C840/D431 - Digital Forensics
Practice Questions 2024\2025
Which law requires a free opt-out option? - Correct Answers
✅CAN-SPAM Act. The CAN-SPAM Act is a U.S. law that sets the rules
for commercial email, establishes requirements for commercial
messages, gives recipients the right to have emails stopped from being
sent to them, and spells out tough penalties for violations.
Which law led to the creation of the Electronic Crimes Task Force? -
Correct Answers ✅USA PATRIOT Act. The USA PATRIOT Act
included provisions for the establishment of the ECTF to combat
electronic crimes, including cyberterrorism and other computer-related
offenses.
Where would they find logs about connections to remote computers? -
Correct Answers ✅The ForwardedEvents log is used to store
events collected from remote computers. This has data in it only if
event forwarding has been configured.
A forensic specialist is getting ready to collect digital evidence. What
should they do first? - Correct Answers ✅Review the Chain of
Custody. The first step in collecting digital evidence is to carefully
review and document the chain of custody. This involves documenting
who has had access to the device or data, when it was accessed, and
any changes made to it since the incident occurred. By carefully
documenting the chain of custody, the specialist can ensure that the
evidence is admissible in court and has not been tampered with.
,C840/D431 - Digital Forensics
Practice Questions 2024\2025
Which law suggests setting up forensic laboratories? - Correct Answers
✅US Patriot Act. The USA Patriot Act is a law passed by the US
Congress in response to the 9/11 terrorist attacks. It includes provisions
for the establishment and funding of forensic laboratories to assist law
enforcement agencies in the investigation and prosecution of terrorism
and other crimes. The Act also provides for the training and certification
of forensic specialists and the development of standards and protocols
for the collection and analysis of evidence.
What is steganography used for? - Correct Answers
✅Steganography is the practice of concealing a message, image, or file
within another message, image, or file in such a way that it is difficult to
detect or decipher the hidden content.
What would be used to make a bit-by-bit copy of a windows 8
computer? - Correct Answers ✅FTK Imager can create a forensic
disk image of a Windows 8 computer by creating a bit-by-bit copy of
the entire hard drive or storage media, including any deleted or hidden
data.
What would be used to detect files leaving the network using
steganography? - Correct Answers ✅FTK is likely to be most
effective in detecting steganographically hidden files leaving the
network.
, C840/D431 - Digital Forensics
Practice Questions 2024\2025
What's inside an email header? - Correct Answers ✅An email
header is a section of an email message that contains metadata about
the message, such as the sender and recipient information, date and
time of sending, and information about the email server that handled
the message.
Which storage tech uses NAND? - Correct Answers ✅NAND is a
type of flash memory technology commonly used in SSDs, USB drives,
and memory cards.
How does NAND work? - Correct Answers ✅Most SSDs use
Negated AND (NAND) gate-based flash memory, which retains memory
even without power.
What is AFF? - Correct Answers ✅The Advanced Forensic Format
(AFF) is a file format used in digital forensics to store disk images, file
systems, and other digital evidence.
What programs uses AFF file format? - Correct Answers ✅Autopsy
and Sleuth Kit use the AFF format because it offers flexibility, scalability,
compression, and encryption, which are important features for digital
forensic investigations.
Practice Questions 2024\2025
Which law requires a free opt-out option? - Correct Answers
✅CAN-SPAM Act. The CAN-SPAM Act is a U.S. law that sets the rules
for commercial email, establishes requirements for commercial
messages, gives recipients the right to have emails stopped from being
sent to them, and spells out tough penalties for violations.
Which law led to the creation of the Electronic Crimes Task Force? -
Correct Answers ✅USA PATRIOT Act. The USA PATRIOT Act
included provisions for the establishment of the ECTF to combat
electronic crimes, including cyberterrorism and other computer-related
offenses.
Where would they find logs about connections to remote computers? -
Correct Answers ✅The ForwardedEvents log is used to store
events collected from remote computers. This has data in it only if
event forwarding has been configured.
A forensic specialist is getting ready to collect digital evidence. What
should they do first? - Correct Answers ✅Review the Chain of
Custody. The first step in collecting digital evidence is to carefully
review and document the chain of custody. This involves documenting
who has had access to the device or data, when it was accessed, and
any changes made to it since the incident occurred. By carefully
documenting the chain of custody, the specialist can ensure that the
evidence is admissible in court and has not been tampered with.
,C840/D431 - Digital Forensics
Practice Questions 2024\2025
Which law suggests setting up forensic laboratories? - Correct Answers
✅US Patriot Act. The USA Patriot Act is a law passed by the US
Congress in response to the 9/11 terrorist attacks. It includes provisions
for the establishment and funding of forensic laboratories to assist law
enforcement agencies in the investigation and prosecution of terrorism
and other crimes. The Act also provides for the training and certification
of forensic specialists and the development of standards and protocols
for the collection and analysis of evidence.
What is steganography used for? - Correct Answers
✅Steganography is the practice of concealing a message, image, or file
within another message, image, or file in such a way that it is difficult to
detect or decipher the hidden content.
What would be used to make a bit-by-bit copy of a windows 8
computer? - Correct Answers ✅FTK Imager can create a forensic
disk image of a Windows 8 computer by creating a bit-by-bit copy of
the entire hard drive or storage media, including any deleted or hidden
data.
What would be used to detect files leaving the network using
steganography? - Correct Answers ✅FTK is likely to be most
effective in detecting steganographically hidden files leaving the
network.
, C840/D431 - Digital Forensics
Practice Questions 2024\2025
What's inside an email header? - Correct Answers ✅An email
header is a section of an email message that contains metadata about
the message, such as the sender and recipient information, date and
time of sending, and information about the email server that handled
the message.
Which storage tech uses NAND? - Correct Answers ✅NAND is a
type of flash memory technology commonly used in SSDs, USB drives,
and memory cards.
How does NAND work? - Correct Answers ✅Most SSDs use
Negated AND (NAND) gate-based flash memory, which retains memory
even without power.
What is AFF? - Correct Answers ✅The Advanced Forensic Format
(AFF) is a file format used in digital forensics to store disk images, file
systems, and other digital evidence.
What programs uses AFF file format? - Correct Answers ✅Autopsy
and Sleuth Kit use the AFF format because it offers flexibility, scalability,
compression, and encryption, which are important features for digital
forensic investigations.
