DF Question Bank

1) Crime conducted in the real world but facilitated by the use of computers.*

Computer based crimes

Computer facilitated crimes
Digital Crime
E-Crime
2) CART stands for:

Computer Analysis and Reporting Team

Crime Analysis and Reporting Team
Computer Applied Research Team
Computer Analysis and Response Team
3) Crime conducted in the "real world" but facilitated by the use of computers.*

Computer based crime

Computer facilitated crime
Computer crime
Digital crime
4) It is the ability of an organisation to maximise its potential to use digital evidence whilst
minimising the costs of an investigation

Forensic readiness
Forensic analysis
Data analysis
Machine learning
5) To conduct a computer investigation, you first need to obtain proper authorization unless
existing policies and procedures provide incident response authorization.
True
False
6) These are software components that take complete control of a computer and conceal their
existence from standard diagnostic tools.
Antivirus
Spam
Rootkits
Keyloggers
7) It is any probative information stored or transmitted in digital form that a party to a court
case may use at trial.
Digital evidence
Rootkit
DNS
Firewal
8) Digital evidence are always in a format that is directly readable by human.
True
False
9) It is the practice of attempting to thwart computer forensic analysis.*
Digital Forensics
Anti-forensics
Computer Forensics
Cyber Law
10) A forensic technique that correlates information found on multiple hard drives.*
Live analysis
Stochastic forensics
Steganography
Cross-drive analysis
11) What type of information can be typically found in a network packet capture log?
A. User login details
B. IP addresses and protocols
C. File system changes
D. System hardware information
1) A is a computer networking device that connects devices together on a
computer network, by using packet switching to receive, process and forward data to the
destination device.

Router
Switch
Network Switch
Hub
2) is the process of trying to recover files without a file
system metadata.

Formatting
Partitioning
NEFT
File carving
3) A refers to all the data located on the same track of different platters.*
1 point
Sector
Slack space
Datum
Cylinder
4) An HDD records data by magnetizing a thin film of material on a disk.*
1 point
Electronic
Ferromagnetic
Electromagnetic
Electric
5) A is a file system that acts as a client for a remote file access
protocol, providing access to files on a server.
NEFT
FAT
FAT32
Network File System
6) Modem, hub, bridge or switches are in a data communication.
data communication equipment
data terminal equipment
data transmission equipment
data formatting equipment
7) The purpose of a is to load the initial kernel and supporting modules into
memory.
BIOS
Firmware
Bootloader
Malware
8) is the process of writing the sectors that will make up the partition table.
Formatting
Partitioning
NEFT
Booting
9) is the software that is programmed into Electrically Erasable
Programmable Read-Only Memory.

BIOS
Firmware
Bootloader
Malware
10) is the amount of on-disk file space from the end of the logical record
information to the end of the physical disk record.
Sector
Slack space
Datum
Cylinde
1) An event viewer application uses the function to open the event log for an
event source.
ProScript
OpenEventLog
ReportEvent
SAM
2) is where a lower privilege user or application accesses functions or
content reserved for higher privilege users or applications.
Vertical privilege escalation
Horizontal privilege escalation
Neutral privilege escalation
Normal privilege escalation
3) IP address of the computer sending the mail can generally be identified from the
in the email header

Received sub-head
ReportEvent
WIDZ
RealSecure
4) Non-wrapping can occur when the event log is created or when the event log is cleared.*
True
False
5) Office Password Recovery Toolbox is software which stores lost password to any
Microsoft Office document effectively.
True
False
6) Open Web Analytics is written in PHP and uses a MySQL database.
True
False
7) The Security Account Manager (SAM) is a database file in Windows.
True
False
8) Various ways of sniffing into wireless frames are using capabilities of .

Wired Mode
WIDZ
RealSecure
Monitor modecon
9) is the act of searching for Wi-Fi wireless networks by a person in a moving
vehicle, using a portable computer, smartphone or personal digital assistant (PDA).*
1 point
Wi-Fi Protected Access
Wardriving
Snort-wireless
Spoofing
10) is the creation of email messages with a forged sender address.*
Phishing
Wardriving
Email spoofing
Spam
1) A simple protocol used for fetching e-mail form a mailbox is*
1 point
CIMP
POP3
SMTP
DNS
2) work to keep data from reaching the mobile device and keep the mobile
device from transmitting any data outward.*
1 point
CIMP
POP3
SMTP
Faraday bags
3) Bluetooth 4.0 is also referred to as *
1 point
Bluetooth Low Energy
Wifi
Integrated Digital Enhanced Network
Code Division Multiple Access
4) Bluetooth is defined as being a long-range radio technology (or wireless technology)
aimed at simplifying communications among Internet devices and between devices and the
Internet.

True
False
5) Devices, such as cameras, are not treated as storage devices in much the same way as USB
drives.

True
Fals
6) E-mail address is made up of

Single part
Two parts
Three parts
Four parts
7) E-mail addresses separate the user-name from the ISP using the symbol.

#
$
@
%
8) Network isolation is advisable either through placing the device in Airplane Mode, or
cloning its SIM card.

True
False
9) SMTP is a simple
1 point
TCP protocol
UDP protocol
DNS protocol
IP protocol
10) SMTP stands for
Short Mail Transmission Protocol
Small Mail Transmission Protocol
Server Mail Transfer Protocol
Simple Mail Transfer Protocol

1. Crime conducted in the real world but facilitated by the use of computers.
0 points
Computer based crimes
Computer facilitated crimes
Digital Crime
E-Crime
2. Digital evidence obtained without permission/authorization are admissible by courts.
1 point
True
False
3. Digital evidences must follow the requirements of the .
1 point
Cross Drive Analysis
Forensic Readiness
Best Evidence Rule
Antiforensics
4. EFS stands for
1 point
Encrypting Filing System
Electronic File System
Encrypting File System
Electronic File Security
5. Include a tool to collect and analyze .
1 point
Chain of Custody
Forensic Readiness
Metadata
Antiforensics
6. It is necessary to ensure that staff is competent to perform any roles related to the handling
and preservation of evidence.
1 point
True
False
7. It is possible to view Encrypted data without the correct key or password.

1 point
True
False
8. Preservation of the is accomplished by having verifiable documentation that
indicates who handled the evidence, when they handled it, and the locations, dates, and times
of where the evidence was stored.*
1 point
Chain of Custody
Forensic Readiness
Metadata
Antiforensics
9. IP address of the computer sending the mail can generally be identified from the
in the email header.
1 point
Received sub-head
ReportEvent
WIDZ
RealSecure
10. This web site provides access to a comprehensive database of phones supported by
various software suppliers.
1 point
www.MobileForensics.com
www.ForensicsCentral.com
www.MobileCentral.com
www.MobileForensicsCentral.com
11. What is the purpose of a write blocker in digital forensics?
A. To prevent unauthorized access to data
B. To ensure that data is not altered during acquisition
C. To analyze network traffic
D. To recover deleted files
1. In digital forensics, what does the term "chain of custody" refer to?
1 point
A. A secure method of storing evidence
B. The chronological documentation of evidence handling
C. The process of creating forensic images
D. The authentication of digital evidence
2. What is "file carving" in the context of digital forensics?
1 point
A. Extracting hidden files from a system
B. Recovering data from damaged or deleted files
C. Analyzing file metadata
D. Decrypting encrypted files
3. What is the purpose of a write blocker in digital forensics?

1 point
A. To prevent unauthorized access to data
B. To ensure that data is not altered during acquisition
C. To analyze network traffic
D. To recover deleted files
4. What type of information can be typically found in a network packet capture log?*
1 point
A. User login details
B. IP addresses and protocols
C. File system changes
D. System hardware information
5. In network forensics, what does the term "PCAP" stand for?

A. Packet Capture
B. Protocol Control
C. Port Configuration
D. Packet Communication
6. Which digital forensic tool is commonly used for analyzing and recovering deleted
files from storage media?
A. FTK Imager
B. Sleuth Kit
C. TestDisk
D. X-Ways Forensics
7. What does the acronym "NMAP" stand for in the context of network reconnaissance?
A. Network Management and Analysis Protocol
B. Network Mapper
C. Network Malware Analysis Platform
D. Network Monitoring and Attack Prevention
8. What is the primary purpose of a write blocker in digital forensics tools?
A. To prevent unauthorized access to data
B. To ensure that data is not altered during acquisition
C. To analyze network traffic
D. To recover deleted files
9. What is the primary purpose of analyzing DNS logs in network forensics?

A. Tracking file changes

B. Identifying network vulnerabilities
C. Resolving domain names to IP addresses
D. Analyzing user login activities
10. Which of the following is an example of a volatile artifact in digital forensics?*

A. Registry entries
B. Hard disk sectors
C. RAM contents
D. Archived files
1) What is the term for a type of attack where an attacker tries every possible password
combination until the correct one is found?*
A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Social engineering
2) In digital forensics, what is the primary purpose of a rainbow table?

A. Brute-force password cracking

B. Hash function analysis
C. Accelerating password recovery
D. Social engineering protection
3) What is the primary goal of a dictionary attack in application password hacking?

A. Extracting passwords from network traffic

B. Systematically trying all possible password combinations
C. Using precomputed tables of hashed passwords
D. Guessing passwords based on commonly used words
4) Which technique involves capturing and analyzing network traffic to obtain
passwords during the login process?
A. Keylogging
B. Sniffing
C. Brute-force attack
D. Salami attack
5) Which type of password attack involves using precomputed tables of hashed
passwords?

A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Hybrid attack
6) What is the purpose of a "salt" in password hashing?*
A. Adding flavor to passwords
B. Increasing the length of passwords
C. Preventing rainbow table attacks
D. Enhancing password complexity
7) What is a recommended practice to enhance password security in digital forensics
investigations?
1 point
A. Using easily guessable passwords
B. Sharing passwords with colleagues
C. Regularly changing passwords
D. Disabling account lockout policies
8) What is the primary goal of a dictionary attack in application password hacking?

A. Extracting passwords from network traffic

B. Systematically trying all possible password combinations
C. Using precomputed tables of hashed passwords
D. Guessing passwords based on commonly used words
9) Which technique involves capturing and analyzing network traffic to obtain
passwords during the login process?
A. Keylogging
B. Sniffing
C. Brute-force attack
D. Salami attack
10) What is the term for a type of attack where an attacker tries every possible
password combination until the correct one is found?*
1 point
A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Social engineering
1) Which of the following is an example of a hardware-based password attack?*
1 point
A. Keylogger
B. Credential stuffing
C. DMA attack
D. Phishing
2) What is a common defense mechanism against brute-force attacks on user
passwords?
A. Account lockout policy
B. Two-factor authentication
C. Weak password requirements
D. Disabling password expiration
3) What does the term "shoulder surfing" refer to in the context of password security?*

A. Eavesdropping on network traffic

B. Monitoring keystrokes with a keylogger
C. Observing someone entering their password
D. Intercepting password reset emails
4) Which type of password attack involves using precomputed tables of hashed
passwords?

A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Hybrid attack
5) What is the purpose of a "salt" in password hashing?
A. Adding flavor to passwords
B. Increasing the length of passwords
C. Preventing rainbow table attacks
D. Enhancing password complexity
6) What is a recommended practice to enhance password security in digital forensics
investigations?
A. Using easily guessable passwords
B. Sharing passwords with colleagues
C. Regularly changing passwords
D. Disabling account lockout policies
7) Which log type is crucial for identifying and investigating security incidents, such as
unauthorized access attempts or system breaches?
A. System logs
B. Security logs
C. Application logs
D. Database logs
8) What is the purpose of log rotation in a logging system?
A. To delete log files automatically
B. To compress log files for storage efficiency
C. To encrypt log files for security
D. To copy log files to a remote server
9) Which forensic analysis technique involves reconstructing events and actions by
analyzing logs in chronological order?

A. Timeline analysis
B. Network sniffing
C. Hashing
D. Steganography
10) What is the term for a log entry that indicates a successful or unsuccessful attempt
to access a system or resource?

A. Event marker
B. Timestamp
C. Audit trail
D. Log header

1) Which of the following is an example of a hardware-based password attack?

A. Keylogger
B. Credential stuffing
C. DMA attack
D. Phishing
2) What is a common defense mechanism against brute-force attacks on user
passwords?
A. Account lockout policy
B. Two-factor authentication
C. Weak password requirements
D. Disabling password expiration
3) What does the term "shoulder surfing" refer to in the context of password security?
A. Eavesdropping on network traffic
B. Monitoring keystrokes with a keylogger
C. Observing someone entering their password
D. Intercepting password reset emails
4) Which type of password attack involves using precomputed tables of hashed
passwords?

A. Dictionary attack
B. Brute-force attack
C. Rainbow table attack
D. Hybrid attack
5) What is the purpose of a "salt" in password hashing?
A. Adding flavor to passwords
B. Increasing the length of passwords
C. Preventing rainbow table attacks
D. Enhancing password complexity
6) What is a recommended practice to enhance password security in digital forensics
investigations?
A. Using easily guessable passwords
B. Sharing passwords with colleagues
C. Regularly changing passwords
D. Disabling account lockout policies
7) Which log type is crucial for identifying and investigating security incidents, such as
unauthorized access attempts or system breaches?
A. System logs
B. Security logs
C. Application logs
D. Database logs
8) What is the purpose of log rotation in a logging system?
A. To delete log files automatically
B. To compress log files for storage efficiency
C. To encrypt log files for security
D. To copy log files to a remote server
9) Which forensic analysis technique involves reconstructing events and actions by
analyzing logs in chronological order?

A. Timeline analysis
B. Network sniffing
C. Hashing
D. Steganography
10) What is the term for a log entry that indicates a successful or unsuccessful attempt to
access a system or resource?

A. Event marker
B. Timestamp
C. Audit trail
D. Log header
)What is the primary goal of mobile forensics?
A) Enhancing device performance
B) Recovering deleted files
C) Bypassing device security
D) Installing new applications
2) Which of the following is NOT a common mobile forensics tool?

1 point
A) Cellebrite
B) XRY
C) Adobe Photoshop
D) Oxygen Forensic Detective
3) What is the purpose of a SIM card in mobile forensics?

1 point
A) Storing contacts
B) Managing device power
C) Enabling Bluetooth connectivity
D) Analyzing network traffic
4) Which phase of mobile forensics involves securing the physical evidence?*
1 point
A) Collection
B) Examination
C) Analysis
D) Preservation
5) Which of the following is a crucial step in mobile forensics?*
A) Installing third-party apps on the suspect device
B) Disconnecting the device from the network
C) Creating a forensic image of the device
D) Resetting the device to factory settings
6) What is the purpose of the Chain of Custody in mobile forensics?

A) To track the suspect's location

B) To ensure the integrity and admissibility of evidence
C) To analyze the device's network traffic
D) To recover deleted files from the device
7) In email forensics, what does the term "metadata" refer to?

A) Email content
B) Sender's IP address
C) Email attachments
D) Subject line
8) Which of the following is an example of email spoofing?*
A) Sending an email with malicious attachments
B) Forging the sender's address to appear legitimate
C) Using strong encryption for email communication
D) Including a digital signature in the email
9) What is the primary purpose of analyzing email headers in forensic investigations?*
A) Identifying the email sender and recipient
B) Extracting information from the body of the email
C) Decrypting encrypted email content
D) Tracing the route of the email through the network
10) Which type of analysis involves examining the content and attachments of an email in
detail?
A) Header analysis
B) Network analysis
C) Content analysis
D) Metadata analysis
1) What does the term "phishing" refer to in the context of email forensics?
A) Analyzing email headers
B) Tracing IP addresses
C) Deceptive attempts to obtain sensitive information
D) Encrypting email communication
2) What is digital evidence?
A) Any evidence stored on a physical device
B) Evidence that can only be obtained from the internet
C) Information or data stored in a digital format that is relevant to a criminal investigation
D) Evidence obtained through traditional forensic methods
3) In digital forensics, what is the primary goal of the first responder?
A) To apprehend the suspect
B) To secure the crime scene
C) To analyze the evidence
D) To update security software
4) What does the acronym "RAM" stand for in the context of digital forensics?
A) Random Access Memory
B) Read-Only Memory
C) Remote Access Method
D) Recovered Access Metadata
5) During the first responder's initial actions at a digital crime scene, what is the importance
of documenting the system's state?
A) To create a backup of all data
B) To provide a baseline for future analysis
C) To immediately share findings with law enforcement
D) To restore the system to a previous state
6) What should a first responder do if encountering a running computer at a crime scene?

A) Shut down the computer immediately

B) Disconnect the power source
C) Document the state of the computer without altering it
D) Remove the hard drive for analysis
7) What does the term "Master File Table (MFT)" refer to in Windows forensics?
A) A database of user accounts
B) A log of system events
C) A record of file metadata in the NTFS file system
D) A registry key containing system settings
8) Which Windows artifact stores user account information, including hashed passwords?
A) Registry hive
B) Event log
C) SAM database
D) Prefetch folder
9) In Windows forensics, what does the acronym "RAM" stand for?
A) Read-Only Memory
B) Random Access Memory
C) Remote Access Method
D) Recovered Access Metadata
10) Which Windows utility allows forensic investigators to analyze running processes,
services, and network connections?
A) Task Manager
B) Event Viewer
C) Control Panel
D) Registry Editor