Question No.171

Which one of the following statements is not correct while preparing for testimony?

  1. Go through the documentation thoroughly

  2. Do not determine the basic facts of the case before beginning and examining the evidence

  3. Establish early communication with the attorney

  4. Substantiate the findings with documentation and by collaborating with other computer forensics professionals

Correct Answer: B

Question No.172

Event correlation is a procedure that is assigned with a new meaning for a set of events that occur in a predefined interval of time. Which type of correlation will you use if your organization wants to use different OS and network hardware platforms throughout the network?

  1. Same-platform correlation

  2. Cross-platform correlation

  3. Multiple-platform correlation

  4. Network-platform correlation

Correct Answer: B

Question No.173

What is the quot;Best Evidence Rulequot;?

  1. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy.

  2. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history.

  3. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs.

  4. It contains information such as open network connection, user logout, programs that reside in memory, and cache data.

Correct Answer: A

Question No.174

What is cold boot (hard boot)?

  1. It is the process of starting a computer from a powered-down or off state

  2. It is the process of restarting a computer that is already turned on through the operating system

  3. It is the process of shutting down a computer from a powered-on or on state

  4. It is the process of restarting a computer that is already in sleep mode

Correct Answer: A

Question No.175

An expert witness is a witness, who by virtue of education, profession, or experience, is believed to have special knowledge of his/her subject beyond that of the average person, sufficient that others legally depend upon his/her opinion.

  1. True

  2. False

Correct Answer: A

Question No.176

An attack vector is a path or means by which an attacker can gain access to computer or network resources in order to deliver an attack payload or cause a malicious outcome.

  1. True

  2. False

Correct Answer: A

Question No.177

A steganographic file system is a method to store the files in a way that encrypts and hides the data without the knowledge of others

  1. True

  2. False

Correct Answer: A

Question No.178

Router log files provide detailed Information about the network traffic on the Internet. It gives information about the attacks to and from the networks. The router stores log files in the


  1. Router cache

  2. Application logs

  3. IDS logs

  4. Audit logs

Correct Answer: A

Question No.179

Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?

  1. Daubert Standard

  2. Schneiderman Standard

  3. Frye Standard

  4. FERPA standard

Correct Answer: C

Question No.180

Which of the following is the certifying body of forensics labs that investigate criminal cases by analyzing evidence?

  1. The American Society of Crime Laboratory Directors (ASCLD)

  2. International Society of Forensics Laboratory (ISFL)

  3. The American Forensics Laboratory Society (AFLS)

  4. The American Forensics Laboratory for Computer Forensics (AFLCF)

Correct Answer: A


