Review 2

This document contains a series of questions about digital forensic procedures and Windows system artifacts. It asks about which devices require immediate bagging, the most volatile evidence, and what data may be lost if an encrypted device is powered off. Other questions cover the initial steps of a forensic examiner at a crime scene, proper cloning procedures, and recommended acquisitions for devices with low or dead batteries. Later questions focus on artifacts like hibernation files, page files, deleted data reconstruction, and where user login and file timestamp information is stored within Windows systems.

Uploaded by

co ca

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

88 views14 pages

Review 2

Uploaded by

co ca

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 14

Review 2

5-6. Collecting Evidence

Which item must be placed in a Faraday bag
immediately after seizure?

A. SD cards
B. Thumb drive
C. Hard disk
D. Cell phone
E. Laptop
Which item of evidence is the most volatile?

A. Deleted files on a hard disk

B. Downloads in progress
C. Archival data
D. Data stored in the cloud
E. USB thumbdrive data
If a suspect is using encryption, which data
below is likely to be lost if the device is powered
off?

A. Cell phone
B. USB thumb drive
C. Contents of RAM
D. Laptop hard drive
E. All of the above
Which is the first step done by a forensic
examiner who arrives at a crime scene?

A. Take photographs
B. Label devices
C. Take notes
D. Fill out Chain of Custody form
E. Remove extra people
Joe is making a clone of the evidence drive onto
a target drive. Which of these is not a good
practice?

A. Forensically wipe target drive first

B. Use antivirus to scan the forensic workstation
C. Use antivirus to scan the evidence drive
D. Use a hardware write-blocker
E. Calculate the MD5 hash
You find a laptop at a crime scene with a dead
battery. What type of acquisition should you
perform?

A. Live acquisition in a laboratory

B. Static acquisition in a laboratory
C. Live acquisition at the scene
D. Static acquisition at the scene
E. They are all equally useful
You find a cell phone at a crime scene with a
low battery, and no charger is available. What
type of acquisition should you perform?

A. Live acquisition in a laboratory

B. Static acquisition in a laboratory
C. Live acquisition at the scene
D. Static acquisition at the scene
E. They are all equally useful
7-8. Windows System Artifacts
Which type of data is created when a laptop lid
is closed?

A. Deleted data
B. Hiberfil
C. Page file
D. Registry
E. Metadata
Which type of data must be reconstructed with
file carving?

A. Thumbnails
B. MRU list
C. Restore points
D. Deleted data
E. Metadata
Where is the identity of the last-logged-in user
stored?

A. MRU list
B. Hiberfil
C. Page file
D. Registry
E. Metadata
Where is the Modified timestamp for a file
stored?

A. MRU list
B. Hiberfil
C. Page file
D. Registry
E. Metadata

Review
No ratings yet
Review
53 pages
CH 2
No ratings yet
CH 2
7 pages
Unit4 Mcqs
No ratings yet
Unit4 Mcqs
13 pages
248
No ratings yet
248
8 pages
ETI Assignment - III
No ratings yet
ETI Assignment - III
2 pages
Forensic Study Guide Update
No ratings yet
Forensic Study Guide Update
5 pages
المستند
No ratings yet
المستند
17 pages
Who Is The Father of Computer Forensics?
No ratings yet
Who Is The Father of Computer Forensics?
83 pages
Forensic Exam
No ratings yet
Forensic Exam
5 pages
QUIZ OUTPUT FINAL Chap 3
No ratings yet
QUIZ OUTPUT FINAL Chap 3
16 pages
First Responder
No ratings yet
First Responder
8 pages
MSC Computer Security and Forensics
No ratings yet
MSC Computer Security and Forensics
10 pages
Unit 6 - CSDF
No ratings yet
Unit 6 - CSDF
19 pages
Module 3 - Buiding-Environments-For-Digital-Forensics
No ratings yet
Module 3 - Buiding-Environments-For-Digital-Forensics
50 pages
ETIass 3
No ratings yet
ETIass 3
11 pages
Computer Forensics Essentials
No ratings yet
Computer Forensics Essentials
4 pages
Forensics 1
No ratings yet
Forensics 1
6 pages
4 Chapter ETI MCQ
No ratings yet
4 Chapter ETI MCQ
15 pages
CHFI v3 Sample Test Questions
No ratings yet
CHFI v3 Sample Test Questions
7 pages
3 RD Chapters MCQ's
No ratings yet
3 RD Chapters MCQ's
9 pages
Unit4 CSDF
No ratings yet
Unit4 CSDF
15 pages
Chapter 4
No ratings yet
Chapter 4
12 pages
Eti 3
No ratings yet
Eti 3
6 pages
Network Security Forensics Assignment
No ratings yet
Network Security Forensics Assignment
12 pages
DF MCQ 1
67% (9)
DF MCQ 1
7 pages
ETI Unit 3 MCQ
No ratings yet
ETI Unit 3 MCQ
6 pages
Forensic Investigation Essentials
100% (1)
Forensic Investigation Essentials
29 pages
CF Unit 2
No ratings yet
CF Unit 2
17 pages
Eti MCQS
No ratings yet
Eti MCQS
7 pages
Question Bank
No ratings yet
Question Bank
27 pages
Semi Final Lecture Part2
No ratings yet
Semi Final Lecture Part2
72 pages
Digital Forensics Course Overview
No ratings yet
Digital Forensics Course Overview
10 pages
Cyber Forensics Quiz Answer Key
No ratings yet
Cyber Forensics Quiz Answer Key
16 pages
CSDF Unit 5
No ratings yet
CSDF Unit 5
16 pages
Computer Forensics Exam
No ratings yet
Computer Forensics Exam
5 pages
3UNITETI
No ratings yet
3UNITETI
7 pages
Cat 2 Computer Forensics
No ratings yet
Cat 2 Computer Forensics
9 pages
Secr250jus FINAL
No ratings yet
Secr250jus FINAL
9 pages
ETI 22618 UT2 Question Bank
No ratings yet
ETI 22618 UT2 Question Bank
19 pages
20.4.3 Bootloaders: Loader. This Code Has Very Basic Functionality and Is Comparable To The BIOS
No ratings yet
20.4.3 Bootloaders: Loader. This Code Has Very Basic Functionality and Is Comparable To The BIOS
6 pages
Ch. 3 Basics of Digital Forensic
No ratings yet
Ch. 3 Basics of Digital Forensic
4 pages
ETI Chapter 3 Assignment
No ratings yet
ETI Chapter 3 Assignment
14 pages
Good Forensic Practice
No ratings yet
Good Forensic Practice
38 pages
216SE Tutorial 1 First Responder Solutions v1.0
No ratings yet
216SE Tutorial 1 First Responder Solutions v1.0
9 pages
Forensics Test2
No ratings yet
Forensics Test2
19 pages
Chapter 2 Digital Forensic Tools and Data Acquzation Process
No ratings yet
Chapter 2 Digital Forensic Tools and Data Acquzation Process
27 pages
Chapter - 1 Digital Forensics
No ratings yet
Chapter - 1 Digital Forensics
46 pages
CF2019
No ratings yet
CF2019
9 pages
Evidence Collection in Workplace Investigations
No ratings yet
Evidence Collection in Workplace Investigations
9 pages
Chapter 4 (Digital Forensics)
No ratings yet
Chapter 4 (Digital Forensics)
11 pages
DF Assignment-18bbtcs088 1
No ratings yet
DF Assignment-18bbtcs088 1
9 pages
Digital Evidence Collection and Analysis
No ratings yet
Digital Evidence Collection and Analysis
181 pages
Mobile Forensics
No ratings yet
Mobile Forensics
9 pages
Mobile Forensics Challenges and Techniques
No ratings yet
Mobile Forensics Challenges and Techniques
8 pages
Fdocuments - in - Computer Forensics 5584a063871ca
No ratings yet
Fdocuments - in - Computer Forensics 5584a063871ca
63 pages
Exam CF
No ratings yet
Exam CF
16 pages
Block Cipher Operations Overview
No ratings yet
Block Cipher Operations Overview
26 pages
Cryptography and Network Security: Sixth Edition by William Stallings
No ratings yet
Cryptography and Network Security: Sixth Edition by William Stallings
26 pages
Quiz Midterm Test
No ratings yet
Quiz Midterm Test
1 page
CH 13
No ratings yet
CH 13
22 pages
Server Maintenance Checklist Template ProjectManager FD CM
No ratings yet
Server Maintenance Checklist Template ProjectManager FD CM
12 pages
Continuous Random Variables Quiz
No ratings yet
Continuous Random Variables Quiz
1 page
Quiz Chapter 2 (Pass - Quizchapter2)
No ratings yet
Quiz Chapter 2 (Pass - Quizchapter2)
1 page
Continuous Random Variables Quiz
No ratings yet
Continuous Random Variables Quiz
1 page
Chapter 6 Quiz: Descriptive Statistics
No ratings yet
Chapter 6 Quiz: Descriptive Statistics
1 page
SWIFT Customer Security Program
No ratings yet
SWIFT Customer Security Program
12 pages
Nsaf - Netsentries Swift Assessment Framework
No ratings yet
Nsaf - Netsentries Swift Assessment Framework
8 pages
Guide To ISO 20022 Migration Part 3 Final
No ratings yet
Guide To ISO 20022 Migration Part 3 Final
44 pages