Assignment No.

Class: TY-CO Course: ETI Course Code: 22618

Topic Name: 4.Digital Evidence Topic Weightage: 10 M

1. The digital evidence are used to establish a credible link between

a. Attacker and victim and the crime scene
b. Attacker and crime scene
c. victim and the crime scene
d. Attacker and Information

2. The evidences of proof that can be obtained from the electronic source is called the
a. Digital Evidence
b. Demonstrative Evidence
c. Explainable Evidence
d. Substantial Evidence

3. What are the three general categories of computer systems that can contain digital evidence?
a.Desktop, laptop, server
b. Personal computer, Internet, mobile telephone
c.Hardware, software, networks
d.Open computer systems, communication systems, embedded systems

4. In terms of digital evidence, the Internet is an example of:

a. Open computer systems
b. Communication systems
c. Embedded computer systems
d. None of the above

5. The criminological principle which states that, when anyone, or anything, enters a crime
scene he/she takes something of the scene with him/her, and leaves something of
himself/herself behind, is:
a.Locard’s Exchange Principle
b.Differential Association Theory
c. Beccaria‟s Social Contract
d. None of the above

6. Personal computers and networks are often a valuable source of evidence. Those involved
with------should be comfortable with this technology
a.Criminal investigation
b. Prosecution
c. Defense work
d. All of the above
7. Computer professionals who take inappropriate actions when they encounter child
pornography on their employer’s systems can lose their jobs or break the law.
a.True
b. False

8. Preservation of digital evidence can involve which of the following?

a. Collecting computer hardware
b. Making a forensic image of storage media
c. Copying the files that are needed from storage media
d. All of the above

9. Evidence can be related to its source in which of the following ways?

a. Top, middle, bottom
b. IP address, MD5 value, filename, date-time stamps
c. Production, segment, alteration, location
d. Parent, uncle, orphan

10. Unlike law enforcement, system administrators are permitted to on their

network when it is necessary to protect the network and the data it contains.
a.Open unread e-mails.
b. Monitor network traffic.
c. Modify system logs.
d. Divulge user personal information.

11. Although it was not designed with evidence collection in mind, can still be
useful for examining network traffic.
a.EnCase
b. FTK
c. Wireshark
d. CHKDSK

12. The process of documenting the seizure of digital evidence and, in particular, when that evidence
changes hands, is known as:
a. Chain of custody
b. Field notes
c. Interim report
d. None of the above

13. Evidence contained in a document provided to prove that statements made in court are true is
referred to as:
a. Inadmissible evidence
b. Illegally obtained evidence
c. Hearsay evidence
d. Direct evidence
14. Business records are considered to be an exception to:
a. Direct evidence
b. Inadmissible evidence
c. Illegally obtained evidence
d. Hearsay evidence

15. The term “computer contaminant” refers to:

a.Excessive dust found inside the computer case
b.Viruses, worms, and other malware
c.Spam e-mails
d.Nigerian scam e-mails

16. Hacking is an example of:

a.Computer-assisted crime
b. Computer-related crime
c. Computer-integrity crime
d. Computer malfeasance crime

17. The goal of an investigation is to:

a.Convict the suspect
b.Discover the truth
c.Find incriminating evidence
d.All of the above

18. Forensic examination involves which of the following:

a.Assessment, experimentation, fusion, correlation, and validation
b.Seizure and preservation
c.Recovery, harvesting, filtering, organization, and search
d.All of the above

19. Which of the following should the digital investigator consider when arranging for the
transportation
of evidence?
a.Should the evidence be physically in the possession of the investigator at all times?
b.Will the evidence copies be shared with other experts at other locations?
c.Will there be environmental factors associated with the digital media?
d.All of the above

20. When a network is involved in a crime, investigators must seize and preserve all systems on the
network.
a.True
b. False

21 Forensic examination and forensic analysis are separate processes.

a.True
b. False
22. The crime scene preservation process includes all but which of the following:
a.Protecting against unauthorized alterations
b.Acquiring digital evidence
c.Confirming system date and time
d.Controlling access to the crime scene

23. When presenting evidence on an organizational network, the digital investigator may require the
assistance of:
a.System administrators
b.The CEO of the organization
c.The CSO (Chief Security Officer)
d.Additional forensic investigators

24. Which of the following is not a type of volatile evidence?

a. Routing Table
b. Main Memory
c. Log files
d. Cached Data

25. Computers can be involved in which of the following types of crime?

a. Homicide and sexual assault
b. Computer intrusions and intellectual property theft
c.Civil disputes
d. All of the above

26. Video surveillance can be a form of digital evidence.

a.True
b. False

27. Automobiles have computers that record data such as vehicle speed, brake status, and throttle
position when an accident occurs.
a.True
b. False

28. Examination of digital evidence includes (but is not limited to) which of the following activities?
a.Seizure, preservation, and documentation
b. Recovery, harvesting, and reduction
c. Experimentation, fusion, and correlation
d. Arrest, interviewing, and trial
29. Analysis of digital evidence includes which of the following activities?
a.Seizure, preservation, and documentation
b.Experimentation, fusion, and correlation
c. Recovery, harvesting, and reduction
d. Arrest, interviewing, and trial

30. When a website is under investigation, before obtaining authorization to seize the systems it is
necessary to:
a.Determine where the web servers are located
b.Inform personnel at the web server location that you‟ll be coming to seize the systems
c.Conduct a reconnaissance probe of the target website
d.None of the above

31. Direct evidence establishes a:

a. Fact
b. Assumption
c. Error
d. Line of inquiry

32. Chain of custody is the process of documenting who has handled evidence, where and when, as it
travels from the crime scene to the courts.
a. True
b. False

33. In those states with legislation addressing computer forgery, contraband in the form of “forgery
devices” may include:
a.Computers
b. Computer equipment
c. Specialized computer software
d. All of the above

34. Forgery is an example of:

a.Computer assisted crime
b. Computer-related crime
c. Computer-integrity crime
d. Computer malfeasance crime

35. The goal of an investigation is to:

a.Convict the suspect
b.Discover the truth
c.Find incriminating evidence
d.All of the above
36. The first step in applying the scientific method to a digital investigation is to:
a.Form a theory on what may have occurred
b.Experiment or test the available evidence to confirm or refute your prediction
c.Make one or more observations based on events that occurred
d.Form a conclusion based on the results of your findings

37. Which of the following should the digital investigator consider when arranging for the
transportation of evidence?
a.Should the evidence be physically in the possession of the investigator at all times?
b.Will the evidence copies be shared with other experts at other locations?
c.Will there be environmental factors associated with the digital media?
d.All of the above

38. The challenge to controlling access to a digital crime scene is that:

a.Information may be stored on Internet servers in different locations.
b.The computer may be shared.
c.The computer case may be locked.
d.None of the above.

39. The investigation and study of victim characteristics is known as:

a.Criminal profiling
b.Behavioral imprints
c.Victimology
d.Crime scene analysis

40. When processing the digital crime scene in a violent crime investigation it is important to
have to ensure that all digital evidence and findings can hold up under close scrutiny.
a.A good supply of electrostatic bags for holding sensitive electronic components
b.More than one reliable camera for photographing the crime scene
c.Standard operating procedures for processing a digital crime scene
d.A good supply of nitrile gloves
 Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful
engineers and technocrats with the higher degree of integrity who are responsible and capable to meet the challenges of
advance technology of present and future scenario for the welfare of mankind and nature..M3-Promote an educational
environment that integrates an excellent academic discipline and research culture to stimulate the overall technical and social
growth of young engineering graduates..M4-Enhance carrier opportunities for students through Industry-Institute-Interaction
and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable them
job creators.

13. What is the most significant legal issue in computer forensics?

A. Preserving Evidence
B. Seizing Evidence
C. Admissibility of Evidence
D. Discovery of Evidence

14._____ phase includes putting the pieces of a digital puzzle together and developing
investigative hypotheses
A. Preservation phase
B. Survey phase
C. Documentation phase
D. Reconstruction phase
E. Presentation phase

15. In_____ phase investigator transfers the relevant data from a venue out of physical
or administrative control of
the investigator to a controlled location
 A. Preservation phase
B. Survey phase
C. Documentation phase
D. Reconstruction phase
E. Presentation phase

17. Computer forensics do not involve activity.

A. Preservation of computer data.
B. Extraction of computer data.
C. Manipulation of computer data.
D. Interpretation of computer data.

18. A set of instruction compiled into a program that perform a particular task is
known as: A. Hardware.
B.CPU
C. Motherboard
D. Software

19. Which of following is not a rule of digital forensics?

A. An examination should be performed on the original data
B. A copy is made onto forensically sterile media. New media should always be used if
available. C. The copy of the evidence must be an exact, bit-by-bit copy
D. The examination must be conducted in such a way as to prevent any modification of the

evidence. Vision: To be the recognized and the best rural based engineering college among the institutes in Maharashtra

for excellence in technical education

which contributes to the needs of society and to inculcate value-based education.

Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful engineers and technocrats
with the higher degree of integrity who are responsible and capable to meet the challenges of advance technology of present and future scenario for
the welfare of mankind and nature..M3-Promote an educational environment that integrates an excellent academic discipline and research culture to
stimulate the overall technical and social growth of young engineering graduates..M4-Enhance carrier opportunities for students through
Industry-Institute-Interaction and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable
them job creators.

20.
To collect and analyze the digital evidence that was obtained from the physical investigation phase, is
the goal of
which phase?
A. Physical crime investigation
B. Digital crime investigation.
C. Review phase.
D. Deployment phase.

21. To provide a mechanism to an incident to be detected and confirmed is purpose of which phase?
A. Physical crime investigation
B. Digital crime investigation.
C. Review phase.
D. Deployment phase.

22. Which phase entails a review of the whole investigation and identifies an area of improvement?
A. Physical crime investigation
B. Digital crime investigation.
C. Review phase.
D. Deployment phase

23.______ is known as father of computer forensic.

A. G. Palmar
B. J. Korn
C. Michael Anderson
D. S.Ciardhuain.

24. _is well established science where various contribution have been made
A. Forensic
B. Crime
C. Cyber Crime
D. Evidence

25. Who proposed End to End Digital Investigation Process (EEDIP)?

A. G. Palmar
B. Stephenson
C. Michael Anderson
D. S.Ciardhuain

26. Which model of Investigation proposed by Carrier and Safford?

A. Extended Model of Cybercrime Investigation (EMCI)
B. Integrated Digital Investigation Process(IDIP)
C. Road Map for Digital Forensic Research (RMDFR)
Vision: To be the recognized and the best rural based engineering college among the institutes in Maharashtra for excellence in technical education
which contributes to the needs of society and to inculcate value-based education.
Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful engineers and technocrats
with the higher degree of integrity who are responsible and capable to meet the challenges of advance technology of present and future scenario for
the welfare of mankind and nature..M3-Promote an educational environment that integrates an excellent academic discipline and research culture to
stimulate the overall technical and social growth of young engineering graduates..M4-Enhance carrier opportunities for students through
Industry-Institute-Interaction and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable
them job creators.

D. Abstract Digital Forensic Model (ADFM)

27. Which of the following is not a property of computer evidence?
A. Authentic and Accurate.
B. Complete and Convincing.
C. Duplicated and Preserved.
D. Conform and Human Readable.

28. can makes or breaks investigation.

A. Crime
B. Security
C: Digital Forensic
D: Evidence

29. is software that blocks unauthorized users from connecting to your computer.
A. Firewall
B. Quick launch
C. OneLogin
D. Centrify

30. Which of the following are general Ethical norms for Investigator?
A. To contribute to society and human beings. B. To avoid harm to others.
C. To be honest and trustworthy. D. All of the above
E. None of the above

31. Which of the following are Unethical norms for Investigator?

A. Uphold any relevant evidence.
B. Declare any confidential matters or knowledge.
C. Distort or falsify education, training, credentials.
D. All of the above
E. None of the above

32. Which of the following is not a general ethical norm for Investigator?
A. To contribute to society and human beings. B. Uphold any relevant Evidence.
C. To be honest and trustworthy. D. To honor confidentially.

33. Which of the following is a not unethical norm for Digital Forensics Investigation?
A. Uphold any relevant evidence.
B. Declare any confidential matters or knowledge.
C. Distort or falsify education, training, credentials.
D. To respect the privacy of others.
34. What is called as the process of creation a duplicate of digital media for purpose of examining it?
A. Acquisition.
Vision: To be the recognized and the best rural based engineering college among the institutes in Maharashtra for excellence in technical education
which contributes to the needs of society and to inculcate value-based education.
Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful engineers and technocrats
with the higher degree of integrity who are responsible and capable to meet the challenges of advance technology of present and future scenario for
the welfare of mankind and nature..M3-Promote an educational environment that integrates an excellent academic discipline and research culture to
stimulate the overall technical and social growth of young engineering graduates..M4-Enhance carrier opportunities for students through
Industry-Institute-Interaction and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable
them job creators.
B. Steganography.
C. Live analysis
D. Hashing.

35. Which term refers to modifying a computer in a way which was not originally intended to view
Information?
A. Metadata
B. Live analysis
C. Hacking
D. Bit Copy

36. The ability to recover and read deleted or damaged files from a criminal’s computer is an example of
a law enforcement specialty called?
A. Robotics
B. Simulation
C. Computer Forensics
D. Animation

37. What are the important parts of the mobile device which used in Digital forensic?
A. SIM
B. RAM
C. ROM.
D.EMMC chip

38. Using what, data hiding in encrypted images be carried out in digital forensics?
A. Acquisition.
B. Steganography.
C. Live analysis
D. Hashing.

39. Which of this is not a computer crime?

A. e-mail harassment
B. Falsification of data.
C. Sabotage.
D. Identification of data

40. Which file is used to store the user entered password?

A. .exe
B. .txt
C. .iso
D. .sam

Vision: To be the recognized and the best rural based engineering college among the institutes in Maharashtra for excellence in technical education
which contributes to the needs of society and to inculcate value-based education.
Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful engineers and technocrats
with the higher degree of integrity who are responsible and capable to meet the challenges of advance technology of present and future scenario for
the welfare of mankind and nature..M3-Promote an educational environment that integrates an excellent academic discipline and research culture to
stimulate the overall technical and social growth of young engineering graduates..M4-Enhance carrier opportunities for students through
Industry-Institute-Interaction and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable
them job creators.

41. is the process of recording as much data as possible to create reports and analysis on user input.
A. Data mining
B. Data carving
C. Metadata
D. Data Spoofing.

42. searches through raw data on a hard drive without using a file system.
A. Data mining
B. Data carving
C. Metadata
D. Data Spoofing.

43. What is the first step to Handle Retrieving Data from an Encrypted Hard Drive?
A. Formatting disk
B. Storing data
C. Finding configuration files.
D. Deleting Files
Vision: To be the recognized and the best rural based engineering college among the institutes in Maharashtra for excellence in technical education
which contributes to the needs of society and to inculcate value-based education.
Mission:
M1- To create opportunity for rural students with capable clever engineers and technocrats through continual excellence in engineering
education.M2-To create self-disciplined, skilled, physically and mentally fit and robust, ethically and morally powerful engineers and technocrats
with the higher degree of integrity who are responsible and capable to meet the challenges of advance technology of present and future scenario for
the welfare of mankind and nature..M3-Promote an educational environment that integrates an excellent academic discipline and research culture to
stimulate the overall technical and social growth of young engineering graduates..M4-Enhance carrier opportunities for students through
Industry-Institute-Interaction and value-added courses training and skill development. .M5-Inculcate entrepreneurship mindset in students to enable
them job creators.