FORM NO.

F/ EVAL / 004
Rev.00 Date 20.03.2020
Page 1 of 3

CAT2 QUESTION PAPER - UG-E&T

(With Course Outcome / Blooms Level, etc.)

SUB. CODE: SUB.NAME:

DEGREE :B. Tech BRANCH:
YEAR/SEMESTER: I/II SECTIONS/COMMON TO:
MAX. MARKS:50 DURATION: 90 min
DATE: PORTION: 2 units

PART A - ANSWER THE FOLLOWING (MCQ’s) (10x1 = 10 marks)

Q. No Questions Marks CO BL PI code
1 What is the first step in the forensic investigation process? 1
a) Collection of evidence
b) Analysis of evidence
c) Reporting of findings
d) Preservation of evidence
2 What is the main goal of forensic investigation? 1
a) To prove guilt or innocence
b) To determine the cause of an incident or crime
c) To identify potential suspects
d) To gather evidence for a civil lawsuit
3 Which of the following is an example of physical evidence? 1
a) Witness statements
b) Fingerprints
c) Expert testimony
d) Police reports
4 Which of the following is not a common use of hashing? 1
a) Password storage
b) Digital signatures
c) Data compression
d) Data encryption
5 Which of the following hashing algorithms is considered secure? 1
a) MD5
b) SHA-1
c) SHA-256
d) CRC
6 What is the first step in seizing a computer? 1
a) Shutting down the computer
b) Disconnecting the computer from the network
c) Documenting the state of the computer
d) Removing the hard drive
7 What is a write blocker? 1
a) A device that allows data to be written to a hard drive
b) A device that prevents data from being written to a hard drive
c) A type of software used to delete data from a hard drive
d) A device used to clone a hard drive
8 What is the first step in preparing for a computer seizure? 1
a) Securing the premises where the computer is located
b) Creating a plan for the seizure
c) Obtaining a warrant or consent to search
d) Identifying the type of computer to be seized
9 Why is it important to document the state of the computer before 1
seizing it?
a) To prevent the owner from claiming the computer was
tampered with
b) To identify any changes made to the computer during the
seizure process
c) To determine if the computer has been compromised or
hacked
d) To establish a chain of custody for the evidence
10 What is a "mirror image" of a hard drive? 1
a) A backup copy of the data on the hard drive
b) A compressed version of the data on the hard drive
c) A copy of the operating system on the hard drive
d) A type of malware that infects the hard drive
PART B – ANSWER THE FOLLOWING (4 X 10 = 40 Marks)
11 a) What is live collection in principles of live 10
collection?
 FORM NO. F/ EVAL / 004
Rev.00 Date 20.03.2020
Page 2 of 3

b)What types of data can be collected during

live collection?
OR
12 What is a crime scene? , What is the 10
importance of preserving a crime scene?
13 What is the difference between a hash and an 10
encryption?
OR
14 What is the forensic image formats ? 10
15 How should evidence be identified and 10
collected at the scene of a computer seizure?
OR
16 What is the process for recovering evidence 10
from a seized computer system?
17 How should evidence be identified and 10
collected at the scene of a computer seizure?
OR
18 What tools and techniques are used to recover 10
data from a seized computer system, and how
do they work?
Sample Graph/Chart:

Course Outcomes (CO) Blooms Taxonomy Levels (BL)*

CO1 CO2 CO3 CO4 CO5 CO6 L1 L2 L3 L4 L5 L6
Marks
CO1:
CO2:
CO3:
CO4:
CO5:
CO6:
*BL –Bloom’s Taxonomy Levels (L1- Remembering, L2-Understanding, L3 –Applying,
L4- Analyzing, L5- Evaluating, L6- Creating), CO – Course Outcomes, PI Code – Performance
Indicator Code
 FORM NO. F/ EVAL / 004
Rev.00 Date 20.03.2020
Page 3 of 3

Answer Key Template (UG-E&T – CAT3)

SUB. CODE: SUB.NAME:

DEGREE : BRANCH:
YEAR/SEMESTER: SECTIONS/COMMON TO:
MAX.MARKS: 50 DURATION:60 min
DATE: PORTION: 5 units

Ans. No. Contents of the Answer * Allocation of Marks

6. Step
Mark

Step
Mark

Total
________________________________________________________ Step
Marks
Mark

7. Step
Mark

Step
Mark

Total
________________________________________________________ Step
Marks
Mark

Etc.,,

Prepared by Reviewed and Approved by

Subject In charge HoD

*Key words / Formula / Diagram / Definitions etc., - as appropriate