Unit5 Mcqs
Unit5 Mcqs
packet capture?
A. Application
B. Transport
C. Network
D. Data Link
ANSWER: C
What type of forensic evidence can be gathered from the Transport Layer?
A. MAC addresses
B. IP addresses
C. TCP/UDP session details
D. Physical device information
ANSWER: C
Which network device operates at Layer 3 and is crucial for forensic packet
tracing?
A. Switch
B. Router
C. Hub
D. Repeater
ANSWER: B
Which OSI layer is responsible for ensuring reliable data transmission, making it
useful in forensic analysis of dropped packets?
A. Physical
B. Data Link
C. Transport
D. Network
ANSWER: C
Which command is useful in forensic investigations to trace the path packets take
through a network?
A. nslookup
B. traceroute
C. netstat
D. ipconfig
ANSWER: B
Which forensic tool is commonly used to analyze network traffic and extract
packets?
A. Wireshark
B. Metasploit
C. Autopsy
D. FTK
ANSWER: A
What digital forensic evidence can be obtained from the Application Layer?
A. Packet fragmentation data
B. TCP sequence numbers
C. HTTP requests and responses
D. Routing tables
ANSWER: C
Which forensic technique is used to analyze network logs for suspicious activities?
A. Memory forensics
B. Log correlation
C. Disk imaging
D. File carving
ANSWER: B
Which OSI layer is responsible for logical addressing, which is critical for
tracking network activity in forensic investigations?
A. Transport
B. Network
C. Data Link
D. Application
ANSWER: B
What type of digital forensic evidence can be obtained from packet capture at the
Physical Layer?
A. Signal strength and timing
B. IP routing tables
C. Email headers
D. TCP connection status
ANSWER: A
Which OSI layer plays a key role in forensic investigation of intercepted VoIP
communications?
A. Transport
B. Network
C. Data Link
D. Application
ANSWER: D
Which type of log file is most useful in analyzing failed login attempts in a
forensic investigation?
A. HTTP access logs
B. DNS query logs
C. System authentication logs
D. ARP cache logs
ANSWER: C
Which forensic tool is used to analyze TCP/IP connections and find malicious
network activity?
A. Nmap
B. FTK Imager
C. Volatility
D. Autopsy
ANSWER: A
Which OSI layer is crucial when analyzing VPN traffic in a forensic investigation?
A. Data Link
B. Network
C. Transport
D. Application
ANSWER: C
Which protocol is most commonly analyzed in forensic investigations of web traffic?
A. FTP
B. HTTP
C. SMTP
D. SNMP
ANSWER: B
What digital forensic evidence can be obtained from a DNS query log?
A. Websites visited
B. MAC address of the user
C. Physical location of the device
D. Email sender details
ANSWER: A
Which protocol is commonly used to send emails and is relevant in forensic email
investigations?
A. HTTP
B. FTP
C. SMTP
D. IMAP
ANSWER: C
Which of the following is a common method attackers use to hide their real IP
address?
A. VPN
B. Ping flood
C. ARP spoofing
D. DNS poisoning
ANSWER: A
What forensic challenge is associated with tracing Tor network activity?
A. Lack of encryption
B. Frequent IP address changes
C. Open network traffic
D. Lack of HTTP logs
ANSWER: B
Which forensic tool is used to map the route that packets take to a destination?
A. nslookup
B. traceroute
C. whois
D. netstat
ANSWER: B
Which type of log can help trace phishing attempts in an email investigation?
A. Web server logs
B. Email server logs
C. Printer logs
D. Bluetooth logs
ANSWER: B
What is the primary forensic concern when investigating cloud-based email services?
A. Local storage limitations
B. Lack of encryption
C. Data stored on third-party servers
D. Absence of browser history
ANSWER: C
Which tool is commonly used for network packet capture in forensic analysis?
A. EnCase
B. Wireshark
C. FTK
D. Autopsy
ANSWER: B
Which command is useful for identifying open ports during network acquisition?
A. ping
B. nslookup
C. netstat
D. tracert
ANSWER: C
Which network acquisition technique involves examining router logs for forensic
evidence?
A. Memory forensics
B. Live network capture
C. Log file analysis
D. File carving
ANSWER: C
Which type of data collection requires pulling logs from network devices like
firewalls and routers?
A. Local acquisition
B. Network acquisition
C. Memory acquisition
D. Mobile device acquisition
ANSWER: B
Which forensic process involves extracting deleted files from storage media?
A. Network sniffing
B. File carving
C. Packet analysis
D. Log correlation
ANSWER: B
Which command provides details about the current user’s network connections?
A. ifconfig
B. netstat
C. tracert
D. nslookup
ANSWER: B
Which type of forensic acquisition focuses on collecting data from cloud services?
A. Network acquisition
B. Local acquisition
C. Cloud acquisition
D. Static acquisition
ANSWER: C
Which digital forensic tool is used to collect logs from a Windows machine?
A. Event Viewer
B. Wireshark
C. Nmap
D. Netcat
ANSWER: A
What is the main challenge when collecting evidence from a live network?
A. Data volatility
B. Hard drive corruption
C. Lack of encryption
D. Printer connectivity
ANSWER: A
Which type of forensic acquisition is performed when copying an entire hard drive?
A. Live acquisition
B. Static acquisition
C. Cloud acquisition
D. Network acquisition
ANSWER: B
What is the primary objective of the examination phase in network forensics?
A. Identifying and preserving evidence
B. Analyzing collected data for anomalies
C. Destroying unnecessary data
D. Encrypting forensic images
ANSWER: B
Which log file is most useful for examining unauthorized access attempts in network
forensics?
A. Firewall logs
B. Printer logs
C. USB access logs
D. BIOS logs
ANSWER: A
Which forensic tool is used for deep packet inspection in network analysis?
A. Snort
B. Metasploit
C. VeraCrypt
D. Recuva
ANSWER: A
Which of the following is a key forensic challenge when examining encrypted network
traffic?
A. Lack of encryption keys
B. Unreliable hashing algorithms
C. Incomplete network logs
D. Excessive log storage
ANSWER: A
Which tool is commonly used for examining firewall logs in forensic investigations?
A. Splunk
B. VeraCrypt
C. Nmap
D. GIMP
ANSWER: A