Professional Documents
Culture Documents
DF&CCI-Set-3
DF&CCI-Set-3
DEPARTMENT OF CSE
UNIVERSITY EXAMINATION
5. In_____________ phase investigator transfers the relevant data from a venue out of physical or
administrative control of the investigator to a controlled location
A. Preservation phase
B. Survey phase
C. Documentation phase
D. Reconstruction phase
E. Presentation phase
6. To collect and analyze the digital evidence that was obtained from the physical investigation phase,
is the goal of which phase?
A. Physical crime investigation
B. Digital crime investigation
C. Review phase
D. Deployment phase
7. Which digital forensic software is commonly used for mobile device forensics?
A. EnCase
B. Autopsy
C. Wireshark
D. Cellebrite
8. Which digital forensic software is commonly used for network forensics?
A. Autopsy
B. EnCase
C. Wireshark
D. Cellebrite
9. In network storage forensics, what does the term "packet sniffing" refer to?
A. The process of recovering deleted files from network storage devices.
B. The analysis of log files to identify network security incidents.
C. The capture and analysis of network traffic to intercept and inspect data packets.
D. The examination of file metadata to determine access permissions.
10. In web investigations, what does the term "IP address geolocation" refer to?
A. The process of identifying the web browser used to access a website.
B. The analysis of website content and structure for potential security vulnerabilities.
C. The identification of the physical location associated with an IP address.
D. The examination of web server logs to track user activities on a website.
PART-B (5x6 = 30) - ANSWER ANY 5 QUESTIONS
11. What are the different types of computer forensics and how do they contribute to digital
investigations?
12. What are the key needs and objectives of computer forensics? Discuss how computer forensics
plays a crucial role in modern-day investigations.
or
or
22. Explain Network Topology and its types in detail with diagrams.
or
or
27. What are the Steps in the file system forensics process.
or
1 B 1
2 B 1
3 D 1
4 D 1
5 B 1
6 B 1
7 D 1
8 C 1
9 C 1
10 C 1
TYPES
Disk Forensics:
Network Forensics:
Database Forensics:
Malware Forensics:
Email Forensics:
Memory Forensics:
2. Evidence Preservation:
4. Evidence Analysis:
6. Identification of Perpetrators:
1. Scope:
2. Function:
3. Importance:
4. Complexity:
Preservation
Analysis
Documentation
Presentation
Identification:
Preservation:
Analysis:
Documentation:
Presentation:
Public,
Private,
Static
Dynamic
Tyes OF topology
Bus
Ring
Star
Mesh
23 1. SIFT Workstation 12
2. Autopsy
3. FTK Imager
4. DEFT
5. Volatility
6. LastActivityView
7. HxD
8. CAINE
9. Redline
10. PlainSight
3. Analysis
4. Documentation
5. Presentation
27 Acquisition 12
Validation and discrimination
Extraction
Reconstruction
Reporting
1. Malware
2. Phishing
3. SMiShing
4. Man-in-the-middle
5. DDoS
6. SQL injection
7. Zero-day exploit
9. Drive-by