9.3.10 Practice Questions Flashcards
Question 1.
What is the MOST important element related to evidence in addition to the evidence itself?
answer
Witness testimony
Photographs of the crime scene
Completeness
Chain of custody document
Correct Answer:
Chain of custody document
Question 2.
You have been asked to draft a document related to evidence-gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court.
Which type of document is this?
answer
Rules of evidence
Chain of custody
CPS (certificate practice statement)
FIPS-140
Correct Answer:
Chain of custody
Question 3.
A CEO asks the tech department to create a console that shows day-to-day incident response and summaries of information drawn from underlying data sources.
What can the tech department present to the CEO as a viable option?
answer
Log data
Network logs
Dashboards
Metadata
Correct Answer:
Dashboards
Question 4.
You are a digital forensic analyst working on a high-profile case.
You have been given access to a variety of data sources, including dashboards, log data, and host operating system logs. You need to determine the most effective way to gather evidence for your investigation.
Which of the following approaches would be the MOST effective?
answer
Rely solely on the dashboard as it provides a summary of information drawn from the underlying data sources.
Utilize all the data sources (dashboards, log data, and host operating system logs) to gather a comprehensive set of evidence.
Concentrate on the host operating system logs as they record events as users and software interact with the system.
Focus only on the log data, as it is a critical resource for investigating security incidents.
Correct Answer:
Utilize all the data sources (dashboards, log data, and host operating system logs) to gather a comprehensive set of evidence.
Question 5.
In cybersecurity investigations, why is it crucial to ensure the admissibility of digital evidence collected from computer systems?
answer
Due process and the fair application of laws require proper handling of digital evidence.
Threat actors can tamper with digital evidence without affecting its integrity.
Digital evidence is often visible to the naked eye, ensuring its authenticity.
The location and identity of threat actors are easily identifiable
Correct Answer:
Due process and the fair application of laws require proper handling of digital evidence.
Question 6.
A lawyer is preparing a subpoena for an upcoming cybercrime case and is consulting with a digital forensics specialist.
The lawyer explains the need for the ability to parse through data quickly and provide a copy of everything found to the opposing counsel.
Which utility can accomplish these requests?
answer
E-discovery
Live acquisition
Legal hold
Due process
+digital evidence.
Correct Answer:
E-discovery
Question 7
While investigating a potential cybercrime, a junior digital forensics specialist leaves an important hard drive in a public area overnight.
A senior digital forensics specialist finds the hard drive in the morning and says that it is no longer evidence in the case.
What made the hard drive unusable in court? (Select two.)
answer
The forensics team did not maintain the order of volatility for the hard drive.
The forensics team did not maintain the legal hold of the hard drive.
The forensics team did not provide a digital forensics report.
:
The forensics team did not maintain the chain of custody.
The forensics team did not maintain the provenance of the hard drive.
Correct Answer:
The forensics team did not maintain the chain of custody.
Correct Answer:
The forensics team did not maintain the provenance of the hard drive.
Question 8.
Your company is about to begin litigation, and you need to gather information. You need to get emails, memos, invoices, and other electronic documents from employees. You’d also like to get printed, physical copies of documents.
Which tool would you use to gather this information?
answer
Timeline of events
Chain of custody
Timestamps
Legal hold
Correct Answer:
Legal hold
Question 9.
When conducting a cybersecurity investigation, how does recording the evidence acquisition process on video help to ensure the collected evidence’s integrity?
answer
Video recording verifies the authenticity of the forensic workstation.
Video recording provides a backup of the collected digital data.
Video recording ensures that no one can tamper with the evidence.
Video recording proves the evidence originated directly from the crime scene.
Correct Answer:
Video recording proves the evidence originated directly from the crime scene.
Question 10.
As a digital forensic analyst, you have completed an investigation and are now tasked with creating a report summarizing your findings.
Which of the following principles should guide your report writing?
answer
The report should be biased towards the hypothesis you initially formed about the case.
The analysis methods used should not be repeatable by third parties.
The report should only include conclusions and opinions formed from the direct evidence under analysis.
The evidence must not be changed or manipulated unless necessary. If it is changed or manipulated, the reasons why and process used must be recorded.
Correct Answer:
The evidence must not be changed or manipulated unless necessary. If it is changed or manipulated, the reasons why and process used must be recorded.
