Digital Forensics (Module 2 Post Test)
Post-mortem meetings should occur at the point when _________. Correct Answer: The case is closed.
Which of the following are good reasons why certification is more important early in the career of
forensics investigators? Correct Answer: a. Senior investigators are required to have at least a minimal
level of education and certifications.
b. The legal system often requests/requires validation of forensics investigators' skill(s).
All of the following are examples of "separation of duties" EXCEPT ________. Correct Answer:
Separation of computer forensics and digital forensics.
Which one of the following is NOT part of the triad of computer forensics? Correct Answer:
Remediation.
Which one of the following acquired copies of digital evidence is sufficient to fully reconstruct a disk?
Correct Answer: Disk image
Which one of the following strategies would NOT help identify evidence relevant to a specific case?
Correct Answer: Identify the file types that are highly probable to contain inculpatory or exculpatory
evidence. (?)
The lead forensic investigator contributes _________ to the journal for an investigation. Correct Answer:
The assignment of tasks.
In public investigations in which a crime has been committed, exculpatory evidence for a suspect will
________. Correct Answer: Clear or exonerate the suspect.
A ________ is used in the validation of digital image evidence to compare an original set of data with a
copied image to ensure that they are identical matches. Correct Answer: Digital signature.
A _______ is the name for skilled staff qualified to accomplish a specific type of tasks. Correct Answer:
Subject matter expert.
Working alongside the investigative team and the vulnerability assessment team, the staff assigned the
task of "intrusion response" will perform the following (among other) tasks: Correct Answer: Track,
locate, and identify the intruder and deny further access to the network and hosts.
Which one of the following is NOT considered to be a necessary physical security measure for a forensics
lab? Correct Answer: Armed security guards on either side of each door.
Which one of the following is a step to be completed when collecting and analyzing evidence? Correct
Answer: All of the above
Which one of the following is an acceptable method of maintaining a proper "chain of custody"? Correct
Answer: Paper forms that track who collected evidence.
Post-mortem meetings should occur at the point when _________. Correct Answer: The case is closed.
Which of the following are good reasons why certification is more important early in the career of
forensics investigators? Correct Answer: a. Senior investigators are required to have at least a minimal
level of education and certifications.
b. The legal system often requests/requires validation of forensics investigators' skill(s).
All of the following are examples of "separation of duties" EXCEPT ________. Correct Answer:
Separation of computer forensics and digital forensics.
Which one of the following is NOT part of the triad of computer forensics? Correct Answer:
Remediation.
Which one of the following acquired copies of digital evidence is sufficient to fully reconstruct a disk?
Correct Answer: Disk image
Which one of the following strategies would NOT help identify evidence relevant to a specific case?
Correct Answer: Identify the file types that are highly probable to contain inculpatory or exculpatory
evidence. (?)
The lead forensic investigator contributes _________ to the journal for an investigation. Correct Answer:
The assignment of tasks.
In public investigations in which a crime has been committed, exculpatory evidence for a suspect will
________. Correct Answer: Clear or exonerate the suspect.
A ________ is used in the validation of digital image evidence to compare an original set of data with a
copied image to ensure that they are identical matches. Correct Answer: Digital signature.
A _______ is the name for skilled staff qualified to accomplish a specific type of tasks. Correct Answer:
Subject matter expert.
Working alongside the investigative team and the vulnerability assessment team, the staff assigned the
task of "intrusion response" will perform the following (among other) tasks: Correct Answer: Track,
locate, and identify the intruder and deny further access to the network and hosts.
Which one of the following is NOT considered to be a necessary physical security measure for a forensics
lab? Correct Answer: Armed security guards on either side of each door.
Which one of the following is a step to be completed when collecting and analyzing evidence? Correct
Answer: All of the above
Which one of the following is an acceptable method of maintaining a proper "chain of custody"? Correct
Answer: Paper forms that track who collected evidence.
