Untitled Deck Flashcards
What is digital forensics?
Digital forensics is the process of recovering and investigating material found in digital devices, often in relation to computer crime.
True or False: Digital forensics only applies to computers.
False
Fill in the blank: The first step in the digital forensics process is __________.
Identification
What does the term ‘chain of custody’ refer to in digital forensics?
The chain of custody refers to the documentation and handling process that ensures evidence is preserved and unaltered.
Which of the following is NOT a type of digital forensics? A) Network forensics B) Malware forensics C) Audio forensics
C) Audio forensics
What is the primary goal of digital forensics?
To collect, preserve, analyze, and present digital evidence in a legally acceptable manner.
True or False: Digital forensics can be used in civil cases.
True
Name one common tool used in digital forensics.
EnCase or FTK (Forensic Toolkit)
What is the significance of ‘imaging’ in digital forensics?
Imaging refers to creating a bit-for-bit copy of digital evidence to analyze without altering the original data.
What does ‘data recovery’ mean in the context of digital forensics?
Data recovery is the process of retrieving lost or inaccessible data from storage devices.
Fill in the blank: The process of examining and analyzing data in a digital forensic investigation is called __________.
Analysis
Which law governs the collection and presentation of digital evidence in the United States?
The Federal Rules of Evidence
True or False: Digital forensics only involves software analysis.
False
What is a ‘forensic image’?
A forensic image is a complete copy of a storage device that captures all data, including deleted files.
What is the purpose of ‘log files’ in digital forensics?
Log files record events and actions on a system, which can help in understanding user activity and system changes.
What type of evidence can digital forensics recover from mobile devices?
Contacts, messages, call logs, photos, and application data.
Fill in the blank: The principle of __________ states that data can be altered or destroyed during the forensic process.
Least privilege
What is ‘malware forensics’?
Malware forensics is the study and analysis of malicious software to understand its behavior and impact.
True or False: Digital forensics is only relevant to law enforcement agencies.
False
What is the role of a digital forensic examiner?
To collect, analyze, and present digital evidence in investigations.
What does ‘volatile data’ refer to?
Data that is temporarily stored and lost when a device is powered off, such as RAM.
Fill in the blank: __________ analysis involves examining network traffic to identify suspicious activities.
Network
What is the purpose of using hash functions in digital forensics?
To verify the integrity of data by creating a unique digital fingerprint.
True or False: Digital forensics can only be performed on Windows operating systems.
False
What is ‘file carving’?
File carving is a technique used to recover files from unallocated space on a storage device.
What is the difference between ‘static’ and ‘live’ forensics?
Static forensics involves analyzing a powered-off device, while live forensics examines a running system.
Fill in the blank: __________ is a technique used to hide data within other files.
Steganography
