Question 1: __________ evidence is the evidence of those who relate, not what they know themselves, but what they have heard from others.
A. Exculpatory
B. Inculpatory
C. Tainted
D. Hearsay
Solution: Hearsay
Question 2: Kingston is the security administrator of XYZ Corporation. One day he finds the company's database server has been compromised, and the customer information has been stolen along with financial data. The financial loss will be in millions of dollars if the competitors take the database into their hands. Kingston wants to report directly to law enforcement authorities. Which act caters offenses relating to the misuse of computers in Malaysia?
Select one:
A. Cyber Crime Act 2010
B. Digital Evidence Act 1997
C. Copyright Act 1987
D. Computer Crimes Act 1997
Solution: Computer Crimes Act 1997
Question 3: You are assigned to work in a state police agency's Computer Forensics laboratory. While working on a high-profile criminal case, you have followed every applicable procedure, but your superior is still worried that the defense attorney might question whether evidence has been modified while at the laboratory. What would you do to ensure the proof is the same as when it first went into the laboratory?
A. Sign a letter confirming that the evidence is the same as it was when it entered the laboratory.
B. Generate the hash value of the evidence and compare it to the standard database developed by the police agency.
C. Create a new image of the evidence, encrypt the evidence to avoid any changes and send the encrypted evidence to the defense attorney.
D. Generate the hash value of the evidence and compare it with the original hash value that was taken when the evidence first entered the laboratory.
Solution: Generate the hash value of the evidence and compare it with the original hash value that was taken when the evidence first entered the laboratory.
Question 4: Evidence that indicates the suspect is innocent of the crime.
The above statement refers to __________ evidence.
A. tainted
B. hearsay
C. inculpatory
D. exculpatory
Solution: exculpatory
Question 5: When capturing a system image from a computer system, what type of device should you use when connecting to the evidence drive?
A. Extract blocker
B. Write blocker
C. Read blocker
D. Chain blocker
Solution: Write blocker
Question 6:Chain of custody in digital forensics investigation is referred to as a _____________________________.
A. Document to track the movement of evidences.
B. Suspect and witness that involve in crime investigation.
C. Formal letter to attend court trial.
D. Payment slip for forensic investigator.
Solution: Document to track the movement of evidences.
Question 7: You suspect that the workstation of a user is infected with malware and are about to begin an investigation. If you want to minimize the risk of infecting other devices on your network with this workstation, but you also want to retain as much evidence as possible, which of the following should you do?
A. Remove all USB drives and peripherals from the workstation.
B. Isolate from network.
C. Shut down the workstation.
D. Pull the power cord from the workstation.
Solution: Isolate from network.
Question 8: When preserving digital evidence, the evidence must be___________.
A. located close to electric source
B. uniquely label
C. transported immediately
D. power ON all the time
Solution: uniquely label
Question 9: _________ is an exact bit-for-bit copy in a form same as the original exhibit (identical)
A. Chain
B. Extract
C. Clone
D. Image
Solution: Clone
Question 10: Evidence that indicates a suspect is guilty of the crime he or she is charged with.
The above statement refers to __________ evidence.
A. tainted
B. exculpatory
C. hearsay
D. inculpatory
Solution: inculpatory
Question 11:When dealing with the powered-off computers at the crime scene, if the computer is switched off, turn it on.
True
False
Solution: False
Question 12: Under what circumstances can an investigator conduct a search without a search warrant?
A. When the premise owner instructed the investigator.
B. When the case involves other parties such as Internet Service Provider (ISP) companies.
C. When the investigator believe if the search no done on the current time the evidence will be lost or destroy.
D. When the investigator need to record, dates for items that related to investigation.
Solution: When the investigator believe if the search no done on the current time the evidence will be lost or destroy.
Question 13: Computers can be evidence in crimes involving fraud and human trafficking.
True
False
Solution: True
Question 14: Which of the following is NOT an example of a cyber crime?
A. Firing an employee for misconduct.
B. Fraud achieved by the manipulation of the computer records.
C. Intellectual property theft, including software piracy.
D. Deliberate circumvention of the computer security systems.
Solution: Firing an employee for misconduct.
Question 15: A 2017 story from Digital Forensics Magazine describes a hit-and-run car crash caused by the driver of a dark SUV without lights on. The SUV hit a car, ran into a clump of trees and then drove off. Police were able to locate an SUV that fit the description. After downloading data from its on-board diagnostics, infotainment and telematics systems, police were able to determine that the vehicle had passed the scene at the approximate time the crash had occurred, that the lights had not been on and that the SUV had been placed in reverse and forward several times immediately after the time of the crash in the proximity of the damaged trees. Police also found other implicating details of the SUV’s trip that night from routes and destinations in the navigation system. From the case study, explain what kind of information that can be found from the vehicle that helps police to determine the conclusion of the case.
Solution: THE SUV NAVIGATION SYSTEM CAN BE FORENSICALLY INVESTIGATED AND THE DATA WHICH SHOWS THAT SUV PASSES EXACTLY AT THE TIME WHEN THE ACCIDENT HAPPENED AND THE MOVEMENT OF SUV LIKE REVERSE AND FORWARD MANY TIMES AFTER CRASH AND THE ROUTE OF CAR WHICH CAN BE FOUND IS SIMILAR TO DESCRIBED IN THE ACCIDENT.
Question 16: Which of the following are the main activities during the Identification phase?
(i) Gather information about types of crime.
(ii) Identify the resources you may need at the crime scene.
(iii) Gather information about the location related to the crime.
(iv) Analyze the image copy.
A. (i), (ii) and (iii)
B. (i), (iii) and (iv)
C. (ii) and (iv)
D. (ii), (iii) and (iv)
Solution: (i), (ii) and (iii)
Question 17: It is important to sketch the crime scene for the purpose of _____________ details of the scene.
A. refurbishing
B. reenergizing
C. recreating
D. renovating
Solution: recreating
No comments:
Post a Comment