Digital Evidence Analysis
Digital Evidence Analysis Quiz Crafted By-
Vivek Khare
Senior Scientific Officer
Sherlock Institute of Forensic Science India Pvt. Ltd, New Delhi
Introduction to Digital Evidence Analysis
Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.
Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.
Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted.
Let's look at the questions and their answer.
Ques 1. What is Digital Forensic?
a) Process of using scientific knowledge in analysis and presentation of evidence in court
b) The application of computer science and investigative procedures for a legal purpose
involving the analysis of digital evidence after proper search authority, the chain of custody,
validation with mathematics, use of validated tools, repeatability, reporting, and possible
expert presentation
c) Process where we develop and test hypotheses that answer questions about digital events
d) Use of science or technology in the investigation and establishment of the facts or
evidence in a court of law
Answer-b) The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, the chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation
Ques 2. Which of following is not a rule of digital forensics?
a) An examination should be performed on the original data
b) A copy is made onto forensically sterile media. New media should always be used if available.
c) The copy of the evidence must be an exact, bit-by-bit copy
d) The examination must be conducted in such a way as to prevent any modification of the evidence.
Answer-a) An examination should be performed on the original data
Ques 3. CCFP stands for?
a) Cyber Certified Forensics Professional
b) Certified Cyber Forensics Professional
c) Certified Cyber Forensics Program
d) Certified Cyber Forensics Product
Answer-b) Certified Cyber Forensics Professional
Ques 4. At which stage of the digital forensics process would a write-blocker be used?
a) Acquisition
b) Reporting
c) Verification
d) Analysis
Answer-a) Acquisition
Ques 5. In terms of digital evidence, a mobile telephone is an example of:
a) Open computer systems
b) Embedded computer systems
c) Communication systems
d) All of the above
Answer-b) Embedded computer systems
Ques 6. Which of the following is/are considered as cardinal rules of Cyber Forensic Investigation
a) Never Trust the Subject’s Operating System
b) The results should be repeatable and verifiable by a third party
c) Never work on the Original Evidence
d) All of the above
Answer- d) All of the above
Ques 7. DFI stands for
a) Defining Form in
b) Digital Fraud Industry
c) Digital Forensic Investigation
d) D. All of the above
Answer- c) Digital Forensic Investigation
Ques 8 The Digital evidence are used to established a credible link between……….
a) Attacker and victim and the crime scene
b) Attacker and Information
c) Either a or b
d) Neither a or b
Answer-a) Attacker and victim and the crime scene
Ques 9. Write Blocking is a
a) A procedure for sanitizing a defined area of digital media by overwriting each byte with a known value.
b) Techniques designed to prevent any modification to digital media during acquisition or browsing
c) A method by which media content is protected from inadvertent alteration or deletion
d) All of the above
Answer- b) Techniques designed to prevent any modification to digital media during acquisition or browsing.
Ques 10. To establish the integrity of information a cryptographic hash value, such as MD5 or SHA-1 are calculated so that it can be proven to the courts. The SHA stand for –
a) System Hash Algorithm
b) Software Hash Algorithm
c) Secure Hash Algorithm
d) Service Hash Algorithm
Answer- c) Secure Hash Algorithm