MSTM5003 QUIZ

  1. __________ is a branch of digital forensics dealing with identifying, managing, and preserving digital information that is subject to legal hold.     E-discovery
  2. A physical hard disk drive will persist data longer than a solid state drive.  True
  3. A technician must ensure that a forensic copy is ___.   a bit-by-bit copy of the drive
  4. Anyone who handles evidence in an investigation should __   Be recorded on the Chain of Custody logs
  5. Both forensics and e-discovery are secondary processes from a business perspective   True
  6. Business records, printouts, and manuals are which type of evidence?  Documentary evidence
  7. Clusters that are marked by the operating system as usable when needed are referred to as __________.   free space
  8. Clusters that are marked by the operating system as usable when needed are referred to as ____   Free space
  9. Ensuring your computer does not inadvertently make changes to a target machine’s media, investigators should    install a write blocker to the media
  10. Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence?  Hearsay rule
  11. Evidence offered by a witness that is not based on the personal knowledge of the witness, but is being offered to prove the truth of the matter asserted, falls under which rule of evidence?  Hearsay rule
  12. Evidence that is convincing or measures up without question is known as _   sufficient evidence
  13. Evidence that is convincing or measures up without question is known as __________.  Sufficient evidence
  14. Evidence that is material to the case or has bearing on the matter at hand is known as __________.  relevant evidence
  15. Evidence that must be legally qualified and reliable is known as __________.  competent evidence
  16. Evidence that must be legally qualified and reliable is known as  competent evidence
  17. File timestamps can be helpful if you have ____.  Recorded any time offset between the system clock and real time
  18. From a forensics perspective, Linux systems have the same artifacts as Windows systems.  False
  19. If you change the extension of the file, the magic number will remain unaltered.   True
  20. In a Windows operating system, many artifacts are stored here.   in the registry
  21. It is a good idea to hash log files and place the logs on a read-only, write-once media.   True
  22. Of the following, which is the most volatile location of stored data?  CPU storage
  23. Oral testimony that proves a specific fact with no inferences or presumptions is which type of evidence?   Direct evidence
  24. Placing a cell phone in a RF isolation bag is important so the phone is not remotely wiped.   True
  25. Slack space occurs when   files are saved when the size is less than a cluster
  26. Tangible objects that prove or disprove fact are what type of evidence?   Real evidence
  27. Tangible objects that prove or disprove fact are what type of evidence?   Real evidence
  28. The term __________ describes a series of digits near the beginning of the file that provides information about the file format.   magic number
  29. There is no recovery from data that has been changed.  True
  30. What is a software bomb?  Software that can destroy or modify files when commands are executed on the computer
  31. What name is given to a logical storage unit that is subsequently used by an operating system? Partition
  32. What type of evidence is used to aid a jury and may be in the form of a model, experiment, chart, and so on, to indicate that an event occurred?   Demonstrative evidence
  33. When deleted, a file is removed from its original place on the storage device and is only available in the recycle bin.   False
  34. When performing forensics on a computer system, you should use the utilities provided by that system   False
  35. Which of the following has the least volatile data?    Hard disk
  36. Which of the following has the least volatile data?   Hard disk
  37. Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?  Exclusionary rule
  38. Which rule applies to evidence obtained in violation of the Fourth Amendment of the Constitution?   Exclusionary rule

Other Links:

Statistics Quiz

Networking Quiz

See other websites for quiz:

Check on QUIZLET

Check on CHEGG

Post Views: 102

Leave a Reply

Your email address will not be published. Required fields are marked *