Digital Forensics

Question 1

What is the Forensic Process by NIST?

Answer 1

Collection, Examination, Analysis, Reporting

Question 2

What is Admissibility?

Answer 2

Relatability to disputed facts and violations

Question 3

What is the Order of Volatility?

Answer 3

Securing more perishable evidence first

Question 4

What is Random Access Memory (RAM)

Answer 4

Volatile memory used to run applications

Question 5

What is the CPU Cache?

Answer 5

A fast block of volatile memory used by the CPU

Question 6

What is used when RAM is exhausted?

Answer 6

Swap/Page File/ Virtual Memory

Question 7

What does RAM stand for

Answer 7

Random Access Memory

Question 8

What can command-line tools be used for?

Answer 8

Showing information about the computer and the established ports

Question 9

What is the Chain of Custody?

Answer 9

Ensurance of evidence being collected with no breaks in the chain
Crucial Aspect

Question 10

What is it known as when Chain of Custody has been carried out properly?

Answer 10

Data Provenance

Question 11

What is it known as to protect documents that are evidence?

Answer 11

Legal or Litigation hold

Question 12

What are Artifacts

Answer 12

Log files
Registry hives
DNA

Question 13

Why do we have top take Forensic Copies?

Answer 13

For analyzing; we must keep the original data intact and unaltered

Question 14

Why do we take System Images

Answer 14

To capture a PC and search for criminal activity

Question 15

What can be reverse engineered, and is susceptible to rootkit and backdoor attacks?

Answer 15

Firmware or Embedded Systems

Question 16

Why do we take hashes?

Answer 16

To analyze data

Question 17

When doing an investigation, where are the places we can look?

Answer 17

Network Traffic
Firewall
NIPS
NIDS

Question 18

What do we need to do to in order to use data as evidence in court?

Answer 18

Ensure that it is in its original state

Question 19

What is the process known as recovery?

Answer 19

Dealing with an incident, and possibly restoring from a backup

Question 20

What Stage is verifying the purpose of cloud forensics?

Answer 20

Stage A

Question 21

What Stage is verifying the type of cloud service?

Answer 21

Stage B

Question 22

What Stage is verifying the type of technology behind the cloud?

Answer 22

Stage C

Question 23

What is Stage D of Cloud Forensic 26?

Answer 23

Verifying the role of the user and negotiate with the Cloud Service Provider to collect evidence required

Question 24

Why was Cloud Forensic 26 created?

Answer 24

To focus on the competence and admissibility of evidence

Question 25

What is the purpose of a Right-to-Audit Clause?

Answer 25

To ensure that the contractor is being compliant with its obligation under contract

Question 26

An agreement between the US and EU to give law enforcement agencies in each country faster access to evidence held by providers

Answer 26

General Data Protection Regulation (GDPR)

Question 27

What is the CLOUD act of 2018

Answer 27

An act to address the FBI in forcing Microsoft to hand over data stored in Ireland

Question 28

Allowed the UK to seek data stored overseas as part of a criminal investigation

Answer 28

Overseas Production ACT (COPOA)