NT 344
Computer & Network Forensics
LATEST MIDTERM GUIDE
Q&S
©2024/2025
,1. Multiple Choice: What is the primary goal of network
forensics?
A) Identifying unauthorized users
B) Recovering lost data
C) Monitoring network traffic
D) Analyzing network attacks
Answer: D) Analyzing network attacks
Rationale: The primary goal of network forensics is to
analyze network attacks to understand their nature, scope,
and impact, which helps in preventing future attacks.
2. Fill-in-the-Blank: The process of legally gathering and
analyzing digital evidence is known as ____________.
Answer: Digital Forensics
Rationale: Digital Forensics is the correct term that refers
to the process mentioned.
3. True/False: Packet sniffing is illegal in all circumstances.
Answer: False
Rationale: Packet sniffing can be legal if performed by
network administrators for monitoring and maintenance or if
authorized by law.
4. Multiple Response: Which of the following are types of
network forensics analysis? (Select all that apply)
A) Static
B) Volatile
C) Real-time
D) Strategic
Answers: A) Static, C) Real-time
Rationale: Static and real-time analyses are types of
©2024/2025
, network forensics. Static analysis involves examining data
at rest, while real-time analysis involves examining data that
travels over the network.
5. Multiple Choice: In computer forensics, what is a 'write
blocker' used for?
A) To prevent a user from accessing certain websites
B) To stop data from being written to a storage device
C) To block malicious network traffic
D) To encrypt data
Answer: B) To stop data from being written to a storage
device
Rationale: A write blocker is used in computer forensics to
prevent data from being written to a storage device,
ensuring that the evidence remains unaltered.
6. Fill-in-the-Blank: The ____________ is a set of principles
that guide the forensic examination of digital devices and
systems.
Answer: Digital Forensics Framework
Rationale: The Digital Forensics Framework outlines the
standard practices and methodologies used in the forensic
examination of digital systems.
7. True/False: Chain of custody is irrelevant in digital
forensics.
Answer: False
Rationale: The chain of custody is crucial in digital
forensics as it documents the handling of evidence,
ensuring its integrity and admissibility in court.
8. Multiple Response: Which of the following are challenges
faced in network forensics? (Select all that apply)
©2024/2025
Computer & Network Forensics
LATEST MIDTERM GUIDE
Q&S
©2024/2025
,1. Multiple Choice: What is the primary goal of network
forensics?
A) Identifying unauthorized users
B) Recovering lost data
C) Monitoring network traffic
D) Analyzing network attacks
Answer: D) Analyzing network attacks
Rationale: The primary goal of network forensics is to
analyze network attacks to understand their nature, scope,
and impact, which helps in preventing future attacks.
2. Fill-in-the-Blank: The process of legally gathering and
analyzing digital evidence is known as ____________.
Answer: Digital Forensics
Rationale: Digital Forensics is the correct term that refers
to the process mentioned.
3. True/False: Packet sniffing is illegal in all circumstances.
Answer: False
Rationale: Packet sniffing can be legal if performed by
network administrators for monitoring and maintenance or if
authorized by law.
4. Multiple Response: Which of the following are types of
network forensics analysis? (Select all that apply)
A) Static
B) Volatile
C) Real-time
D) Strategic
Answers: A) Static, C) Real-time
Rationale: Static and real-time analyses are types of
©2024/2025
, network forensics. Static analysis involves examining data
at rest, while real-time analysis involves examining data that
travels over the network.
5. Multiple Choice: In computer forensics, what is a 'write
blocker' used for?
A) To prevent a user from accessing certain websites
B) To stop data from being written to a storage device
C) To block malicious network traffic
D) To encrypt data
Answer: B) To stop data from being written to a storage
device
Rationale: A write blocker is used in computer forensics to
prevent data from being written to a storage device,
ensuring that the evidence remains unaltered.
6. Fill-in-the-Blank: The ____________ is a set of principles
that guide the forensic examination of digital devices and
systems.
Answer: Digital Forensics Framework
Rationale: The Digital Forensics Framework outlines the
standard practices and methodologies used in the forensic
examination of digital systems.
7. True/False: Chain of custody is irrelevant in digital
forensics.
Answer: False
Rationale: The chain of custody is crucial in digital
forensics as it documents the handling of evidence,
ensuring its integrity and admissibility in court.
8. Multiple Response: Which of the following are challenges
faced in network forensics? (Select all that apply)
©2024/2025
