Get personalized study reminders at intervals optimized for better retention. Track your progress on this set by creating a folder Or add to an existing folder false true true false true b
b d b d d cStart Long-Term Learning
Add this set to a folder
Because attorneys do not have the
right of full discovery of digital evidence, it is not possible for new evidence to come to light while complying with a defense request for full discovery.
t/f One of the most critical aspects of digital forensics is validating digital evidence because ensuring the integrity of data you collect is essential for presenting evidence in court.
t/f The advantage of recording hash values is that you can determine whether data has changed.
t/f In private sector cases, like criminal and civil cases, the scope is always defined by a search warrant.
t/f Advanced hexadecimal editors offer many features not available in digital forensics tools, such
as hashing specific files or sectors.
t/f What format below is used for VMware images?
a. .vhd
b. .vmdk
c. .s01
d. .aff In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters?
a. NTFS
b. FAT
c. HFSX
d. Ext3fs Which password recovery method uses every possible letter, number, and character found on a keyboard?
a. rainbow table
b. dictionary attack
c. hybrid attack
d. brute-force attack The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of
unexpected evidence found.
a. litigation
b. scope creep
c. criminal charges
d. violations Which of the following file systems can't be analyzed by OSForensics?
a. FAT12
b. Ext2fs
c. HFS+
d. XFS In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer.
a.
format
b. fdisk
c. grub
d. diskpart Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords:
a. Last Bit
b. AccessData PRTK
c. OSForensics
d. Passware
Within Windows Vista and later, partition gaps are _____________ bytes in length.
a. 64
b. 128
c.
256
d. 512
b
Which option below is not a disk management tool?
a. Partition Magic
b. Partition Master
c. GRUB
d. HexEdit
d
Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.
a. hashing
b.
bit-shifting
c. registry edits
d. slack space
b
A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.
a. compiler
b. shifter
c. macro
d. script
c
What letter should be typed into DiskEdit in order to
mark a good sector as bad?
a. M
b. B
c. T
d. D
b
Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
a. key vault
b. key escrow
c. bump key
d. master key
b
What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords?
a. salted passwords
b. scrambled passwords
c. indexed passwords
d. master passwords
a
When performing a static acquisition, what should be done after the hardware on a suspect's computer has been inventoried and documented?
a. Inventory and documentation information should be
stored on a drive and then the drive should be reformatted.
b. Start the suspect's computer and begin collecting evidence.
c. The hard drive should be removed, if practical, and the system's date and time values should be recorded from the system's CMOS.
d. Connect the suspect's computer to the local network so that up to date forensics utilities can be utilized.
c
In order to aid a forensics investigation,
a hardware or software ______________ can be utilized to capture keystrokes remotely.
a. keygrabber
b. keylogger
c. packet capture
d. protocol analyzer
b
The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.
a. DeepScan Filter
b. Unknown
File Filter (UFF)
c. Known File Filter (KFF)
d. FTK Hash Imager
c
The term for detecting and analyzing steganography files is _________________.
a. carving
b. steganology
c. steganalysis
d. steganomics
c
A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external
media.
a. fdisk
b. format
c. dd
d. DiskEdit
c
The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.
a. Open Hash Database
b. HashKeeper Online
c. National Hashed Software Referenced.
d. National Software Reference Library
d
Please allow access to your computer’s microphone to use Voice Recording.
We can’t access your microphone!
Click the icon above to update your browser permissions above and try again
Example:
Reload the page to try again!
Reload
Press Cmd-0 to reset your zoom
Press Ctrl-0 to reset your zoom
It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.
Please upgrade Flash or
install Chrome
to use Voice Recording.
For more help, see our troubleshooting page.