Digital Forensics MCQs

Digital Forensics MCQs

Our team has conducted extensive research to compile a set of Digital Forensics MCQs. We encourage you to test your Digital Forensics knowledge by answering these multiple-choice questions provided below.
Simply scroll down to begin!

1: The files that provide helpful information to an e-mail investigation are log files and ____ files.


B.   Phishing e-mails

C.   Configuration

D.   Show original

2: ____ increases the time and resources needed to extract, analyze, and present evidence.

A.   Investigation plan

B.   Scope creep

C.   Litigation path

3: ____ is a good tool for extracting information from large libpcap files.

A.   Tcpslice

B.   Memfetch

C.   John

D.   Oinkmaster

4: A ____ is where you conduct your investigations, store evidence, and do most of your work.

A.   Storage room

B.   Forensic workstation

C.   Workbench

D.   Digital forensics lab

5: Exchange logs information about changes to its data in a(n) ____ log.

A.   Configuration

B.   @

C.   Digital Transaction

D.   Temporary

6: Fre ____ describes whether the expert is qualified and whether the expert opinion can be helpful.

A.   700

B.   701

C.   702

D.   703

7: Most packet analyzer tools can read anything captured in ____ format.

A.   Pcap



D.   SYN

8: Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.


B.   POP3

C.   Mbox


9: When cases go to trial, you as a forensics examiner can play one of ____ roles.

A.   2

B.   3

C.   4

D.   5

10: You provide ____ testimony when you answer questions from the attorney who hired you.

A.   Direct

B.   Cross

C.   Examination

D.   Rebuttal

11: One way to hide partitions is with the windows disk partition utility, ____.

A.   Tasklist

B.   Fdisk

C.   Diskpart

D.   Bootrec