Question 1

​What is the difference between a Digital Evidence First Responder (DEFR) and a Digital Evidence Specialist (DES)?

Accepted Answer

​A Digital Evidence First Responder (DEFR) has the skill and training to arrive on an incident scene, assess the situation, and take precautions to acquire and preserve evidence. A Digital Evidence Specialist (DES) has the skill to analyze the data and determine when another specialist should be called in to assist with the analysis.

Question 2

​According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court.

Accepted Answer

A) True 
 B)False  False

Question 3

_______ is not recommended for a digital forensics workstation.

Accepted Answer

A) ​A text editor tool 
B) ​A write-blocker device 
C) An SCSI card 
D) Remote access software 
A) ​A text editor tool 
B) ​A write-blocker device 
C) An SCSI card 
D) Remote access software D

Question 4

If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.​

Accepted Answer

A) True 
 B)False

Question 5

Which option below is not a standard systems analysis step?​

Accepted Answer

A) ​Determine a preliminary design or approach to the case. 
B) ​Obtain and copy an evidence drive. 
C) Share evidence with experts outside of the investigation. 
D) Mitigate or minimize the risks. 
A) ​Determine a preliminary design or approach to the case. 
B) ​Obtain and copy an evidence drive. 
C) Share evidence with experts outside of the investigation. 
D) Mitigate or minimize the risks.

Question 6

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.​

Accepted Answer

A) exhibit 
B) ​verdict 
C) affidavit 
D) memo 
A) exhibit 
B) ​verdict 
C) affidavit 
D) memo

Question 7

_______ must be included in an affidavit to support an allegation in order to justify a warrant.

Accepted Answer

A) ​Verdicts 
B) ​Witnesses 
C) Exhibits 
D) Subpoenas 
A) ​Verdicts 
B) ​Witnesses 
C) Exhibits 
D) Subpoenas

Question 8

All suspected industrial espionage cases should be treated as civil case investigations.​

Accepted Answer

A) True 
 B)False

Question 9

What must be done if data is found in the form of binary files, such as CAD drawings?​

Accepted Answer

The program that ori

Question 10

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?​

Accepted Answer

A) ​AccessData Forensic Toolkit 
B) ​DeepScan 
C) ILook 
D) Photorec 
A) ​AccessData Forensic Toolkit 
B) ​DeepScan 
C) ILook 
D) Photorec

Question 11

_______ is not one of the functions of the investigations triad.

Accepted Answer

A) ​Digital investigations 
B) ​Data recovery 
C) Vulnerability​/ threat assessment and risk management 
D) Network intrusion detection and incident response 
A) ​Digital investigations 
B) ​Data recovery 
C) Vulnerability​/ threat assessment and risk management 
D) Network intrusion detection and incident response

Question 12

Why must all evidence that is collected be treated with the highest level of security and accountability, even if the evidence is regarding an internal abuse investigation within an organization?

Accepted Answer

The evidence must be

Question 13

Basic report writing involves answering the six Ws. What are they?​

Accepted Answer

The six Ws are who,

Question 14

When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all findings confidential.​

Accepted Answer

attorney-c

Question 15

Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?​

Accepted Answer

A) ​First Amendment 
B) ​Second Amendment 
C) Fourth Amendment 
D) Fifth Amendment 
A) ​First Amendment 
B) ​Second Amendment 
C) Fourth Amendment 
D) Fifth Amendment

Question 16

​After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.

Accepted Answer

A) ​Digital Evidence Recorder 
B) ​Digital Evidence Specialist 
C) Digital Evidence First Responder 
D) Digital Evidence Scene Investigator 
A) ​Digital Evidence Recorder 
B) ​Digital Evidence Specialist 
C) Digital Evidence First Responder 
D) Digital Evidence Scene Investigator

Question 17

Signed into law in 1973, the _______ was​/ were created to ensure consistency in federal proceedings.

Accepted Answer

A) Federal Proceedings Law 
B) ​Federal Rules of Evidence 
C) Federal Consistency Standards 
D) Federal Proceedings Rules 
A) Federal Proceedings Law 
B) ​Federal Rules of Evidence 
C) Federal Consistency Standards 
D) Federal Proceedings Rules

Question 18

Match the following terms with the correct definitions below:
-?Evidence that indicates a suspect is guilty of the crime with which he or she is charged

Accepted Answer

A) defense in depth (Di
D)  
B) distributed denial-of-service (DDoS) attacks 
C) honeypot 
D) honeywalls 
E) layered network defense strategy
F)network forensics
G)type 1 hypervisor
H)type 2 hypervisor
I)zero day attacks
J)zombies 
A) defense in depth (Di
D)  
B) distributed denial-of-service (DDoS) attacks 
C) honeypot 
D) honeywalls 
E) layered network defense strategy
F)network forensics
G)type 1 hypervisor
H)type 2 hypervisor
I)zero day attacks
J)zombies

Question 19

Typically, the _____________ requires a bootable DVD or USB flash drive that runs an independent OS in a suspect computer's RAM, with the goal of preserving data during an acquisition.

Accepted Answer

​software

Question 20

The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.

Accepted Answer

A) ​police ledger 
B) ​police blotter 
C) police blogger 
D) police recorder 
A) ​police ledger 
B) ​police blotter 
C) police blogger 
D) police recorder

What is the difference between a Digital Evidence First Responder (DEFR) and a Digital Evidence Specialist (DES)?

According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court.

_______ is not recommended for a digital forensics workstation.

If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.

Which option below is not a standard systems analysis step?

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.

_______ must be included in an affidavit to support an allegation in order to justify a warrant.

All suspected industrial espionage cases should be treated as civil case investigations.

What must be done if data is found in the form of binary files, such as CAD drawings?

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?

_______ is not one of the functions of the investigations triad.

Why must all evidence that is collected be treated with the highest level of security and accountability, even if the evidence is regarding an internal abuse investigation within an organization?

Basic report writing involves answering the six Ws. What are they?

When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all findings confidential.

Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?

After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.

Signed into law in 1973, the _______ was/ were created to ensure consistency in federal proceedings.

Match the following terms with the correct definitions below: -?Evidence that indicates a suspect is guilty of the crime with which he or she is charged

Typically, the _____________ requires a bootable DVD or USB flash drive that runs an independent OS in a suspect computer's RAM, with the goal of preserving data during an acquisition.

The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Exam 1: Understanding the Digital Forensics Profession and Investigations

​What is the difference between a Digital Evidence First Responder (DEFR) and a Digital Evidence Specialist (DES)?

​According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court.

_______ is not recommended for a digital forensics workstation.

If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.​

Which option below is not a standard systems analysis step?​

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.​

_______ must be included in an affidavit to support an allegation in order to justify a warrant.

All suspected industrial espionage cases should be treated as civil case investigations.​

What must be done if data is found in the form of binary files, such as CAD drawings?​

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?​

_______ is not one of the functions of the investigations triad.

Why must all evidence that is collected be treated with the highest level of security and accountability, even if the evidence is regarding an internal abuse investigation within an organization?

Basic report writing involves answering the six Ws. What are they?​

When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all findings confidential.​

Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?​

​After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.

Signed into law in 1973, the _______ was​/ were created to ensure consistency in federal proceedings.

Match the following terms with the correct definitions below: -?Evidence that indicates a suspect is guilty of the crime with which he or she is charged

Typically, the _____________ requires a bootable DVD or USB flash drive that runs an independent OS in a suspect computer's RAM, with the goal of preserving data during an acquisition.

The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

What is the difference between a Digital Evidence First Responder (DEFR) and a Digital Evidence Specialist (DES)?

According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court.

If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.

Which option below is not a standard systems analysis step?

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.

All suspected industrial espionage cases should be treated as civil case investigations.

What must be done if data is found in the form of binary files, such as CAD drawings?

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?

Basic report writing involves answering the six Ws. What are they?

When conducting a digital forensics analysis under _______________ rules for an attorney, you must keep all findings confidential.

Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?

After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.

Signed into law in 1973, the _______ was/ were created to ensure consistency in federal proceedings.