Scribd
Upload
19 views

Revision Questions

Uploaded by

nnxn6dpjxc
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
19 views

Revision Questions

Uploaded by

nnxn6dpjxc
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Revision

1. Digital forensics can be used in different settings, including Criminal investigations, Civil litigations
and Administrative matters. Describe the roles how digital forensics are used in these three areas.
2. Digital forensics practitioners most often play the role of an expert witness. What makes them
different from a non-expert witness?
3. Knowing how and where data are created and stored is essential to comprehend and retrieve audit
and records retained by the operating system. Describe four various focus areas that will impact an
investigation.
4. Computer examinations and resulting evidence make regular appearance in police investigations
and court cases. Criminals, terrorists, and corporate executives used anti forensic tools and
techniques to counter new forensic advances. They use these techniques to hide or destroy their
digital data or to make its examination difficult or even impossible.
i. Give an example of how these techniques can be differentiated from legitimate use and
criminal intent.
ii. Encryption is one way to hide data. Describe four encryption schemes that can be used to
encrypt either files, folders or entire hard disk.
iii. Another way to conceal data is Steganography.
a. Define Steganography.
b. Describe how Steganography is done.
5. We can use Windows operating system itself to recover data and track footprints left behind by the
user. The challenge is to identify, preserve, collect and interpret the evidence correctly. Explain the
purpose and forensic significance of the following artifacts.
i. Hibernation File
ii. Recycle Bin
iii. Registry
iv. Print Spooling
v. Metadata
vi. Thumbnail Cache
vii. Restore points
viii. Link Files
ix. Prefetch
x. Most recently used
6. The major concern of a court case is the security and integrity of the evidence. The forensic
examiners need to uphold these properties. Describe five operating procedures that are needed to
be in place to secure and maintain the integrity of the evidence.
7. Describe the steps that you will take to secure the evidence for examination from a crime scene.
8. What is the purpose of INDEX.DAT and list the information that are stored in the file.
9. Describe the browser cache function listed below:
a. Cookies
b. Web cache
c. Internet history
d. Registry
10. Where do records of email can be found?
11. What are the main components that investigators look for in an email? Give reasons why.
12. Cloud computing is increasingly adopted by organisations worldwide. However, with its many
benefits, come many challenges from both the forensic and legal perspectives. Describe the
challenges faced.
13. Describe the differences between magnetic storage and Solid State Drives (SSD) store data from a
forensic point of view.
14. Mobile phones have Global Positioning Systems (GPS). If the GPS is activated, it can be used to
pinpoint the location of suspects. Describe the four categories for GPS devices.
15. Give an example of a way you can use social engineering to obtain information about an employee
to gain access to his/her email account.
16. The National Institute of Standards and Technology (NIST) outlined their incident response life cycle
guideline. Describe the phases involved.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy