Unit - V Digital Forensics and Ethical Hacking

1. Digital forensics is primarily concerned with:

a) Designing new software
b) Identifying, preserving, analyzing, and presenting digital evidence
c) Internet browsing
d) Hardware repair
2. Which of the following is NOT a type of digital forensics?
a) Computer forensics
b) Network forensics
c) Mobile forensics
d) Culinary forensics
3. The primary goal of digital forensics is to:
a) Hack into systems
b) Delete digital evidence
c) Recover and investigate digital evidence for legal purposes
d) Encrypt files
4. Digital evidence can be found in:
a) Hard drives
b) Emails
c) Mobile devices
d) All of the above
5. Digital forensics is important for:
a) Improving game graphics
b) Reducing hardware cost
c) Cybercrime investigation and litigation
d) Social media trends
6. Which of the following is considered volatile digital evidence?
a) Hard drive files
b) Cloud storage
c) RAM contents
d) USB flash drive
7. Non-volatile evidence refers to:
a) Data stored in RAM
b) Data stored on hard drives or permanent storage
c) Data lost after shutdown
d) Temporary cache only
8. Digital forensics often works closely with:
a) Chefs
b) Teachers
 c) Law enforcement agencies
d) Bank tellers
9. Which of the following is a key challenge in digital forensics?
a) Fast internet
b) Data encryption and anti-forensic techniques
c) Screen resolution
d) Social media likes
10. Mobile device forensics includes:
a) Recovering deleted call logs
b) Extracting text messages
c) Analyzing app data
d) All of the above
11. Network forensics focuses on:
a) Hardware repair
b) Gaming networks
c) Capturing and analyzing network traffic
d) Programming websites
12. Which of the following tools is commonly used in digital forensics?
a) Photoshop
b) Microsoft Word
c) EnCase, FTK, or Autopsy
d) Excel
13. Chain of custody in digital forensics ensures:
a) Proper software installation
b) Integrity and authenticity of evidence
c) Faster internet speed
d) Data backup
14. Which law is often related to digital forensics in many countries?
a) Road traffic law
b) Food safety law
c) Cybercrime law
d) Patent law
15. Email forensics is used to:
a) Design emails
b) Investigate phishing or fraudulent emails
c) Increase inbox speed
d) Delete spam automatically
16. Digital forensics requires understanding of:
a) Cooking
b) Fashion
 c) Operating systems, file systems, and networks
d) Sports rules
17. Deleted files can often be recovered because:
a) They are permanently removed
b) Only file references are removed, not actual data
c) They never existed
d) RAM stores them permanently
18. Cloud forensics deals with:
a) Physical servers only
b) Data stored in cloud services
c) Only emails
d) Only social media profiles
19. Digital forensics can assist in:
a) Detecting cyberbullying
b) Investigating financial fraud
c) Tracking malware
d) All of the above
20. The first step in digital forensics investigation is usually:
a) Data analysis
b) Evidence identification and preservation
c) Reporting
d) Deleting temporary files

21. The main rule of digital forensics is:

a) Modify evidence freely
b) Delete unnecessary files
c) Do not alter digital evidence
d) Encrypt all files
22. Evidence handling requires:
a) Open access by anyone
b) Maintaining chain of custody
c) Ignoring timestamps
d) Using social media
23. The first step in a digital forensics investigation process is:
a) Reporting
b) Analysis
c) Identification of potential evidence
d) Presentation in court
24. Which step involves making exact copies of the evidence for analysis?
a) Identification
 b) Preservation (Imaging)
c) Analysis
d) Presentation
25. Imaging a hard drive ensures:
a) Deleting all data
b) Working on an exact duplicate without altering original evidence
c) Encrypting data
d) Formatting the drive
26. The analysis phase in digital forensics involves:
a) Only backing up data
b) Examining evidence to extract relevant information
c) Destroying temporary files
d) Installing new software
27. Documentation in digital forensics includes:
a) Only screenshots
b) Only file names
c) All steps, tools used, and findings
d) Only timestamps
28. Which of the following is a common evidence type?
a) Logs
b) Emails
c) Browser history
d) All of the above
29. Forensic investigators must wear:
a) Casual clothing
b) Uniform only
c) Gloves to avoid contaminating evidence
d) No protective equipment
30. Time-stamping and logging access ensures:
a) Faster processing
b) Evidence integrity
c) Improved file recovery
d) Encryption
31. The chain of custody records:
a) The number of files
b) File types
c) Who handled the evidence, when, and why
d) Computer model
32. Evidence should be stored in:
a) Open desks
b) Internet cloud without security
 c) Secure, tamper-evident storage
d) Any available folder
33. Which of the following is NOT part of digital forensics investigation process?
a) Identification
b) Preservation
c) Analysis
d) File deletion
34. Logs from servers, firewalls, and applications are analyzed to:
a) Increase bandwidth
b) Detect unauthorized access or incidents
c) Improve graphics
d) Change passwords
35. Hash values are used in digital forensics to:
a) Encrypt evidence
b) Verify integrity of evidence
c) Compress files
d) Delete evidence
36. Write blockers are used to:
a) Speed up copying
b) Prevent modification of storage media during analysis
c) Encrypt files
d) Increase memory
37. Which of the following is a best practice in handling digital evidence?
a) Turning off devices abruptly
b) Ignoring logs
c) Documenting every step and using forensic tools
d) Formatting drives
38. Forensic imaging software examples include:
a) MS Word
b) Excel
c) FTK Imager, EnCase, and dd command
d) Photoshop
39. Metadata in digital evidence helps to determine:
a) File color
b) Hard drive size
c) Creation, modification, and access times
d) Screen resolution
40. Which of the following can corrupt evidence if not handled correctly?
a) Paper documents
b) Improper handling of digital devices
 c) Handwriting analysis
d) Verbal statements
41. Digital forensics report is used for:
a) Game testing
b) Software design
c) Presenting findings in legal proceedings
d) Cleaning data
42. Which rule must be followed while copying digital evidence?
a) Copy multiple times with changes
b) Make exact bit-for-bit copies
c) Compress files aggressively
d) Delete old data
43. Live forensics refers to:
a) Analyzing cold storage
b) Examining a running system without shutting it down
c) Only mobile devices
d) Only network traffic
44. Which of the following is part of mobile forensics?
a) Recovering call logs
b) Extracting app data
c) Analyzing messages
d) All of the above
45. Cloud forensics deals with:
a) Only local hard drives
b) Investigating data stored in cloud platforms
c) Deleting cloud data
d) Only emails
46. Ethical hacking and digital forensics are related because:
a) Both delete data
b) Hacking identifies vulnerabilities; forensics investigates breaches
c) Both work on graphics
d) Both create malware
47. Preservation of evidence includes:
a) Modifying files
b) Deleting temporary files
c) Making forensic copies and securing original media
d) Changing timestamps
48. Anti-forensics techniques are designed to:
a) Help investigators
b) Hide or destroy digital evidence
 c) Improve security
d) Speed up computers
49. The final step in digital forensics process is:
a) Identification
b) Preservation
c) Analysis
d) Presentation of findings
50. A successful digital forensics investigation ensures:
a) Faster internet
b) Cheaper hardware
c) Accurate, legally admissible evidence
d) Deleted malware
51. DFRWS stands for:
a) Digital Forensics Research and Web Security
b) Digital Forensic Research Workshop
c) Digital File Recovery and Security
d) Data Forensics Research System
52. The DFRWS Investigative Model primarily focuses on:
a) Hardware repair
b) Systematic phases for conducting digital forensic investigations
c) Ethical hacking
d) Network optimization
53. Which of the following is a phase in the DFRWS model?
a) Identification
b) Collection
c) Examination
d) All of the above
54. Abstract Digital Forensics Model (ADFM) is designed to:
a) Only recover deleted files
b) Track network traffic
c) Provide a generalized framework applicable to multiple investigations
d) Encrypt evidence
55. ADFM mainly helps in:
a) Image editing
b) Gaming applications
c) Structuring investigation steps and processes
d) Social media management
56. Integrated Digital Investigation Process (IDIP) emphasizes:
a) Hardware upgrades
b) User experience
 c) Integration of multiple investigative steps from identification to reporting
d) Encryption
57. End to End Digital Investigation Process (EEDIP) focuses on:
a) Only identification
b) Only reporting
c) Comprehensive approach from start to finish
d) Only analysis
58. The extended model for cybercrime investigation includes:
a) Only mobile device analysis
b) Only network monitoring
c) Steps for investigating online cybercrime incidents
d) Only forensic imaging
59. UMDFPM stands for:
a) Unified Model for Digital Forensic Process Management
b) Universal Model for Data Forensics Procedures
c) UML Modeling of Digital Forensic Process Model
d) Ultimate Management Digital Forensics Protocol
60. UML in UMDFPM is used to:
a) Encrypt data
b) Recover deleted files
c) Model digital forensic processes visually
d) Speed up network connections
61. Which of these models provides a visual representation of investigation steps?
a) DFRWS
b) ADFM
c) IDIP
d) UMDFPM
62. DFRWS model is widely used because it is:
a) Complicated
b) Clear and standardized
c) Only for mobile devices
d) Only for malware analysis
63. The main advantage of IDIP is:
a) Reduces CPU usage
b) Deletes evidence
c) Integrates multiple steps into a cohesive process
d) Works offline only
64. EEDIP ensures:
a) Data deletion
b) Only network analysis
 c) Complete coverage of digital investigation
d) Faster downloads
65. Which model is most suitable for cybercrime investigation?
a) DFRWS
b) ADFM
c) IDIP
d) Extended model for cybercrime investigation
66. ADFM is abstract because:
a) It focuses only on mobile forensics
b) It provides specific step-by-step instructions
c) It defines general concepts applicable to any forensic scenario
d) It encrypts data
67. Which model uses UML diagrams to represent investigation steps?
a) DFRWS
b) ADFM
c) IDIP
d) UMDFPM
68. Phases of DFRWS model include:
a) Collection and Analysis
b) Reporting
c) Identification and Preservation
d) All of the above
69. The extended model for cybercrime focuses on:
a) Physical device analysis
b) Online fraud, hacking, and cybercrime evidence collection
c) Game forensics
d) Network speed
70. IDIP emphasizes which aspect of investigation?
a) Encryption
b) Malware creation
c) Sequential integration of investigative phases
d) Gaming optimization
71. In UMDFPM, the use of UML helps:
a) Encrypt evidence
b) Improve hardware
c) Standardize and visualize investigation process
d) Delete data
72. EEDIP is preferred in organizations because:
a) It reduces internet speed
b) Only mobile devices are analyzed
 c) It provides an end-to-end systematic investigation approach
d) It deletes evidence
73. ADFM can be adapted to:
a) Only network forensics
b) Only mobile forensics
c) Any type of digital forensic investigation
d) Only cloud investigations
74. The DFRWS model was proposed by:
a) Microsoft
b) IBM
c) Digital Forensic Research Workshop
d) FBI
75. IDIP combines:
a) Encryption techniques only
b) Malware detection only
c) Multiple investigation phases into one process
d) Cloud storage management
76. UMDFPM is useful for:
a) Legal documentation
b) Process modeling and analysis
c) Hacking
d) Cloud storage only
77. Cybercrime extended models handle:
a) Only desktop forensics
b) Internet fraud, phishing, and online attacks
c) Only mobile devices
d) Encryption only
78. One limitation of DFRWS model is:
a) Too visual
b) Only for cloud
c) It may require adaptation for specific cases
d) It is end-to-end
79. Which model emphasizes step-by-step workflow from evidence acquisition to
reporting?
a) ADFM
b) UMDFPM
c) EEDIP
d) Cybercrime model
80. UMDFPM diagrams can include:
a) Use case diagrams
b) Activity diagrams
 c) Sequence diagrams
d) All of the above
81. The primary benefit of using multiple models is:
a) Faster internet
b) Free software
c) Flexibility in applying the best approach to a scenario
d) Deleting malware
82. DFRWS model mainly focuses on:
a) Ethical hacking
b) Encryption
c) Structured investigation framework
d) Data compression
83. Extended model for cybercrime can be applied to:
a) Physical theft
b) Gaming only
c) Online fraud and cyber attacks
d) Only local systems
84. EEDIP ensures evidence is:
a) Deleted
b) Encrypted
c) Collected, preserved, analyzed, and presented systematically
d) Ignored
85. UMDFPM helps forensic investigators to:
a) Hack systems
b) Delete evidence
c) Visualize processes and maintain standard procedures
d) Encrypt cloud data
86. Ethical hacking is defined as:
a) Unauthorized access to systems
b) Authorized attempt to identify vulnerabilities and secure systems
c) Hacking for financial gain
d) Deleting malware
87. Hackers who test systems with permission are called:
a) Black hat hackers
b) White hat hackers
c) Grey hat hackers
d) Script kiddies
88. Hackers who exploit systems illegally for personal gain are:
a) White hat hackers
b) Black hat hackers
 c) Grey hat hackers
d) Ethical hackers
89. Hackers who operate between legal and illegal activities are:
a) White hat hackers
b) Grey hat hackers
c) Script kiddies
d) Black hat hackers
90. Script kiddies are:
a) Experienced ethical hackers
b) White hat hackers
c) Inexperienced hackers using pre-made tools
d) Government cybersecurity agents
91. The main purpose of ethical hacking is to:
a) Delete evidence
b) Spread malware
c) Identify security weaknesses to improve system security
d) Increase internet speed
92. Penetration testing is:
a) Illegal hacking
b) Authorized simulated attack to test system defenses
c) Cloud storage backup
d) Data deletion
93. Grey hat hackers often:
a) Only protect systems
b) Exploit vulnerabilities without permission but may not harm
c) Only work in government
d) Only work in schools
94. Black hat hackers may engage in:
a) Security testing
b) Malware creation and unauthorized access
c) Ethical vulnerability reporting
d) None of the above
95. Types of hackers are classified based on:
a) Age
b) Location
c) Intent and authorization
d) Operating system
96. Red hat hackers are:
a) Hackers who work for fun
b) Script kiddies
 c) Hackers who target malicious hackers aggressively
d) Government agents only
97. Blue hat hackers are:
a) Cybercriminals
b) Security professionals hired to test systems before launch
c) Grey hat hackers
d) Script kiddies
98. White hat hackers help organizations by:
a) Stealing data
b) Conducting vulnerability assessments
c) Spreading malware
d) Ignoring security
99. Black hat hackers are also known as:
a) Ethical hackers
b) Pen testers
c) Crackers
d) Security analysts
100. Ethical hacking contributes to:
a) Cybercrime
b) Data theft
c) Improved cybersecurity and risk mitigation
d) Malware distribution
101. AI-powered phishing scams primarily use:
a) Manual email sending
b) Artificial intelligence to craft convincing fake messages
c) Physical mail
d) Voice calls
102. Ransomware 2.0 differs from traditional ransomware in that it:
a) Only encrypts files
b) Combines encryption with data exfiltration and extortion
c) Only deletes files
d) Only targets mobile phones
103. IoT exploits target:
a) Desktop computers only
b) Internet-connected devices like cameras, sensors, and smart appliances
c) Only cloud servers
d) Social media accounts
104. Deep fake technology is used to:
a) Encrypt data
b) Create realistic fake audio or video content to deceive targets
 c) Protect networks
d) Analyze malware
105. OS downgrade attack involves:
a) Upgrading the OS to the latest version
b) Forcing a system to run an older, vulnerable version of the operating system
c) Encrypting the OS
d) Malware deletion
106. Firmware level exploits target:
a) Only cloud storage
b) The low-level software controlling hardware devices
c) User interface of applications
d) Anti-virus software
107. Advanced WAF bypass technique is used to:
a) Encrypt data
b) Circumvent Web Application Firewalls to exploit web apps
c) Update firewalls
d) Improve network speed
108. Zero-day exploits refer to vulnerabilities:
a) That have been patched
b) That are unknown to developers and have no available fix
c) Only in antivirus software
d) That exist for more than a year
109. Phishing scams aim to:
a) Speed up internet
b) Protect data
c) Trick users into revealing sensitive information
d) Update software
110. Ransomware 2.0 targets:
a) Only IoT devices
b) Only operating systems
c) Both enterprise data and cloud backups
d) None of the above
111. IoT exploits are dangerous because:
a) IoT devices are rarely online
b) They cannot connect to the internet
c) Many devices have weak security and collect sensitive data
d) Only hackers can see IoT devices
112. Deep fake technology can be misused for:
a) Data encryption
b) Fake news, impersonation, and defamation
 c) Malware scanning
d) Updating firmware
113. OS downgrade attacks exploit:
a) Security patches in the latest OS
b) Application updates
c) Vulnerabilities in older OS versions
d) Cloud servers
114. Firmware level exploits can allow hackers to:
a) Only view files
b) Only network analysis
c) Gain persistent control over hardware devices
d) Install antivirus
115. Web Application Firewall bypass techniques are important because:
a) They speed up websites
b) Hackers can reach the backend server without detection
c) They prevent phishing
d) They protect IoT devices
116. Zero-day exploits are particularly dangerous because:
a) They are always easy to detect
b) They only affect old devices
c) No patch exists at the time of attack
d) They are visible in antivirus logs
117. AI phishing scams improve effectiveness by:
a) Random spam
b) Crafting highly personalized and convincing messages
c) Slowing down email delivery
d) Encrypting user data
118. Ransomware 2.0 often demands payment in:
a) Credit cards
b) Cryptocurrency for anonymity
c) Cash
d) Bank cheques
119. IoT exploits can compromise:
a) Only video games
b) Only desktop PCs
c) Smart home, healthcare, and industrial systems
d) Only browsers
120. Deep fake videos are often combined with:
a) OS updates
b) Social engineering attacks
 c) Anti-virus scans
d) Firmware patches
121. OS downgrade attacks are a type of:
a) Network attack
b) Operating system hacking technique
c) Application hacking
d) Ethical hacking
122. Firmware exploits can be delivered via:
a) Network updates
b) USB devices
c) Malicious software
d) All of the above
123. Web Application Firewall bypass is mostly used to:
a) Encrypt data
b) Inject malicious scripts or SQL commands
c) Upgrade servers
d) Improve UI design
124. Zero-day vulnerabilities exist because:
a) Developers have released patches
b) They are unknown to the software vendor
c) They are easy to detect
d) Users report them
125. Ethical hackers test against:
a) Only IoT devices
b) Only OS attacks
c) Multiple attack vectors including phishing, ransomware, and web apps
d) Only firewalls
126. AI-powered phishing can target:
a) Only servers
b) Individuals with emails, social media, or messages
c) Only IoT devices
d) Only cloud storage
127. Ransomware 2.0 may combine:
a) Only encryption
b) Only phishing
c) Encryption, data theft, and extortion
d) Only DDoS attacks
128. IoT exploits often result in:
a) Faster processing
b) Network speed improvement
 c) Unauthorized data access or device control
d) Reduced security
129. Deep fake attacks are part of:
a) Network hacking
b) OS hacking
c) Social engineering attacks
d) Physical hacking
130. Firmware-level exploits are critical because:
a) Users can detect them easily
b) They are always harmless
c) They operate below OS level and are difficult to remove
d) Only affect software
131. National Cyber Security Policy (NCSP), 2013 aims to:
a) Increase malware
b) Promote cybercrime
c) Protect cyberspace and strengthen IT security in India
d) Ban the internet
132. IT Act 2000 was enacted to:
a) Promote cybercrime
b) Provide legal recognition for electronic transactions and digital signatures
c) Ban online banking
d) Encourage hacking
133. IT Act 2008 amendment mainly addressed:
a) Internet speed
b) Phishing only
c) Cyber security issues and data protection
d) OS upgrades
134. IT Act 2023 (DPDP) focuses on:
a) Malware creation
b) OS hacking
c) Data protection, privacy, and digital governance
d) Phishing scams only
135. CCPWC Scheme (2018) is designed to:
a) Promote social media
b) Prevent cybercrime against women and children
c) Increase ransomware attacks
d) Train hackers
136. NCSP 2013 also aims to:
a) Increase cybercrime
b) Develop secure IT infrastructure and human resources
 c) Ban IoT devices
d) Promote phishing
137. The primary goal of IT Act 2000 is:
a) Malware creation
b) AI phishing
c) Legal framework for e-commerce, cybercrime prevention, and digital signatures
d) Network hacking
138. IT Act 2008 amendment was necessary because:
a) Old laws were perfect
b) To ban smartphones
c) Rapid technological changes required updated legal provisions
d) Only for hacking
139. IT Act 2023 (DPDP) provides guidelines on:
a) Only ransomware
b) Data privacy, processing, and governance
c) Web apps only
d) IoT devices
140. CCPWC 2018 scheme includes:
a) Hacking techniques
b) Network penetration
c) Reporting, awareness, and cybercrime prevention for vulnerable groups
d) OS upgrades
141. National Cyber Security Policy 2013 encourages:
a) Malware creation
b) Research, capacity building, and security standards
c) Phishing
d) OS downgrade attacks
142. IT Act 2000 defines:
a) Only phishing
b) Only ransomware
c) Legal validity of digital contracts and electronic evidence
d) Only IoT security
143. The IT Act 2008 amendment focuses on:
a) Social media apps
b) Strengthening penalties for cybercrime and securing data
c) Ethical hacking training
d) Web Application Firewall bypass
144. DPDP in IT Act 2023 is primarily concerned with:
a) Malware
b) OS hacking
 c) Personal data protection and privacy rights
d) Only IoT exploits
145. CCPWC scheme is part of:
a) IT Act 2000
b) IT Act 2008
c) Government initiative to protect vulnerable citizens online
d) NCSP only
146. National Cyber Security Policy (NCSP) promotes:
a) Malware proliferation
b) IoT exploits
c) Secure digital ecosystem and awareness programs
d) Phishing scams
147. IT Act 2000 includes provisions for:
a) Hacking tutorials
b) Deep fake creation
c) Cybercrime investigation and digital evidence admissibility
d) Ransomware 2.0
148. IT Act 2008 amendment was necessary to:
a) Decrease cybersecurity
b) Update legal framework due to new cyber threats
c) Ban AI
d) Reduce online transactions
149. DPDP 2023 protects:
a) Only government data
b) Personal and sensitive information of citizens
c) Only financial data
d) Malware
150. CCPWC 2018 scheme focuses on:
a) OS hacking
b) Web Application Firewall bypass
c) Awareness, reporting, and prevention of cybercrime against women and children
d) Network speed