3.

BASICS OF DIGITAL FORENSIC

8. When the field of PC forensics began?
1. Who is the Father of Computer Forensics?
(a) 1967 (b) 1984
(a) Michael Anderson (b) John McCarthy
(c) 1980 (d) 1990
(c) Seymour Papert (d) Nicklaus Wirth
9. In which year, the first FBI Regional Computer
2. Digital forensics is all of them except ______. Forensic Laboratory was recognized?
(a) Extraction of computer data (a) 2000 (b) 2003
(b) Preservation of computer data (c) 1996 (d) 2001
(c) Interpretation of computer data 10. Which of this is not a computer crime?
(d) Manipulation of computer data (a) e-mail harassment (b) Falsification of data
3. In which year, Federal Bureau of Investigation (c) Sabotage (d) Identification of data
program was created?
11. Which file is used to store the user entered
(a) 1987 (b) 1984 password?
(c) 1980 (d) 1978 (a) .exe (b) .txt
4. Digital Forensics refers to ______. (c) .iso (d) .sam
(a) A branch of forensic science encompassing the 12. ______ is the process of recording as much data as
recovery and investigation of material found in possible to creature ports and analysis on user input.
digital devices.
(a) Data mining (b) Data carving
(b) A process where we develop and test
hypotheses that answer questions about digital (c) Metadata (d) Data Spoofing
events. 13. ______searches through raw data on a hard drive
(c) A use of science or technology in the without using a file system.
investigation and establishment of the facts or (a) Data mining (b) Data carving
evidences in a court of law. (c) Metadata (d) Data Spoofing
(d) A process of using scientific knowledge in 14. What is first step to Handle Retrieving Data from an
analysis and presentation of evidence in court. Encrypted Hard Drive?
5. Which of following is not a rule of digital forensics? (a) Formatting disk
(a) An examination should be performed on the (b) Storing data
original data. (c) Finding configuration files
(b) A copy is made onto forensically sterile media. (d) Deleting files
New media should always be used if available. 15. ______ is the Rule of Digital Forensics.
(c) The copy of the evidence must be an exact, bit- (a) An examination should never be performed on
by-bit copy the original media.
(d) The examination must be conducted in such a (b) A copy is made on to forensically sterile media.
way as to prevent any modification of the New media should always be used if available.
evidence
(c) The computer and the data on it must be
6. Which of the following is FALSE? protected during the acquisition of the media to
(a) The digital forensic investigator must maintain ensure that the data is not modified.
absolute objectivity. (d) All of above.
(b) It is the investigator’s job to determine 16. What is the Major goal of Digital Forensics?
someone’s guilt or innocence.
(a) To duplicate original data and preserve original
(c) It is the investigator’s responsibility to evidence and then performing the series of
accurately report the relevant facts of a case. investigation by collecting, identifying and
(d) The investigator must maintain strict validating digital information for the purpose of
confidentiality, discussing the results of an restructuring past events.
investigation on only a “need to know”. (b) Accessing the system’s directories viewing
7. Digital Forensics is______. mode and navigating through the various
(a) Accessing the system’s directories viewing systems files and folders.
mode and navigating through the various (c) Un-deleting and recovering lost files.
systems files and folders (d) Identifying and solving computer crimes.
(b) Un-deleting and recovering lost files 17. DFI stands for ______.
(c) Identifying and solving computer crimes (a) Digital forensic investigation
(d) The identification, preservation, recovery, (b) Detail forensic investigation
restoration and presentation of digital evidence
(c) Digital forensic information
from systems and devices
(d) Detail forensic information

P.1
Physics Motion in One Dimension

18. The main objective Digital forensic investigation is (c) Collection (d) Examination
______. 26. ______ consists of finding and collecting digital
(a) Data may be stored in damaged device, but the information that may be relevant to the
investigator searches the data in working investigation.
devices. (a) Preservation (b) Identification
(b) To examine digital evidence and to ensure that (c) Collection (d) Examination
they have not been tampered in any manner. 27. ______ consists of “in-depth systematic search of
(c) The digital data found should be protected from evidence” relating to the incident being investigated.
being modified. (a) Preservation (b) Identification
(d) Accessing the system’s directories viewing (c) Collection (d) Examination
mode and navigating through the various
28. The output of examination stage includes ______.
systems files and folders
(a) Log files
19. The Digital Forensic Investigation process must be
able to handle the below obstacles ______. (b) Data files containing specific phrases
(a) Handle and locate certain amount of valid data (c) Times-stamps
from large number of files stored in computer (d) All of the above
system. 29. The aim of ______ stage is to “draw conclusions
(b) It is viable that the information has been based on evidence found”.
deleted, I such situation searching inside the file (a) Preservation (b) Identification
is worthless. (c) Analysis (d) Examination
(c) If the files are secured by some passwords, 30. ______ entails writing a report outlining the
investigators must find away to read the examination process and pertinent data recovered
protected data in an unauthorized manner. from the overall investigation.
(d) All of above. (a) Reporting (b) Identification
20. The Digital Forensic investigation process must be (c) Analysis (d) Examination
able to handle the below obstacles ______. 31. Using what, data hiding in encrypted images be
(a) Data may be stored in damaged device, but the carried out in digital forensics?
investigator searches the data in working (a) Acquisition (b) Steganography
devices.
(c) Live analysis (d) Hashing
(b) Major obstacle is that each and every case is
different identifying the techniques and tools 32. IDIP stands for______.
will take long time. (a) Integrated Digital Investigation Process
(c) The digital data found should be protected from (b) Integrated Data Investigator Process
being modified. It is very tedious to prove that (c) Integrated Data Investigator Process
data under examination is unaltered. (d) Independent Data Investigator Process
(d) All of above. 33. What is the most significant legal issue in computer
21. RMDFR stands for ______. forensics?
(a) Road matrix for Digital Forensic Research (a) Preserving Evidence
(b) Roadmap for Data Forensic Research (b) Seizing Evidence
(c) Road map for Digital Forensic Research (c) Admissibility of Evidence
(d) Roadmap for Direct Forensic Research (d) Discovery of Evidence
22. Who designed the RMDFR framework? 34. What are the important parts of the mobile device
(a) Palmar (b) Reith which used in Digital forensic?
(c) Gunsh (d) Carr (a) SIM (b) RAM
23. How many phases are in RMDFR framework? (c) ROM (d) EMMC chip
(a) 5 (b) 6 35. ADFM stands for ______.
(c) 8 (d) 4 (a) Abstract Data Forensic Model
24. ______ recognizes an incident from indicators and (b) Abstract Digital Forensic Model
determines its type. (c) Absolute Digital Forensic Model
(a) Preservation (b) Identification (d) Absolute Data Forensic Model
(c) Collection (d) Examination 36. Who developed Abstract Digital Forensic Model
25. _____ involves operations such as preventing people (ADFC)?
from using computers during collection, stopping on (a) Reith, Carr, Gunsh (b) Palmar
going deletion processes, and choosing the safest (c) Carrier (d) Safford
way to collect information. 37. ______ it involves the isolation, securing and
(a) Preservation (b) Identification preserving the state of physical and digital evidence.

2.2
Physics Motion in One Dimension

(a) Preservation (b) Identification (a) Reith, Carr, Gunsh (b) Palmar
(c) Analysis (d) Examination (c) Carrier and Safford (d) Stephenson
38. ______ is an in-depth systematic search of evidence 48. UMDFPM stands for ______.
relating to the suspected crime. (a) User modelling of digital forensic process
(a) Preservation (b) Identification model
(c) Analysis (d) Examination (b) User modelling of data forensic process model
39. ______ includes Summary and explanation of (c) UML modelling of digital forensic process
conclusion. model
(a) Preservation (b) Presentation (d) UML modelling of digital forensic program
(c) Analysis (d) Examination model
40. Who proposed the IDIP model? 49. Who proposed the UMDFPM model?
(a) Reith, Carr, Gunsh (b) Palmar (a) Reith, Carr, Gunsh
(c) Carrier and Safford (d) Stephenson (b) Kohn, Eloff, and Oliver
41. Which are the five groups of IDIP model? (c) Carrier and Safford
(a) Readiness, Deployment Physical Crime, (d) Stephenson
Investigation Digital Crime, Investigation, 50. Which term refers form codifying a compute run a
Review way which was not originally intended to view
(b) Preservation, Deployment Physical Crime, Information?
Investigation Digital Crime, Investigation, (a) Metadata (b) Live analysis
Review (c) Hacking (d) Bit Copy
(c) Readiness, Deployment Physical Crime, 51. The ability to recover and read deleted or damaged
Investigation Digital Crime, Investigation, files from a criminal’s computer is an example of a
Analysis law enforcement specialty called ______.
(d) Identification, Deployment Physical Crime, (a) Robotics (b) Simulation
Investigation Digital Crime, Investigation, (c) Computer Forensics (d) Animation
Review
52. In ______ phase investigator transfers the relevant
42. The Readiness phase of IDIP includes ______. data from avenue out of physical or administrative
(a) Operations Readiness phase control of the investigator to a controlled location
(b) Infrastructure Readiness phase (a) Survey phase (b) Documentation phase
(c) Both a and b (c) Reconstruction phase (d) Presentation phase
(d) None of above 53. ______ phase includes putting the pieces of a digital
43. The Deployment phase of IDIP includes ______. puzzle together and developing investigative
(a) Detection and Notification phase hypotheses
(b) Confirmation and Authorization phase (a) Preservation phase (b) Survey phase
(c) Both a and b (c) Documentation phase (d) Reconstruction phase
(d) None of above 54. Computer forensics do not involve _____ activity.
44. ______ the goal of these phases is to collect and (a) Preservation of computer data
analyse the physical evidence and reconstruct the (b) Extraction of computer data
actions that took place during the incident. (c) Manipulation of computer data
(a) Investigation Digital Crime (d) Interpretation of computer data
(b) Physical Crime Investigation phase 55. Which of the following is not a property of
(c) Review computer evidence?
(d) Deployment (a) Authentic and Accurate
45. ______ requires an investigator to walk through the (b) Complete and Convincing
physical crime scene and identify pieces of physical (c) Conform and Human Readable
evidence. (d) Duplicated and Preserved
(a) Preservation phase (b) Reconstruction phase 56. ______ can make or break investigation.
(c) Documentation phase (d) Survey phase (a) Crime (b) Evidence
46. EEDIP stands for ______. (c) Security (d) Digital Forensic
(a) Equal to Equal Digital Investigation Process 57. ______ is software that block sun authorized users
(b) End to End Digital Investigation Process from connecting to your computer.
(c) End to End Data Investigation Process (a) Firewall (b) Quick launch
(d) Equal to End Digital Investigation Process (c) One Login (d) Authentication
47. Who proposed the EEDIP model?

2.3
Physics Motion in One Dimension

58. Which of following is not general ethical norm for (a) Uphold any relevant evidence
Investigator? (b) Declare any confidential matters or knowledge
(a) Should contribute to the society and human (c) Distort or falsify education, training, credentials
being (d) All of the above
(b) Should avoid harm to others 63. Which of following is a not unethical norm for
(c) Uphold any relevant Evidence Digital Forensics Investigation?
(d) Should be honest and trust worthy (a) Uphold any relevant evidence
59. Which of the following is the ethical norm for (b) Declare any confidential matters or knowledge
investigator? (c) Distort or falsify education, training, credentials
(a) Should be fair and take action not to (d) To respect the privacy of others
discriminate
64. If the Internet History, file has been deleted, ______
(b) Should honor property rights, including copy may still provide information about what Web sites
rights and patents the user has visited.
(c) Should give proper credit to intellectual (a) Cookies (b) Metadata
property
(c) User profiles (d) Sessions
(d) All of the above
65. When shutting down a computer, what information
60. Which of the following is the ethical norms that is typically lost?
should be satisfied by an Investigator?
(a) Data in RAM memory
(a) Should contribute to the society and human
(b) Running processes
being
(c) Current network connections
(b) Should avoid harm to others
(d) All of the above
(c) Should be honest and trustworthy
(d) Should be fair and take action not to
discriminate
(e) All of above
(f) Only (a) and (b)
61. What is called the process of creation a duplicate of
digital media for purpose of examining it?
(a) Acquisition (b) Steganography
(c) Live analysis (d) Hashing
62. Which of following are Unethical norms for
Investigator?

ANSWER KEY
1. (a) 2. (d) 3. (b) 4. (a) 5. (a) 6. (b) 7. (d) 8. (c) 9. (a) 10. (d)
11. (d) 12. (a) 13. (b) 14. (c) 15. (d) 16. (a) 17. (a) 18. (b) 19. (d) 20. (d)
21. (c) 22. (a) 23. (b) 24. (b) 25. (a) 26. (c) 27. (d) 28. (d) 29. (c) 30. (a)
31. (b) 32. (a) 33. (c) 34. (d) 35. (b) 36. (a) 37. (a) 38. (d) 39. (b) 40. (c)
41. (a) 42. (c) 43. (c) 44. (b) 45. (d) 46. (b) 47. (d) 48. (c) 49. (b) 50. (c)
51. (c) 52. (a) 53. (d) 54. (c) 55. (c) 56. (b) 57. (a) 58. (c) 59. (d) 60. (e)
61. (a) 62. (d) 63. (d) 64. (a) 65. (d)



2.4