MCQ Collection
Digital Forensics MCQs
Digital Forensics MCQs for practice, quizzes, and exam preparation.
Choose an option to check your answer.
Correct Answer: A. Collecting volatile data from a running system before shutdown.
Explanation:
Live acquisition refers to collecting volatile data from a running system before shutdown.
Choose an option to check your answer.
Correct Answer: A. To support electronic proof during an investigation.
Explanation:
The purpose of digital evidence is connected with electronic proof, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling slack space.
Choose an option to check your answer.
Correct Answer: A. Recording network packets for later analysis.
Explanation:
Packet capture refers to recording network packets for later analysis.
Choose an option to check your answer.
Correct Answer: A. To support volatile evidence collection during an investigation.
Explanation:
The purpose of live acquisition is connected with volatile evidence collection, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling digital evidence.
Choose an option to check your answer.
Correct Answer: A. Disk space not assigned to active files but possibly containing deleted data.
Explanation:
Unallocated space refers to disk space not assigned to active files but possibly containing deleted data.
Choose an option to check your answer.
Correct Answer: A. To support network evidence collection during an investigation.
Explanation:
The purpose of packet capture is connected with network evidence collection, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling live acquisition.
Choose an option to check your answer.
Correct Answer: A. Data describing other data, such as timestamps, author, and file properties.
Explanation:
Metadata refers to data describing other data, such as timestamps, author, and file properties.
Choose an option to check your answer.
Correct Answer: A. To support potential evidence area during an investigation.
Explanation:
The purpose of unallocated space is connected with potential evidence area, not with altering or avoiding evidence procedures.
Choose an option to check your answer.
Correct Answer: A. Document the process and preserve evidence integrity.
Explanation:
Forensic work requires documentation and preservation of evidence integrity, especially when handling packet capture.