Digital Forensics and Chain of Custody Quiz

Questions and Answers

What are the key components of digital forensics?

Archiving, deleting, encrypting, and transmitting digital information

Reconstructing, manipulating, printing, and documenting digital files

Interpreting, coding, storing, and organizing digital data

Identifying, preserving, analyzing, and presenting digital evidence (correct)

Why must senior management be concerned about data breaches?

To increase profits for the company

To ensure compliance with data protection regulations (correct)

To avoid paying taxes

To show off their IT security knowledge

Which of the following is an example of regulation requiring data retention for a specific period?

Personal Credential Information Data Safety Standard (PCIDSS)

Rapid Incident Containment Act (RICA) (correct)

Digital Evidence Transparency Act (DETA)

Sensitive Personal Information Transaction Law (SPITL)

What distinguishes law enforcement forensic rules from corporate forensic rules?

Law enforcement rules are more restrictive than corporate rules

In digital forensics, what is the purpose of chain of custody?

To ensure the integrity and admissibility of evidence

Why is it important for organizations to have transparency measures in place?

To prove that reasonable measures were taken to protect against hackers

What is one common type of file to look for during a forensic investigation?

Files with strange names

Which type of logs are considered one of the most valuable sources of information in forensic investigations?

Device log files

What is the first point analyzed in an email header during a forensic investigation?

IP address of the e-mail sender

Which protocols are required for sending and receiving mail?

SMTP, TCP, IP, POP, IMAP

How is email message transmission facilitated according to the text?

Define protocol (SMTP) and TCP/IP packets

Where is the password file stored on a computer running Windows XP, Vista, or Windows Server 2003/2008?

Security Accounts Manager (SAM)

What is a key aspect to being a successful expert witness?

Being well-prepared

During direct examination, who asks the witness questions?

The counsel/attorneys of the witness

What is a key component to effective communication as an expert witness?

Maximizing understanding

What should an expert witness be prepared to justify?

Their actions taken

What is a recommended approach for an expert witness to keep their testimony concise?

Keep the audience in mind and tell a story

In what phase does the opposing counsel ask questions to weaken the provided testimony?

'Cross examination' phase

What is the main objective of capturing data image in computer forensics?

To explore the imaging process

Who is authorized to intercept communication under interception direction as per the text?

Party to the communication

What is prohibited when it comes to providing communication-related information?

Storing communication-related information by telecommunication services

Under what circumstances can communication be intercepted for purposes of determining location in case of emergency?

In case of emergency

What is a key step in the imaging process mentioned in the text?

Preparing media and tools

What must be done when capturing non-volatile data in computer forensics?

Create a duplicate hard disk

What is the recommended method to save volatile data according to the text?

Saving it to a remote forensic system

Which tool should be used to show running processes/services according to the text?

PsService

What should be recorded when creating a bit stream image of a disk according to the text?

The date, time, examiner, and tools used

Which action can destroy evidence when creating a duplicate hard disk?

Powering on the PC before removing storage media

What type of copy is recommended for creating a duplicate hard disk according to the text?

Disk-to-image file copy

Which device is mentioned in the text as requiring specific tools for data extraction?

Cell phone