M12: Forensics

Question 1

What is the first phase in the forensic process?

M12: Forensics

Answer 1

Collection.

Question 2

What does the collection phase involve?

M12: Forensics

Answer 2

• Identifying
• Labeling
• Recording
• Acquiring

Question 3

Why is timely data collection important?

M12: Forensics

Answer 3

To prevent loss of dynamic data like network connections.

Question 4

What is the second phase in the forensic process?

M12: Forensics

Answer 4

Examination.

Question 5

What happens during the examination phase?

M12: Forensics

Answer 5

Processing collected data to extract relevant information.

Question 6

What is the third phase in the forensic process?

M12: Forensics

Answer 6

Analysis.

Question 7

What is the goal of the analysis phase?

M12: Forensics

Answer 7

To derive useful information from the examined data.

Question 8

What is the final phase in the forensic process?

M12: Forensics

Answer 8

Reporting.

Question 9

What should be included in the reporting phase?

M12: Forensics

Answer 9

• Actions taken
• Tools used
• Recommendations.

Question 10

Why is preserving data integrity important in forensics?

M12: Forensics

Answer 10

To ensure the data remains unchanged and reliable.

Question 11

What are the basics of file storage media?

M12: Forensics

Answer 11

Devices like hard drives, CDs, and USB drives.

Question 12

What is a filesystem?

M12: Forensics

Answer 12

A method for storing and organizing files on media.

Question 13

Why is file integrity important?

M12: Forensics

Answer 13

To ensure files have not been altered or corrupted.

Question 14

What are file modification… access… and creation times?

M12: Forensics

Answer 14

Metadata that shows when a file was last changed, accessed, or created.

Question 15

What is the purpose of copying files from media?

M12: Forensics

Answer 15

To create a backup or transfer data without altering the original.

Question 16

What is a forensic toolkit?

M12: Forensics

Answer 16

A set of tools used to examine and analyze data files.

Question 17

How can data files be located?

M12: Forensics

Answer 17

By searching the filesystem or using forensic tools.

Question 18

What is data extraction?

M12: Forensics

Answer 18

The process of retrieving specific information from data files.

Question 19

Why is it important to use legally justifiable methods in forensics?

M12: Forensics

Answer 19

To ensure the evidence is admissible in court.

Question 20

What should be done if technical issues arise during data collection?

M12: Forensics

Answer 20

Follow established procedures to resolve them.

Question 21

What is the significance of file headers?

M12: Forensics

Answer 21

They contain important information about the file type and structure.

Question 22

How can file integrity be verified?

M12: Forensics

Answer 22

By comparing file hashes before and after copying.

Question 23

What are some common types of media used for data storage?

M12: Forensics

Answer 23

Hard drives, SSDs, CDs, DVDs, and USB drives.

Question 24

What is the role of file metadata in forensics?

M12: Forensics

Answer 24

It provides details about the file’s history and usage.

Question 25

How can forensic tools help in data recovery?

M12: Forensics

Answer 25

By retrieving lost or deleted files from storage media.

Question 26

What is the importance of maintaining a chain of custody?

M12: Forensics

Answer 26

To document who handled the evidence and when.

Question 27

What are some challenges in examining data files?

M12: Forensics

Answer 27

Issues like
* Encryption
* File corruption
* Large data volumes.

Question 28

How can data files be securely stored?

M12: Forensics

Answer 28

Using encrypted storage and access controls.

Question 29

What is the purpose of analyzing data files?

M12: Forensics

Answer 29

To find relevant information that supports an investigation.

Question 30

Why is it important to document the forensic process?

M12: Forensics

Answer 30

To provide a clear record of actions taken and findings.