WGU D431 EXAM PREP GUIDE 2026 CORE
TOPIC BREAKDOWN AND SOLVED ITEMS
◉ Expert Report
Answer: A formal document prepared by a forensics specialist to
document an investigation, including a list of all tests conducted as
well as the specialist's own Curriculum Vitae (CV). Anything the
specialist plans to testify about at a trial must be included in the
expert report.
◉ Expert Testimony
Answer: The testimony of an expert witness, one who testifies on the
basis of scientific or technical knowledge relevant to a case, rather
than personal experience.
◉ Internet Forensics
Answer: The process of piecing together where and when a user has
been on the Internet
◉ Live System Forensics
Answer: The process of searching memory in real-time, typically for
working with compromised hosts or to identify system abuse.
, ◉ Network Forensics
Answer: The process of examining network traffic, including
transaction logs and real-time monitoring.
◉ Real Evidence
Answer: Physical objects that can be touched, held, or directly
observed, such as a laptop with a suspect's fingerprints on it, or a
handwritten note.
◉ Software Forensics
Answer: The process of examining malicious computer code
◉ Testimonial Evidence
Answer: Information that forensic specialists use to support or
interpret real or documentary evidence; for example, to
demonstrate that the fingerprints found on a keyboard are those of a
specific individual
◉ Volatile Memory
Answer: Computer Memory that requires power to maintain the
data it holds, and can be changed. RAM is highly volatile; EEPROM is
very non-volatile.
◉ What is the Generic Forensic Zip format?
TOPIC BREAKDOWN AND SOLVED ITEMS
◉ Expert Report
Answer: A formal document prepared by a forensics specialist to
document an investigation, including a list of all tests conducted as
well as the specialist's own Curriculum Vitae (CV). Anything the
specialist plans to testify about at a trial must be included in the
expert report.
◉ Expert Testimony
Answer: The testimony of an expert witness, one who testifies on the
basis of scientific or technical knowledge relevant to a case, rather
than personal experience.
◉ Internet Forensics
Answer: The process of piecing together where and when a user has
been on the Internet
◉ Live System Forensics
Answer: The process of searching memory in real-time, typically for
working with compromised hosts or to identify system abuse.
, ◉ Network Forensics
Answer: The process of examining network traffic, including
transaction logs and real-time monitoring.
◉ Real Evidence
Answer: Physical objects that can be touched, held, or directly
observed, such as a laptop with a suspect's fingerprints on it, or a
handwritten note.
◉ Software Forensics
Answer: The process of examining malicious computer code
◉ Testimonial Evidence
Answer: Information that forensic specialists use to support or
interpret real or documentary evidence; for example, to
demonstrate that the fingerprints found on a keyboard are those of a
specific individual
◉ Volatile Memory
Answer: Computer Memory that requires power to maintain the
data it holds, and can be changed. RAM is highly volatile; EEPROM is
very non-volatile.
◉ What is the Generic Forensic Zip format?
