DFEX-1973 | Ultimate Digital Forensics & Expert
Witness Mastery Guide (2025 Edition)
Signed into law in 1973, the _______ was/were created to ensure consistency in federal
proceed - b. Federal Rules of Evidence
Within a computing investigation, the ability to perform a series of steps again and again to
produce the same results is known as _______. - d. repeatable findings
The _______ is responsible for analyzing data and determining when another specialist should
be called in to assist with analysis. - d. Digital Evidence First Responder
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and forensic copies of the evidence, is also known as a(n) _______. - d.
evidence tracking form
Candidates who complete the IACIS test successfully are designated as a _______. - c. Certified
Forensic Computer Examiner (CFCE)
_______ describes the characteristics of a safe storage container. - d. NISPOM
_______ is a specialized viewer software program. - b. IrfanView
_______ is responsible for creating and monitoring lab policies for staff, and provides a safe and
secure workplace for staff and evidence. - d. The lab manager
In order to qualify for the Certified Computer Crime Investigator, Basic Level certification,
candidates must provide documentation of at least _______ cases in which they participated. -
a. 10
_______ can be used to restore backup files directly to a workstation. - b. Norton
Ghost
Which file system below is utilized by the Xbox gaming system? - d. FATX
, The term _______ describes a database containing informational records about crimes that
have been committed previously by a criminal. - b. police blotter
What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by
law enforcement, can analyze and read special files that are copies of a disk? - c. ILook
When using a target drive that is FAT32 formatted, what is the maximum size limitation for split
files? - b. 2 GB
??? is not recommended for a digital forensics workstation. - remote access software
If a police officer or investigator has sufficient cause to support a search warrant, the
prosecuting attorney might direct him or her to submit a(n) ??? - Affidavit
A chain-of-evidence form, which is used to document what has and had not been done with the
original evidence and forensic copies of the evidence, is also known as a(n) ??? - c. evidence
custody form
Which of the following scenarios should be covered in a disaster recovery plan? - d. all of the
above
What should you do while copying data on a suspect's computer that is still live? - d. Make
notes regarding everything you do.
The Linux command _____ can be used to write bit-stream data to files. - a. dd
Which open-source acquisition format is capable of producing compressed or uncompressed
image files, and uses the .afd extension for segmented image files? - c. Advanced Forensic
Format
Which court case established that it is not necessary for computer programmers to testify in
order to authenticate computer-generated records? - b. United States v. Salgado
When seizing digital evidence in criminal investigations, whose standards should be followed? -
US DOJ
Witness Mastery Guide (2025 Edition)
Signed into law in 1973, the _______ was/were created to ensure consistency in federal
proceed - b. Federal Rules of Evidence
Within a computing investigation, the ability to perform a series of steps again and again to
produce the same results is known as _______. - d. repeatable findings
The _______ is responsible for analyzing data and determining when another specialist should
be called in to assist with analysis. - d. Digital Evidence First Responder
A chain-of-evidence form, which is used to document what has and has not been done with the
original evidence and forensic copies of the evidence, is also known as a(n) _______. - d.
evidence tracking form
Candidates who complete the IACIS test successfully are designated as a _______. - c. Certified
Forensic Computer Examiner (CFCE)
_______ describes the characteristics of a safe storage container. - d. NISPOM
_______ is a specialized viewer software program. - b. IrfanView
_______ is responsible for creating and monitoring lab policies for staff, and provides a safe and
secure workplace for staff and evidence. - d. The lab manager
In order to qualify for the Certified Computer Crime Investigator, Basic Level certification,
candidates must provide documentation of at least _______ cases in which they participated. -
a. 10
_______ can be used to restore backup files directly to a workstation. - b. Norton
Ghost
Which file system below is utilized by the Xbox gaming system? - d. FATX
, The term _______ describes a database containing informational records about crimes that
have been committed previously by a criminal. - b. police blotter
What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by
law enforcement, can analyze and read special files that are copies of a disk? - c. ILook
When using a target drive that is FAT32 formatted, what is the maximum size limitation for split
files? - b. 2 GB
??? is not recommended for a digital forensics workstation. - remote access software
If a police officer or investigator has sufficient cause to support a search warrant, the
prosecuting attorney might direct him or her to submit a(n) ??? - Affidavit
A chain-of-evidence form, which is used to document what has and had not been done with the
original evidence and forensic copies of the evidence, is also known as a(n) ??? - c. evidence
custody form
Which of the following scenarios should be covered in a disaster recovery plan? - d. all of the
above
What should you do while copying data on a suspect's computer that is still live? - d. Make
notes regarding everything you do.
The Linux command _____ can be used to write bit-stream data to files. - a. dd
Which open-source acquisition format is capable of producing compressed or uncompressed
image files, and uses the .afd extension for segmented image files? - c. Advanced Forensic
Format
Which court case established that it is not necessary for computer programmers to testify in
order to authenticate computer-generated records? - b. United States v. Salgado
When seizing digital evidence in criminal investigations, whose standards should be followed? -
US DOJ
