. The process of ensuring that providing or obtaining (b) Digital Evidence
the data that you have collected is similar to the data (c) Documented Evidence
provided or presented in a court is known as______.
(d) Explainable Evidence
(a) Evidence validation (b) Relative evidence
36. Dried blood, finger print, and DNA samples, casts of
(c) Best evidence (d) Illustrative evidence foot prints are examples of ______.
27. Illustrative evidence is also called ______. (a) Digital Evidence
(a) Demonstrative evidence (b) Documented Evidence
(b) Documented Evidence (c) Explainable Evidence
(c) Explainable Evidence (d) Substantial Evidence
(d) Substantial Evidence 37. _____ is the kind of evidence spoken by the
28. Photographs, videos, sound recordings, X-rays, spectator under the oath, or written evidence given
maps, drawing, graphs, charts, simulations, under the oath by an official declaration that is
sculptors, and models are the ______ evidence. affidavit.
(a) Documented Evidence (a) Digital Evidence
(b) Explainable Evidence (b) Documented Evidence
(c) Substantial Evidence (c) Testimonial
(d) Illustrative evidence (d) Explainable Evidence
29. Electronic evidence is nothing but______. 38. While responding to a computer security incident, a
(a) Documented Evidence failure to adequately document may occur because
(b) Explainable Evidence of ______.
(c) Digital Evidence (a) Analytical data might never be collected
(d) Substantial Evidence (b) Critical data may be lost
30. The evidence or proof that can be obtained from the (c) Data’s origin or meaning may be come
electronic source is called the______. unknown
(a) Digital Evidence (d) All of above
(b) Documented Evidence 39. The challenges faced in the evidence handling must
(c) Explainable Evidence be properly understood by all the investigators.
(d) Substantial Evidence (a) True (b) False
31. Email, hard drives, Log files are forms of______.

2.5
Physics Motion in One Dimension

40. It is essential for every organization to have formal (b) Communication systems
______ that support computer security investigation. (c) Embedded computer systems
(a) Evidence-handling procedure (d) None of the above
(b) Security Rules 50. In terms of digital evidence, the Internet is an
(c) Criminals Rules example of ______.
(d) Evidence Collection (a) Open computer systems
41. The most difficult task for an evidence handler is to (b) Communication systems
substantiate the collected evidence at the judicial (c) Embedded computer systems
proceedings. (d) None of the above
(a) True (b) False 51. Computers can be involved in which of the
42. The laws of many state jurisdictions define data as following types of crime?
______ and ______. (a) Homicide and sexual assault
(a) Written Works, Record keeping (b) Computer intrusions and intellectual property
(b) Evidence, Record Keeping theft
(c) Written Works, Evidence (c) Civil disputes
(d) Information, Evidence (d) All the above
43. Before introducing data as evidence, documents and 52. A logon record tells us that, at a specific time
recorded material must be ______. _____.
(a) Validated (b) Authenticated (a) An unknown person logged in to the system
(c) Checked (d) Unchecked using the account
44. For an evidence to be admissible, it is necessary that (b) The owner of a specific account logged into the
it should be ______, otherwise the information system
cannot be presented to judge only. (c) The account was used to login to the system
(a) Validated (b) Authenticated (d) None of the above
(c) Checked (d) Unchecked 53. Cyber trails are advantageous, because ______.
45. The chain of custody in digital forensics can also be (a) They are not connected to the physical world
referred to as ______. (b) Nobody can be harmed by crime on the Internet
(a) Forensic link (c) They are easy to follow
(b) Paper trail (d) Offenders who are unaware of them leave
(c) The chronological documentation of electronic behind more clues than they otherwise would
evidence have
(d) All of the above 54. Private networks can be a richer source of evidence
46. What are the three general categories of computer than the Internet, because:
systems that can contain digital evidence? (a) They retain data for longer periods of time
(a) Desktop, laptop, server (b) Owners of private networks are more
(b) Personal computer, Internet, mobile telephone cooperative with law enforcement
(c) Hardware, software, networks (c) Private networks contain a higher concentration
(d) Open computer systems, communication of digital evidence
systems, and embedded systems (d) All of the above (Repeats at No. 12)
47. In terms of digital evidence, a hard drive is an 55. The evidence must be usable in the court which is
example of ______. called ______.
(a) Open computer systems (a) Admissible (b) Authentic
(b) Communication systems (c) Complete (d) Reliable
(c) Embedded computer systems 56. ______ is known as testimonial.
(d) None of the above (a) Oath affidavit (b) DNA samples
48. In terms of digital evidence, a mobile telephone is (c) Fingerprint (d) Dried blood
an example of ______. 57. Chain of Custody documents ______.
(a) Open computer systems (a) Each person who handled the evidence
(b) Communication systems (b) The date/time it was collected or transferred
(c) Embedded computer systems (c) The purpose for the transfer
(d) None of the above (d) All of the above
49. In terms of digital evidence, a Smart Card is an 58. Chain of Custody in Computer Forensics indicates
example of ______. ______.
(a) Open computer systems (a) Collection (b) Sequence of control

2.6
Physics Motion in One Dimension

(c) Transfer (d) Analysis Perform a hash test analysis to further

(e) All of above authenticate the working clone
59. It is important to maintain the ______ to preserve (b) Save the original materials
the integrity of the evidence and prevent it from Do not take the photo so physical evidence
contamination. Take screen shots of digital evidence content
(a) Documentation (b) Chain of custody Do not Document date, time, and any other
(c) Proofs (d) Validation information of receipt
60. If Chain of Custody is not preserved, the evidence Inject a bit-for-bit clone of digital evidence
presented in court might be challenged and ruled in content into our forensic computers
admissible. Perform a hash test analysis to further
(a) True (b) False authenticate the working clone
61. It is possible to have the evidence presented in court (c) Take photo so physical evidence
dismissed if there is a missing link in the ______. Take screens hot so digital evidence content
(a) Authentication (b) Chain of custody Document date, time, and any other information
(c) Validation (d) Process of receipt
62. The digital evidence is used to establish a credible Perform a hash test analysis to further
link between ______. authenticate the working clone
(a) Attacker and the crime scene (d) Save the original materials
(b) Victim and the crime scene Take photos of physical evidence
(c) Attacker and victim and the crime scene Take screen shots of digital evidence content
(d) Attacker and Information Document date, time, and any other information
63. Which of the following is not a part of crime scene of receipt
processing? 67. One should always work on copies of the digital
(a) The systematic search for and recovery of evidence as opposed to the original.
physical evidence. The packaging and labelling (a) True (b) False
of the physical evidence. 68. What ensures that the data obtained from the
(b) The construction of a systematic log of all previous bit-by-bit copy procedure is not corrupt and
actions taken at the scene and by whom these reflects the true nature of the original evidence?
actions were taken. (a) Copy Test (b) Hash test
(c) The storage of the physical evidence and the (c) Security Test (d) All of above
subjection of the physical evidence to forensic 69. The procedure of the chain of custody might be
examination. different.
(d) The preservation of the scene in the state in (a) True (b) False
which it was found. There cording of the scene,
70. Always work with the original evidence to develop
in the state in which it was found, by notes and,
procedures.
where appropriate, photographs, video
recording, sketches and the collection of data (a) True (b) False
that will allow virtual scenes to be made using 71. What considerations are involved with Digital
computer graphics. Evidence?
64. When a file is deleted from a hard drive, it can often (a) Never work with the original evidence to
be recovered. develop procedures
(a) True (b) False (b) Use clean collecting media
65. ______ indicates the collection, sequence of control, (c) Document any extra scope
transfer, and analysis. (d) Consider safety of personnel at the scene
(a) Hacking (b) Cracking (e) All of the above
(c) Chain of Custody (d) Digital Forensics 72. What considerations are not involved with Digital
66. Which of the following procedure is followed Evidence?
according to the chain of custody for electronic (a) Work with the original evidence to develop
evidence? procedures
(a) Save the original materials (b) Use clean collecting media
Take photos of physical evidence (c) Document any extra scope
Take screen shots of digital evidence content (d) Consider safety of personnel at the scene
Document date, time, and any other information 73. In some cases, the examiner may only have the
of receipt opportunity to ______ while on site.
Inject a bit-for-bit clone of digital evidence (a) Identify the number and type of computers.
content into our forensic computers (b) Determine if a network is present.

2.7
Physics Motion in One Dimension

(c) Interview the system administrator and users. (B) By default, every part of the victim’s computer
(d) Document the location from which the media is considered unreliable.
was removed. (a) A and B both are true
(e) All of the above. (b) A is true and B is false
74. To meet the challenge of validation, it is necessary (c) A and B both are false
to ensure that the original media matches the (d) A is false and B is true
forensic duplication by using ______. 81. ______ is not a type of volatile evidence?
(a) MD5hashes (b) Trans position (a) Routing Tables (b) Main Memory
(c) Steganography (d) All of above (c) Log files (d) Cached Data
75. Evidence collection calculated by MD5 after 6 82. ______is not related with digital evidence?
months may not be helpful.
(a) Work with the original evidence to develop
(a) True (b) False procedures
76. When collecting evidence, one should always try to (b) Use clean collecting media
proceed from the ______.
(c) Document any extra scope
(a) Least volatile to the most
(d) Consider safety of personnel at the scene
(b) By Any Order
83. Cyber trails are advantageous, because______.
(c) Most volatile to the least
(a) They are not connected to the physical world.
(d) None of Above
(b) Nobody can be harmed by crime on the Internet.
77. To determine what evidence to collect first, the
(c) They are easy to follow.
______ is the order of volatility.
(d) Offenders who are unaware of them leave
(a) Routing tables
behind more clues than they otherwise would
Kernel statistics and modules have.
Registers and cache 84. A logon record tells us that, at a specific time
Main memory _____.
Secondary memory (a) An unknown person logged into the system
(b) Registers and cache using the account
Routing tables (b) The owner of a specific account logged into the
Kernel statistics and modules system
Main memory (c) The account was used to login to the system
Secondary memory (d) None of the above
(c) Registers and cache
Routing tables
Kernel statistics and modules
Secondary memory
Main memory
(d) Registers and cache
Routing tables
Secondary memory
Main memory
Kernel statistics and modules
78. The contents of CPU cache and registers are
______.
(a) Extremely volatile (b) Non-volatile
(c) Permanent (d) Moderate Volatile
79. ______ is an example of non-volatile memory.
(a) Registers and Cache (b) Process table
(c) Flash memory (d) ARP cache
80. From the two given statements (A) and (B), select
the correct options:
(A) Original media can be used to carryout digital
investigation process.

2.8
Physics Motion in One Dimension

ANSWER KEY
1. (a) 2. (c) 3. (b) 4. (a) 5. (d) 6. (d) 7. (c) 8. (a) 9. (d) 10. (a)
11. (b) 12. (c) 13. (a) 14. (b) 15. (a) 16. (d) 17. (a) 18. (d) 19. (a) 20. (d)
21. (a) 22. (b) 23. (d) 24. (a) 25. (b) 26. (a) 27. (a) 28. (d) 29. (c) 30. (a)
31. (a) 32. (b) 33. (c) 34. (d) 35. (a) 36. (d) 37. (c) 38. (d) 39. (a) 40. (a)
41. (a) 42. (a) 43. (b) 44. (b) 45. (d) 46. (d) 47. (a) 48. (c) 49. (c) 50. (b)
51. (d) 52. (c) 53. (d) 54. (c) 55. (a) 56. (a) 57. (d) 58. (e) 59. (b) 60. (a)
61. (b) 62. (c) 63. (c) 64. (a) 65. (c) 66. (a) 67. (a) 68. (b) 69. (a) 70. (b)
71. (e) 72. (a) 73. (e) 74. (a) 75. (a) 76. (c) 77. (b) 78. (a) 79. (c) 80. (d)
81. (a) 82. (a) 83. (d) 84. (c)

2.9