Analysis of Digital Evidence
Analysis of Digital Evidence Quiz Crafted By-
Geetam Shukla
Scientific Officer
Sherlock Institute of Forensic Science India Pvt. Ltd, New Delhi
Introduction to Analysis of Digital Evidence
Forensic digital analysis is the in-depth analysis and examination of electronically stored information (ESI), with the purpose of identifying information that may support or contest matters in a civil or criminal investigation and/or court proceeding. When the forensic analysis is the ultimate goal, it is imperative that the electronically stored evidence is treated with great care. The evidence must be preserved and nothing should be done that may alter the ESI during the analysis process. This is why the best legal result will be obtained by analyzing a forensic image or copy of the device as opposed to the original device or source. A source of digital evidence may be cloud-based as well.
Let's look at the questions and their answer.
Ques 1. A logon record tells us that, at a specific time:
a) An unknown person logged into the system using the account
b) The owner of a specific account logged into the system
c) The account was used to log into the system
d) None of the above
Answer-c) The account was used to log into the system
Ques 2. In terms of digital evidence, the Internet is an example of:
a) Open computer systems
b) Communication systems
c) Embedded computer systems
d) d. None of the above
Answer- b) Communication systems
Ques 3. The process of documenting the seizure of digital evidence and, in particular, when that evidence changes hands, is known as:
a) Chain of custody
b) Field notes
c) Interim report
d) None of the above
Answer- a) Chain of custody
Ques 4. When assessing the reliability of digital evidence, the investigator is concerned with whether the computer that generated the evidence was functioning normally, and:
a) Whether chain of custody was maintained
b) Whether there are indications that the actual digital evidence was tampered with
c) Whether the evidence was properly secured in transit
d) Whether the evidence media was compatible with forensic machines
Answer- b) Whether there are indications that the actual digital evidence was tampered with
Ques 5. Having a member of the search team trained to handle digital evidence:
a) Can reduce the number of people who handle the evidence
b) Can serve to streamline the presentation of the case
c) Can reduce the opportunity for opposing counsel to impugn the integrity of the evidence
d) All of the above
Answer- d) All of the above
Ques 6. Direct evidence establishes a:
a) Fact
b) Assumption
c) Error
d) Line of inquiry
Answer- a) Fact
Ques 7. According to the text, the most common mistake that prevents evidence seized from being admitted is:
a) Uninformed consent
b) Forcible entry
c) Obtained without authorization
d) None of the above
Answer- c) Obtained without authorization
Ques 8. A digital investigator pursuing a line of investigation in a case because that line of investigation proved successful in two previous cases is an example of:
a) Logical reasoning
b) Common sense
c) Preconceived theory
d) Investigator’s intuition
Answer- c) Preconceived theory
Ques 9. What are the three general categories of computer systems that can contain digital evidence?
a) Desktop, laptop, server
b) Personal computer, Internet, mobile telephone
c) Hardware, software, networks
d) Open computer systems, communication systems, embedded systems
Answer- d) Open computer systems, communication systems, embedded systems
Ques 10. A valid definition of digital evidence is:
a) Data stored or transmitted using a computer
b) Information of probative value
c) Digital data of probative value
d) Any digital evidence on a computer
Answer- c) Digital data of probative value