©BRIGHSTARS 2024/2025 ALL RIGHTS RESERVED.
NWIT 263 Midterm Exam Questions With
Correct Answers 2025
Why must digital forensics labs be physically secure? - Answer✔- so that evidence is not
destroyed
- so that evidence is not corrupted
- so that the evidence is not lost
both public and private sector investigations require search warrants - Answer✔false
how do Microsoft OSs allocate disk space for files? - Answer✔by clusters
what is the biggest challenge when trying to acquire an image from a MAC? -
Answer✔physically accessing the drive
which of the following technologies is used to validate digital evidence? - Answer✔hashing
where would one find lists of known files hashes for a variety of operating systems, applications
and images? - Answer✔the National Software Reference Library (NSRL)
which is the default file system for today's Linux distributions? - Answer✔ext4
which types of graphics files do digital forensics investigate most? - Answer✔- images
downloaded from the web
- images circulated via email
every Windows file system supports alternate data streams - Answer✔false
which technology comes with every solid-state storage device and presents a challenge when
performing forensic acquisitions due to how it manages the device? - Answer✔wear-leveling
which of the following concepts allows an investigator to enter into evidence something that was
not specified in a search warrant but was in direct sight? - Answer✔plain view doctrine
what is the term used when one confirms that a forensic tool is working as intended? -
Answer✔validation
1|Page
NWIT 263 Midterm Exam Questions With
Correct Answers 2025
Why must digital forensics labs be physically secure? - Answer✔- so that evidence is not
destroyed
- so that evidence is not corrupted
- so that the evidence is not lost
both public and private sector investigations require search warrants - Answer✔false
how do Microsoft OSs allocate disk space for files? - Answer✔by clusters
what is the biggest challenge when trying to acquire an image from a MAC? -
Answer✔physically accessing the drive
which of the following technologies is used to validate digital evidence? - Answer✔hashing
where would one find lists of known files hashes for a variety of operating systems, applications
and images? - Answer✔the National Software Reference Library (NSRL)
which is the default file system for today's Linux distributions? - Answer✔ext4
which types of graphics files do digital forensics investigate most? - Answer✔- images
downloaded from the web
- images circulated via email
every Windows file system supports alternate data streams - Answer✔false
which technology comes with every solid-state storage device and presents a challenge when
performing forensic acquisitions due to how it manages the device? - Answer✔wear-leveling
which of the following concepts allows an investigator to enter into evidence something that was
not specified in a search warrant but was in direct sight? - Answer✔plain view doctrine
what is the term used when one confirms that a forensic tool is working as intended? -
Answer✔validation
1|Page
