Que 1: Which forensic method is most commonly used to determine if an audio recording has been altered by cutting or splicing sections of sound?
A. Audio fingerprinting
B. Signal consistency analysis across various frequencies
C. Audio compression analysis
D. Digital signature verification
Que 2: A forensic investigator analysis a seized mobile device using Moblikin and UFED. They find encrypted messaging app data and multiple failed access attempts. Some areas remain locked despite forensic extraction. What does this suggest?
A. The attacker is bypassing encryption with a dictionary attack
B. The device has a rootkit blocking forensic access
C. The attacker is using a key logger to capture password
D. The investigator should use chip-off forensics to retrieve lacked data
Que. 3: A forensic examiner recover deleted files from a partially overwritten hard drive, but many are corrupted. Why are the recovered files corrupted?
A. The files were encrypted before deletion
B. The storage device had physical damage
C. The files were not properly fragmented during the overwrite process
D. The file system structure was damaged beyond recovery
Que 4: In Cloud Forensics, which of the following would NOT typically be considered as a direct form of evidence?
A. Cloud storage logs
B. Metadata associated with files
C. Timestamps from the cloud provider
D. Application source code stored on the cloud
Que 5: Investigators find failed login attempts over port 3389 during a cyberattack investigation. What does this suggest about the attack?
A. The attacker is trying to exploit a vulnerability in the Remote Desktop Protocol
B. The attacker is trying to exploit the server's email services
C. The attacker is trying to initiate a DDoS attack
D. The attacker is attempting to brute force the login credentials to gain remote access
Que 6: A cybercrime investigation involves accessing encrypted files on a suspect's cloud account. The investigator finds the files were uploaded from a specific IP address. Which approach should the investigator take next to obtain useful evidence?
A. Analyze the metadata for any clues on the modifications
B. Contact the cloud provider to force them to decrypt the files
C. Investigate the IP address for further clues and possible physical evidence
D. Use a brute force attack on the suspects encryption password
Que 7: When extracting mobile data using UFED, which type of data is typically the hardest to recover?
A. Deleted text messages
B. Call history
C. Encrypted app data
D. GPS location history
Que 8: An investigator need to recover data from an external hard drive with a non-standard file system. What should investigator do next?
A. Use a different forensic software that supports a wider range of file system
B. Power off the drive immediately and attempt to recover the data using a different device
C. Securely erase the drive to prevent further access
D. Contact the manufacturer for a proprietary recovery tool
Que 9: An investigator examines a suspicious email with a spoofed header and a link to a fake bank site. The email's IP address traces to a remote location. What should be the instigator's next logical action?
A. Analyze the website's server logs to identify the perpetrator
B. Verify the legitimacy of the bank website using malware analysis tools
C. Ignore the spooled header and focus only on the email's content
D. Investigate the origin of the IP address to see if it matches known malicious source
Que 10: An investigator suspects steganography in image files and potential cloud data exfiltration. What should the investigator prioritize to uncover hidden data?
A. Analyze the metadata of the image files for hidden data patterns
B. Investigate network logs for any unusual traffic associated with cloud file access
C. Use advanced malware analysis to identify any payloads embedded in the images
D. Examine cloud provider logs to track file storage and retrieval activities