Computer forensics MCQs
Computer forensics MCQs
Try to answer these 80 Computer forensics MCQs and check your understanding of the Computer forensics subject. Scroll down and let's begin!
1: _______ describes the characteristics of a safe storage container.
A. ISO2960
B. NISPOM
C. SSO 990
D. STORSEC
2: _______ would not be found in an initial-response field kit.
A. Computer evidence bags (antistatic bags)
B. Leather gloves and disposable latex gloves
C. A digital camera with extra batteries or 35mm camera with film and flash
D. External USB devices or a portable hard drive
3: Confidential business data included with the criminal evidence are referred to as ____ data.
A. Business
B. Commingled
C. Sniffing
D. Government
4: Getting a hash value with a ____ is much faster and easier than with a(n) ____.
A. Bookmarks
B. Hiding
C. Scope creep
D. Hexadecimal editor, computer forensics tool
5: Hard drives that run __________ address blocks, or integer multiples of blocks, at a time.
A. Linux
B. Windows
C. Vista
D. Mac
6: Passwords are typically stored as one-way _____________ rather than in plaintext.
A. Variables
B. hex values
C. Hashes
D. Slack spaces
7: Attorneys search ____ for information on expert witnesses.
A. Cross-examination banks
B. Examination banks
C. Deposition banks
D. Disqualification banks
8: Using steganography to hide a message inside a larger message is known as __________.
A. Data transformation
B. Data contraception
C. Data hiding
D. Data fabrication
9: The linux command _____ can be used to write bit-stream data to files.
A. Write
B. DD
C. Cat
D. Dump
10: The ____ is where directories and files are stored on a disk drive.
A. /etc/group
B. /etc/exports
C. Data block
D. None of these
11: ____ is a session data probe, collector, and analysis tool.
A. Etherape
B. Argus
C. Tcpslice
D. Tethereal
12: Compared to todays computers, computers from the 1970s were ________
A. .Bigger and more powerful
B. Smaller and more powerful
C. Bigger and less powerful
D. Smaller and less powerful
13: Most users rely on ____ for finding, viewing, and managing information on their computers.
A. Search boxes
B. The address bar
C. The resolution finder
D. Folder windows
14: The physical data copy subfunction exists under the ______________ function.
A. Reporting
B. Validation / verification
C. Extraction
D. Acquisition
15: The simplest way to access a file header is to use a(n) ____ editor
A. Hexadecimal
B. Image
C. Disk
D. Text
16: ____ is a core win32 subsystem dll file.
A. Hal.dll
B. User32.sys
C. Pagefile.sys
D. Ntoskrnl.exe
17: Courts consider evidence data in a computer as ____ evidence.
A. Emotional
B. Biological
C. Hearsay
D. Physical
18: ____ is a written list of objections to certain testimony or exhibits.
A. Defendant
B. Empanelling the jury
C. Plaintiff
D. Motion in limine
19: _______ does not recover data in free or slack space.
A. Sparse acquisition
B. Fourth Amendment
C. U.S. DOJ
20: _______ is the utility used by the prodiscover program for remote access.
A. SubSe7en
B. 10pht
C. PDServer
D. VNCServer
21: A(n) ____ is a person using a computer to perform routine tasks other than systems administration.
A. Warning banner
B. Consumer
C. User banner
D. End user
22: Addresses that allow the mft to link to nonresident files are known as _______________.
A. Zone Bit Recorder (ZBR)
B. Boot.ini
C. The outer most track
D. Logical cluster numbers
23: Computer forensics examiners have two roles: fact witness and ____ witness.
A. Professional
B. Direct
C. Discovery
D. Expert
24: There are two types of depositions: ____ and testimony preservation.
A. Examination
B. Discovery
C. Direct
D. Rebuttal
25: _______ is a common cause for lost or corrupted evidence.
A. Keyed hash set
B. Computer-stored records
C. Professional curiosity
D. Probable cause
26: Generally, digital records are considered admissible if they qualify as a ____ record.
A. Probable cause
B. Sparse acquisition
C. Business
D. Much easier than
27: One technique for extracting evidence from large systems is called ____.
A. Raw format
B. Sparse acquisition
C. Proprietary format
D. Raid imaging
28: Forensics tools such as ____ can retrieve deleted files for use as evidence.
A. ProDiscover Basic
B. FDisk
C. ProDelete
D. GainFile
29: Fre ____ describes whether basis for the testimony is adequate.
A. 700
B. 701
C. 702
D. 703
30: Current distributions of linux include two hashing algorithm utilities: md5sum and ____.
A. Hashsum
B. Sha1sum
C. Shasum
D. Rcsum
31: _______ can be used with the dcfldd command to compare an image file to the original medium.
A. Compare
B. Cmp
C. Vf
D. Imgcheck
32: _______ describes an accusation of fact that a crime has been committed.
A. Attrition
B. Attribution
C. Allegation
D. Assignment
33: _______ is not one of the functions of the investigations triad.
A. Digital investigations
B. Data recovery
C. Vulnerability/threat assessment and risk management
D. Network intrusion detection and incident response
34: _______ is not recommended for a digital forensics workstation.
A. A text editor tool
B. A write-blocker device
C. An SCSI card
D. Remote access software
35: ____, or mirrored striping with parity, is a combination of raid 1 and raid 5.
A. RAID 0
B. RAID 15
C. RAID 10
D. RAID 16
36: A(n) _______________ acts as an evidence locker or safe to preserve the integrity of evidence.
A. Secure Facility.
B. Silver-Platter
C. Digital Forensics
D. Hash Value
37: An evidence custody form does not usually contain _______.
A. A witness list
B. the nature of the case
C. a description of evidence
D. Vendor names for computer components
38: Autopsy uses ____ to validate an image.
A. AFD
B. AFF
C. MD5
D. RC4
39: Blu-ray discs are the successor to the dvd and store up to __________ per layer.
A. 25 GB
B. 50 GB
C. 75 GB
D. 100 GB
40: Criminal law deals with harm to __________, whereas civil law involves harm to __________.
A. Individuals; groups
B. Civil law.
C. Society; individuals
D. Society; government
41: Ext4f can support disk partitions as large as ____ tb.
A. 10
B. 16
C. 4
D. 8
42: For exif jpeg files, the hexadecimal value starting at offset 2 is _____________.
A. FFE0
B. FFE1
C. FFD8
D. FFD9
43: How you format _____________ is less important than being consistent in applying formatting.
A. Words
B. Text
C. Paragraphs
D. Sections
44: If a microphone is present during your testimony, place it ____ to eight inches from you.
A. 3
B. 4
C. 5
D. 6
45: If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.
A. Two
B. Five
C. One
D. Three
46: In a prefetch file, the application's last access date and time are at offset ____.
A. 0x88
B. 0x90
C. 0x85
D. 0x80
47: One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.
A. Nigerian Scam
B. Lake Venture Scam
C. Conficker virus
D. Iloveyou Scam.
48: Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings.
A. Federal Rules of Evidence
B. federal consistency standards
C. Federal proceedings law
D. data recovery
49: The ____ is the most important part of testimony at a trial.
A. Cross-examination
B. Direct examination
C. Rebuttal
D. Motions in limine
50: The _______ command was developed by nicholas harbour of the defense computer forensics laboratory.
A. Bitcopy
B. Dcfldd
C. Raw
D. Echo
List of Computer forensics MCQ...
Available in:
Computer forensics MCQs
