Scribd
Upload
42 views

Chapter 3 Digital Forensics

This document contains a chapter on digital forensics from an information technology course. It includes [1] questions about digital forensic concepts like network forensics, drive slack, and Windows Registry, [2] considerations for determining the scope of a digital investigation, and [3] questions about embedded system architectures, instruction sets, and assembly language programming.

Uploaded by

Abhinav Gadekar
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
42 views

Chapter 3 Digital Forensics

This document contains a chapter on digital forensics from an information technology course. It includes [1] questions about digital forensic concepts like network forensics, drive slack, and Windows Registry, [2] considerations for determining the scope of a digital investigation, and [3] questions about embedded system architectures, instruction sets, and assembly language programming.

Uploaded by

Abhinav Gadekar
Copyright
© © All Rights Reserved
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Marthwada Mitra Mandal's Polytechnic

Course :- Emerging Trends in Computer and Infromation Technology


Chapter 3 - Digital forensics

Sr.No Question A B C D Answer

systematic tracking of incoming and outgoing traffic: to


ascertain how an attack was carried out or how an event
occurred on a network.
2.  Windows 3.  Network
1 1. SIM Cards Registry Forensics 4.  Drive Slack C
-intruders and network users often leave trail behind
-identify locations where relevant digital evidence exists
-crucial when developing data map of digital evidence

2 a logical drive 1. EEPROM 2. PDA's 3. SIM Cards 4. Partition D


Considerations
-determine the scope of the investigation. 1. Examination
3 -determine what the case requires 2. Drive Slack 3. Partition 4. SIM Cards A
-whether you should collect all info Plan
-what to do in case of scope creep

Can be exported as:


4 -RTF ~good for thumbnails and book marks 1. Drive Slack 2. Write Blockers 3. Windows 4. ProDiscover D
Registry Report
-TEXT~plain text

electronically erasable programmable read-only memory

-how phones store system data


5 -enables service providers to reprogram phones without having 1. Partition 2. file system 3. EEPROM 4. SIM Cards C
to physically access memory chips
-OS is stored in ROM: nonvolatile memory

file manipulation: file names and extensions/ hidden property


6 1. Windows 2. Examination 3. Virtual 4. Data-hiding D
-disk manipulation: hidden partitions/bad clusters Registry Plan Machine Techniques
-encryption: bit shifting/stenography

gives us a road map to data on a disk


7 -type of file system an OS used determines how data is stored 1. file system 2. Drive Slack 3. EEPROM 4. SIM Cards A
on the disk
a database that stores hardware and software configuration
information, network connections, user preferences, and setup 2. Windows
8 information. 1. SIM Cards 3. file system 4. Write Blockers B
-can contain valuable info about current/past applications and Registry
user created information

unused space in a cluster between the end of an active file and


9 the end of a cluster. (Includes RAM slack and file slack) 1. SIM Cards 2. file system 3. Write Blockers 4. Drive Slack D

10 Which one of the following offers CPUs as integrated memory a) b) c) Embedded d) Memory A
or peripheral interfaces? Microcontroller Microprocessor system system

11 Which of the following offers external chips for memory and a) b) c) Peripheral d) Embedded B
peripheral interface circuits? Microcontroller Microprocessor system system

12 How many bits does an MC6800 family have? a) 16 b) 32 c) 4 d) 8 D


d) National COP
13 Which of the following is a 4-bit architecture? a) MC6800 b) 8086 c) 80386 series D

c)
a) Computing b) Complex d) Complex
14 What is CISC? instruction set instruction set Complimentary instruction set B
instruction set
complex computing computing complementary

15 How is the protection and security for an embedded system a) OTP b) IPR c) Memory disk d) Security chips B
made? security
16 Which of the following possesses a CISC architecture? a) MC68020 b) ARC c) Atmel AVR d) Blackfin A

17 Which of the following is a RISC architecture? a) 80286 b) MIPS c) Zilog Z80 d) 80386 B
18 Which one of the following is board based system? a) Data bus b) Address bus c) VMEbus d) DMA bus C
c) Vertical d) Vertical
a) Versa module b) Versa module module module Europa
19 VME bus stands for Europa bus embedded bus A
embedded bus bus
20 Which of the following has a Harvard architecture? a) EDSAC b) SSEM c) PIC d) CSIRAC C
c. Fast data
21 What are the essential tight constraint/s related to the design a. Ability to fit on b. Low power processing for d. All of the D
metrics of an embedded system? a single chip consumption real-time above
operations

Which abstraction level undergo the compilation process by


22 converting a sequential program into finite-state machine and a. System b. Behaviour c. RT d. Logic B
register transfers while designing an embedded system?
Which characteristics of an embedded system exhibit the
responsiveness to the assortments or variations in system's a. Single- b. Tightly- c. Reactive & d. All of the
23 functioned constraint Real time C
environment by computing specific results for real-time Characteristic Characteristics Characteristics above
applications without any kind of postponement ?

24  Is the following instruction correct LDI R3,50? a) Yes b) No c) Cant be said d) None of the B
mentioned

a) they are used


25 Registers R0-R31 are used for what type of works? for arithmetic b) they are used c) they are used d) none of the A
and logic for data copy for calculations mentioned
instructions

26 The largest value that can be loaded in an 8 bit register is? a) 11111111H b) FH c) FFH d) 00H C

Which out of the following instructions don’t affect the flags of


27 the status register? a) AND b) INC c) OR d) ADD D
28  Which out of the following is not a directive? a) .EQU b) .DEVICE c) .ORG d) .LDI D
d) None of the
29  Is an assembly language a high level language? a) Yes b) No c) Cant be said mentioned B

A 14 bit program counter can execute a maximum of _________


30 a) 4K b) 8K c) 16K d) 64K C
memory locations?
31 When AVR wakes up, then the value of PC becomes? a) 00H b) 000H c) 0000H d) 00000H D
32
33
34
35
36
37
38
39
40
41
42
43
44
When AVR wakes up, then the value of PC becomes?
a) 00H
b) 000H
c) 0000H
d) 00000H
When AVR a)
w 00H b) 000H c) 0000H d) 00000H

You might also like