Digital Evidence Analysis

Digital Evidence Analysis Quiz Crafted By-

Vivek Khare

Senior Scientific Officer

Sherlock Institute of Forensic Science India Pvt. Ltd, New Delhi

Introduction to Digital Evidence Analysis 

Computer forensics (also known as computer forensic science) is a branch of digital forensic science pertaining to evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

Although it is most often associated with the investigation of a wide variety of computer crime, computer forensics may also be used in civil proceedings. The discipline involves similar techniques and principles to data recovery, but with additional guidelines and practices designed to create a legal audit trail.

Evidence from computer forensics investigations is usually subjected to the same guidelines and practices of other digital evidence. It has been used in a number of high-profile cases and is becoming widely accepted.

Let's look at the questions and their answer. 

Ques 1. What is Digital Forensic?

a) Process of using scientific knowledge in analysis and presentation of evidence in court

b) The application of computer science and investigative procedures for a legal purpose

involving the analysis of digital evidence after proper search authority, the chain of custody,

validation with mathematics, use of validated tools, repeatability, reporting, and possible

expert presentation

c) Process where we develop and test hypotheses that answer questions about digital events 

d) Use of science or technology in the investigation and establishment of the facts or

evidence in a court of law 

Answer-b) The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, the chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation

Ques 2. Which of following is not a rule of digital forensics?

a) An examination should be performed on the original data 

b) A copy is made onto forensically sterile media. New media should always be used if available.

c) The copy of the evidence must be an exact, bit-by-bit copy 

d) The examination must be conducted in such a way as to prevent any modification of the evidence.

Answer-a) An examination should be performed on the original data                                               

Ques 3. CCFP stands for?

a) Cyber Certified Forensics Professional

b) Certified Cyber Forensics Professional

c) Certified Cyber Forensics Program

d) Certified Cyber Forensics Product

Answer-b) Certified Cyber Forensics Professional

Ques 4. At which stage of the digital forensics process would a write-blocker be used?

a) Acquisition

b) Reporting

c) Verification

d) Analysis

Answer-a)  Acquisition

Ques 5. In terms of digital evidence, a mobile telephone is an example of:

a) Open computer systems

b) Embedded computer systems

c) Communication systems

d) All of the above

Answer-b) Embedded computer systems

Ques 6. Which of the following is/are considered as cardinal rules of Cyber Forensic Investigation

a) Never Trust the Subject’s Operating System

b) The results should be repeatable and verifiable by a third party

c) Never work on the Original Evidence

d) All of the above

Answer- d) All of the above

Ques 7. DFI stands for

a) Defining Form in

b) Digital Fraud Industry 

c) Digital Forensic Investigation

d) D. All of the above

Answer- c) Digital Forensic Investigation

Ques 8 The Digital evidence are used to established a credible link between……….

a) Attacker and victim and the crime scene

b) Attacker and Information 

c) Either a or b

d) Neither a or b

Answer-a) Attacker and victim and the crime scene

Ques 9. Write Blocking is a

a) A procedure for sanitizing a defined area of digital media by overwriting each byte with a known value.

b) Techniques designed to prevent any modification to digital media during acquisition or browsing

c) A method by which media content is protected from inadvertent alteration or deletion

d) All of the above

Answer- b) Techniques designed to prevent any modification to digital media during acquisition or browsing.

Ques 10. To establish the integrity of information a cryptographic hash value, such as MD5 or SHA-1 are calculated so that it can be proven to the courts. The SHA stand for –

a) System Hash Algorithm

b) Software Hash Algorithm

c) Secure Hash Algorithm

d) Service Hash Algorithm

Answer- c) Secure Hash Algorithm