Digital Forensics, Investigation, and
Response Exam Questions and Answers with
Verified Solutions | Latest Updated 2026
In a computer forensics Chain of custody
investigation,
this describes the route that
evidence takes from the time you
find it until the case is closed or
goes
to court.
If the computer is turned on when Shut the computer down according to the
you arrive, what does the Secret recommended Secret Service procedure.
Service recommend you do?
Why should you note all cable In case other devices were connected
connections for a computer you
want to seize as evidence?
What is the essence of the That only tools or techniques that have
Daubert been
standard? accepted by the scientific community are
admissible at trial
When cataloging digital evidence, Preserve evidence integrity.
the primary goal is to do what?
,Which of the following is important The logging methods
to the investigator regarding Log retention
logging? Location of stored logs
All of the above
Your roommate can give consent True
to False
search your computer.
Evidence need not be locked if it is True
at a police station. False
When investigating a virus, what is Document the virus.
the first step?
Which of the following crimes is Cyberstalking
most likely to leave email
evidence?
Where would you seek evidence In the logs of the server; look for the reboot
that of the
Ophcrack had been used on a system
Windows Server 2008 machine?
Logic bombs are often perpetrated disgruntled employees
by _________.
It is legal for employers to monitor True
work computers.
Spyware is legal. True
, What is the primary reason to take It can be a prelude to real-world violence.
cyberstalking seriously?
What is the starting point for Tracing the packets
investigating denial-of-service
attacks?
To preserve digital evidence, an make two copies of each evidence item
investigator should ________. using
different imaging tools
Bob was asked to make a copy of A simple DOS copy will not include deleted
all files,
the evidence from the file slack, and other information.
compromised
system. Melanie did a DOS copy
of
all the files on the system. What
would be the primary reason for
you
to recommend for or against using
a
disk-imaging tool?
It takes ___________ only one
occurrence(s) of
overextending yourself during
testimony to ruin your reputation.
The MD5 message-digest hash a disk to verify that a disk is not
algorithm altered when
is used to ____________. you examine it
Response Exam Questions and Answers with
Verified Solutions | Latest Updated 2026
In a computer forensics Chain of custody
investigation,
this describes the route that
evidence takes from the time you
find it until the case is closed or
goes
to court.
If the computer is turned on when Shut the computer down according to the
you arrive, what does the Secret recommended Secret Service procedure.
Service recommend you do?
Why should you note all cable In case other devices were connected
connections for a computer you
want to seize as evidence?
What is the essence of the That only tools or techniques that have
Daubert been
standard? accepted by the scientific community are
admissible at trial
When cataloging digital evidence, Preserve evidence integrity.
the primary goal is to do what?
,Which of the following is important The logging methods
to the investigator regarding Log retention
logging? Location of stored logs
All of the above
Your roommate can give consent True
to False
search your computer.
Evidence need not be locked if it is True
at a police station. False
When investigating a virus, what is Document the virus.
the first step?
Which of the following crimes is Cyberstalking
most likely to leave email
evidence?
Where would you seek evidence In the logs of the server; look for the reboot
that of the
Ophcrack had been used on a system
Windows Server 2008 machine?
Logic bombs are often perpetrated disgruntled employees
by _________.
It is legal for employers to monitor True
work computers.
Spyware is legal. True
, What is the primary reason to take It can be a prelude to real-world violence.
cyberstalking seriously?
What is the starting point for Tracing the packets
investigating denial-of-service
attacks?
To preserve digital evidence, an make two copies of each evidence item
investigator should ________. using
different imaging tools
Bob was asked to make a copy of A simple DOS copy will not include deleted
all files,
the evidence from the file slack, and other information.
compromised
system. Melanie did a DOS copy
of
all the files on the system. What
would be the primary reason for
you
to recommend for or against using
a
disk-imaging tool?
It takes ___________ only one
occurrence(s) of
overextending yourself during
testimony to ruin your reputation.
The MD5 message-digest hash a disk to verify that a disk is not
algorithm altered when
is used to ____________. you examine it