- (Exam Topic 4)
"No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court" - this principle Is advocated by which of the following?

1. A. The Association of Chief Police Officers (ACPO) Principles of Digital Evidence
2. B. Locard's exchange principle
3. C. Scientific Working Group on Imaging Technology (SWGIT)
4. D. FBI Cyber Division

Correct Answer: A

- (Exam Topic 3)
In Linux OS, different log files hold different information, which help the investigators to analyze various
issues during a security incident. What information can the investigators obtain from the log file var/log/dmesg?

1. A. Kernel ring buffer information
2. B. All mail server message logs
3. C. Global system messages
4. D. Debugging log messages

Correct Answer: A

- (Exam Topic 3)
Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?

1. A. Contents of the network routing table
2. B. Status of the network carrier
3. C. Contents of the NetBIOS name cache
4. D. Network connections

Correct Answer: C

- (Exam Topic 1)
The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers written under oath, written requests for admissions of fact and examination of the scene is a description of what legal term?

1. A. Detection
2. B. Hearsay
3. C. Spoliation
4. D. Discovery

Correct Answer: D

- (Exam Topic 3)
What is the capacity of Recycle bin in a system running on Windows Vista?

1. A. 2.99GB
2. B. 3.99GB
3. C. Unlimited
4. D. 10% of the partition space

Correct Answer: C