During the seizure of digital evidence, the suspect can be allowed touch the computer system.
A. True
B. False
Which of the following password cracking techniques works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
A. Brute forcing attack
B. Hybrid attack
C. Syllable attack
D. Rule-based attack
Data files from original evidence should be used for forensics analysis
A. True
B. False
Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.
A. True
B. False
What is a chain of custody?
A. A legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory
B. It is a search warrant that is required for seizing evidence at a crime scene
C. It Is a document that lists chain of windows process events
D. Chain of custody refers to obtaining preemptive court order to restrict further damage of evidence in electronic seizures
Computer security logs contain information about the events occurring within an organization's systems and networks. Which of the following security logs contains Logs of network and host-based security software?
A. Operating System (OS) logs
B. Application logs
C. Security software logs
D. Audit logs
Smith, as a part his forensic investigation assignment, has seized a mobile device. He was asked to recover the Subscriber Identity Module (SIM card) data the mobile device. Smith found that the SIM was protected by a Personal identification Number (PIN) code but he was also aware that people generally leave the PIN numbers to the defaults or use easily guessable numbers such as 1234. He unsuccessfully tried three PIN numbers that blocked the SIM card. What Jason can do in this scenario to reset the PIN and access SIM data?
A. He should contact the device manufacturer for a Temporary Unlock Code (TUK) to gain access to the SIM
B. He cannot access the SIM data in this scenario as the network operators or device manufacturers have no idea about a device PIN
C. He should again attempt PIN guesses after a time of 24 hours
D. He should ask the network operator for Personal Unlock Number (PUK) to gain access to the SIM
Dumpster Diving refers to:
A. Searching for sensitive information in the user's trash bins and printer trash bins, and searching the user's desk for sticky notes
B. Looking at either the user's keyboard or screen while he/she is logging in
C. Convincing people to reveal the confidential information
D. Creating a set of dictionary words and names, and trying all the possible combinations to crack the password
Which one of the following statements is not correct while preparing for testimony?
A. Go through the documentation thoroughly
B. Do not determine the basic facts of the case before beginning and examining the evidence
C. Establish early communication with the attorney
D. Substantiate the findings with documentation and by collaborating with other computer forensics
professionals
Netstat is a tool for collecting Information regarding network connections. It provides a simple view of TCP and UDP connections, and their state and network traffic statistics.
Which of the following commands shows you the TCP and UDP network connections, listening ports, and the identifiers?
A. netstat -ano
B. netstat -b
C. netstat -r
D. netstat -s
