Collecting Evidence! Trivia Facts Quiz

1. In order to protect the cell phone from network signals, we must place the phone in ............

A Faraday bag is a specially designed bag that is made of conductive material, which blocks electromagnetic signals from entering or leaving the bag. When a cell phone is placed inside a Faraday bag, it is shielded from network signals, preventing it from receiving calls, messages, or any other wireless communication. This can be useful in situations where you want to ensure privacy, prevent tracking, or avoid interference with sensitive equipment.

Explanation

A Faraday bag is a specially designed bag that is made of conductive material, which blocks electromagnetic signals from entering or leaving the bag. When a cell phone is placed inside a Faraday bag, it is shielded from network signals, preventing it from receiving calls, messages, or any other wireless communication. This can be useful in situations where you want to ensure privacy, prevent tracking, or avoid interference with sensitive equipment.

Submit

2. What is the first step that the investigator needs to do when he/she enter the crime scene?

Clone the hard drive

Unplug/ remove all Ethernet cable and modem to eliminate remote access

Identify evidence and potential containers of evidence

Labeling the potential evidence

The first step that the investigator needs to do when entering the crime scene is to identify evidence and potential containers of evidence. This is crucial in order to preserve and collect any relevant items that may be used in the investigation. By identifying the evidence and potential containers, the investigator can ensure that nothing is overlooked or tampered with, and can proceed with the necessary steps to properly handle and analyze the evidence.

Explanation

The first step that the investigator needs to do when entering the crime scene is to identify evidence and potential containers of evidence. This is crucial in order to preserve and collect any relevant items that may be used in the investigation. By identifying the evidence and potential containers, the investigator can ensure that nothing is overlooked or tampered with, and can proceed with the necessary steps to properly handle and analyze the evidence.

3. Which of the following DOES NOT belong to Volatile Evidence?

RAM

USB Storage

Network connection

Open files

USB storage does not belong to volatile evidence because volatile evidence refers to data that is stored in temporary memory and is lost when the power is turned off or the device is restarted. USB storage is a form of non-volatile evidence as it retains data even when the power is off. RAM, network connection, and open files are examples of volatile evidence as they are temporary and can be lost when the device is powered off.

Explanation

USB storage does not belong to volatile evidence because volatile evidence refers to data that is stored in temporary memory and is lost when the power is turned off or the device is restarted. USB storage is a form of non-volatile evidence as it retains data even when the power is off. RAM, network connection, and open files are examples of volatile evidence as they are temporary and can be lost when the device is powered off.

4. Dd.exe if= .................. of = .....................Fill in the blank with correct answer

Input image, Destination image

Destination image, input image

Input image, input image

Destination image, destination image

The correct answer is "Input image, Destination image". In the given command, "if=" stands for "input file" and "of=" stands for "output file". Therefore, "dd.exe if= input image of= destination image" indicates that the input image is being copied to the destination image.

Explanation

The correct answer is "Input image, Destination image". In the given command, "if=" stands for "input file" and "of=" stands for "output file". Therefore, "dd.exe if= input image of= destination image" indicates that the input image is being copied to the destination image.

5. Which of the following are TRUTH about taking notes during collecting evidence?I- the notes should focus on what you do and observe at the sceneII- you can draw conclusions based on your observation on the noteIII- one of the method in taking the note is by chronological orderIV- writing the condition of the evidence on the notes

I and III

I,III and IV

I,II, and III

All above

When collecting evidence, it is important to take notes that focus on what you do and observe at the scene (I). This helps in accurately documenting the actions and observations made during the collection process. Additionally, one of the methods in taking notes is by organizing them in chronological order (III), which helps in maintaining a clear timeline of events. Lastly, it is crucial to write down the condition of the evidence on the notes (IV), as this information is vital for later analysis and interpretation. Therefore, the correct answer is I, III, and IV.

Explanation

When collecting evidence, it is important to take notes that focus on what you do and observe at the scene (I). This helps in accurately documenting the actions and observations made during the collection process. Additionally, one of the methods in taking notes is by organizing them in chronological order (III), which helps in maintaining a clear timeline of events. Lastly, it is crucial to write down the condition of the evidence on the notes (IV), as this information is vital for later analysis and interpretation. Therefore, the correct answer is I, III, and IV.

6. Rearrange the order of volatility for those evidence. (Up to less volatile)I- cacheII- memoryIII- archive mediaIV- HDDV- pagefiles

I,II,III,IV, V

I,III,II,IV,V

I,II,V,IV,III

I,II,IV,V,III

The correct answer is I,II,V,IV,III. The order of volatility refers to the order in which different types of evidence should be collected in a digital investigation, based on their volatility or likelihood of being lost or altered. In this case, cache (I) is the most volatile, followed by memory (II), pagefiles (V), HDD (IV), and archive media (III) being the least volatile. This order ensures that the most volatile evidence is collected first to minimize the risk of loss or alteration.

Explanation

The correct answer is I,II,V,IV,III. The order of volatility refers to the order in which different types of evidence should be collected in a digital investigation, based on their volatility or likelihood of being lost or altered. In this case, cache (I) is the most volatile, followed by memory (II), pagefiles (V), HDD (IV), and archive media (III) being the least volatile. This order ensures that the most volatile evidence is collected first to minimize the risk of loss or alteration.

7. If the phone is on, we need to switch it off before preserve it.

True

False

The statement is incorrect. If the phone is already on, there is no need to switch it off before preserving it. Preserving the phone can be done regardless of its current power status.

Explanation

The statement is incorrect. If the phone is already on, there is no need to switch it off before preserving it. Preserving the phone can be done regardless of its current power status.

8. Arrange the following steps for cloning the hard drive?I- Protect the cloning process with write block II- Forensically clean the drive (wipe)III- Clone the drive using tool (hardware/software)

III,II,I

II, I, III

I, II, III

II,III,I

The correct order for cloning the hard drive is to first forensically clean the drive (wipe) to ensure any previous data is removed. Next, protect the cloning process with write block to prevent any accidental changes or modifications to the original drive. Finally, clone the drive using a tool (hardware/software) to create an exact copy of the original drive.

Explanation

The correct order for cloning the hard drive is to first forensically clean the drive (wipe) to ensure any previous data is removed. Next, protect the cloning process with write block to prevent any accidental changes or modifications to the original drive. Finally, clone the drive using a tool (hardware/software) to create an exact copy of the original drive.

9. Which of the following is TRUE about describing the evidence:I- must describe by typeII-Note if the device is connected to other devicesIII- must describe by serial numberIV- Note whether the device is one or off

I and III

II and IV

I, III and IV

All above

The correct answer is I and III. This means that when describing the evidence, it is true that it must be described by type (I) and by serial number (III).

Explanation

The correct answer is I and III. This means that when describing the evidence, it is true that it must be described by type (I) and by serial number (III).

10. Reasons for difficulty in identifying evidence at the crime scene?

Small scale devices

Non traditional storage media

The data within the storage media are volatile

Multiple possible crime scenes

The difficulty in identifying evidence at a crime scene can be attributed to several factors. Firstly, the use of small scale devices makes it challenging to locate and collect evidence as they can easily be concealed or misplaced. Additionally, the presence of non-traditional storage media, such as cloud storage or encrypted files, adds complexity to the investigation process as accessing and analyzing these sources may require specialized knowledge and tools. Moreover, the data within storage media are often volatile, meaning they can be easily altered or deleted, making it harder to obtain reliable evidence. Lastly, when multiple possible crime scenes are involved, it becomes more difficult to determine which locations hold crucial evidence, requiring thorough examination and coordination among investigators.

Explanation

The difficulty in identifying evidence at a crime scene can be attributed to several factors. Firstly, the use of small scale devices makes it challenging to locate and collect evidence as they can easily be concealed or misplaced. Additionally, the presence of non-traditional storage media, such as cloud storage or encrypted files, adds complexity to the investigation process as accessing and analyzing these sources may require specialized knowledge and tools. Moreover, the data within storage media are often volatile, meaning they can be easily altered or deleted, making it harder to obtain reliable evidence. Lastly, when multiple possible crime scenes are involved, it becomes more difficult to determine which locations hold crucial evidence, requiring thorough examination and coordination among investigators.

Submit