CH 3 FORENSIC
METHODS & LABS
PRACTICE TEST
QUESTIONS WITH
VERIFIED ANSWERS
, CH 3 FORENSIC METHODS & LABS PRACTICE TEST
QUESTIONS WITH VERIFIED ANSWERS
A. A formal document prepared by a forensics specialist to document an investigation, including
a list of all tests conducted as well as the specialist's own curriculum vitae (CV) - -Answer--
Which of the following best defines an expert report?
A. A formal document prepared by a forensics specialist to document an investigation, including
a list of all tests conducted as well as the specialist's own curriculum vitae (CV)
B. Rules that govern whether, when, how, and why proof of a legal case can be placed before a
judge or jury
C. Information that has been processed and assembled so that it is relevant to an investigation
and supports a specific finding or determination
D. A term that refers to how long evidence will last
A. Bit-level information - -Answer--_________ is information at the level of 1s and 0s stored in
computer memory or on a storage device.
A. Bit-level information
B. A cluster
C. A segment
D. File slack
A. File slack - -Answer--_______ is the unused space between the logical end of a file and the
physical end of a file.
A. File slack
B. Bit-level information
C. A cluster
D. A segment
A. Volatile data, then file slack - -Answer--According to the order of volatility in RFC 3227, what
evidence should you collect first on a typical system?
A. Volatile data, then file slack
B. File system, then memory dumps
C. System state backup, then the file system
D. The Registry, then internet traces
B. an analysis plan - -Answer--As a forensic investigator, you should develop _________, which
covers how you will gather evidence and which tools are most appropriate for a specific
investigation.
A. a curriculum vitae
B. an analysis plan
C. the expert report
D. the rules of evidence
B. CompTIA A+ - -Answer--______ is an industry certification that focuses on knowledge of PC
hardware.
METHODS & LABS
PRACTICE TEST
QUESTIONS WITH
VERIFIED ANSWERS
, CH 3 FORENSIC METHODS & LABS PRACTICE TEST
QUESTIONS WITH VERIFIED ANSWERS
A. A formal document prepared by a forensics specialist to document an investigation, including
a list of all tests conducted as well as the specialist's own curriculum vitae (CV) - -Answer--
Which of the following best defines an expert report?
A. A formal document prepared by a forensics specialist to document an investigation, including
a list of all tests conducted as well as the specialist's own curriculum vitae (CV)
B. Rules that govern whether, when, how, and why proof of a legal case can be placed before a
judge or jury
C. Information that has been processed and assembled so that it is relevant to an investigation
and supports a specific finding or determination
D. A term that refers to how long evidence will last
A. Bit-level information - -Answer--_________ is information at the level of 1s and 0s stored in
computer memory or on a storage device.
A. Bit-level information
B. A cluster
C. A segment
D. File slack
A. File slack - -Answer--_______ is the unused space between the logical end of a file and the
physical end of a file.
A. File slack
B. Bit-level information
C. A cluster
D. A segment
A. Volatile data, then file slack - -Answer--According to the order of volatility in RFC 3227, what
evidence should you collect first on a typical system?
A. Volatile data, then file slack
B. File system, then memory dumps
C. System state backup, then the file system
D. The Registry, then internet traces
B. an analysis plan - -Answer--As a forensic investigator, you should develop _________, which
covers how you will gather evidence and which tools are most appropriate for a specific
investigation.
A. a curriculum vitae
B. an analysis plan
C. the expert report
D. the rules of evidence
B. CompTIA A+ - -Answer--______ is an industry certification that focuses on knowledge of PC
hardware.
