6552541
Beschreibung
Quiz von Joey Rubino, aktualisiert more than 1 year ago
|
Erstellt von Joey Rubino
vor etwa 8 Jahre
|
|
Frage 1
Frage
According to the National Institute of Standards and Technology (NIST), digital forensics involves scientifically examining and analyzing data from computer storage media so that it can be used as evidence in court.
Antworten
- True
- False
Frage 2
Frage
All suspected industrial espionage cases should be treated as civil case investigations.
Antworten
- True
- False
Frage 3
Frage
User groups for a specific type of system can be very useful in a forensics investigation.
Antworten
- True
- False
Frage 4
Frage
Most digital investigations in the private sector involve misuse of computing assets.
Antworten
- True
- False
Frage 5
Frage
If you turn evidence over to law enforcement and begin working under their direction, you have become an agent of law enforcement, and are subject to the same restrictions on search and seizure as a law enforcement agent.
Antworten
- True
- False
Frage 6
Frage
Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings.
Antworten
-
Federal Proceedings Law
-
Federal Rules of Evidence
-
Federal Consistency Standards
-
Federal Proceedings Rules
Frage 7
Frage
Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?
Antworten
-
First Amendment
-
Second Amendment
-
Fourth Amendment
-
Fifth Amendment
Frage 8
Frage
Which Microsoft OS below is the least intrusive to disks in terms of changing data?
Antworten
-
Windows 95
-
Windows XP
-
Windows 7
-
MS-DOS 6.22
Frage 9
Frage
_______ is not recommended for a digital forensics workstation.
Antworten
-
A text editor tool
-
A write-blocker device
-
An SCSI card
-
Remote access software
Frage 10
Frage
Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as _______.
Antworten
-
repeatable findings
-
reloadable steps
-
verifiable reporting
-
evidence reporting
Frage 11
Frage
If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.
Antworten
-
exhibit
-
verdict
-
affidavit
-
memo
Frage 12
Frage
_______ describes an accusation of fact that a crime has been committed.
Antworten
-
Attrition
-
Attribution
-
Allegation
-
Assignment
Frage 13
Frage
_______ is not one of the functions of the investigations triad.
Antworten
-
Digital investigations
-
Data recovery
-
Vulnerability/threat assessment and risk management
-
Network intrusion detection and incident response
Frage 14
Frage
In what year was the Computer Fraud and Abuse Act passed?
Antworten
-
1976
-
1980
-
1986
-
1996
Frage 15
Frage
The _______ is not one of the three stages of a typical criminal case.
Antworten
-
complaint
-
investigation
-
civil suit
-
prosecution
Frage 16
Frage
After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.
Antworten
-
Digital Evidence Recorder
-
Digital Evidence Specialist
-
Digital Evidence First Responder
-
Digital Evidence Scene Investigator
Frage 17
Frage
The _______ is responsible for analyzing data and determining when another specialist should be called in to assist with analysis.
Antworten
-
Digital Evidence First Responder
-
Digital Evidence Specialist
-
Digital Evidence Analyst
-
Digital Evidence Examiner
Frage 18
Frage
The sale of sensitive or confidential company information to a competitor is known as _______.
Antworten
-
industrial sabotage
-
industrial espionage
-
industrial collusion
-
industrial betrayal
Frage 19
Frage
Which option below is not a standard systems analysis step?
Antworten
-
Determine a preliminary design or approach to the case.
-
Obtain and copy an evidence drive.
-
Share evidence with experts outside of the investigation.
-
Mitigate or minimize the risks.
Frage 20
Frage
A chain-of-evidence form, which is used to document what has and has not been done with the original evidence and forensic copies of the evidence, is also known as a(n) _______.
Antworten
-
single-evidence form
-
multi-evidence form
-
evidence custody form
-
evidence tracking form
Frage 21
Frage
An evidence custody form does not usually contain _______.
Antworten
-
the nature of the case
-
a description of evidence
-
vendor names for computer components
-
a witness list
Frage 22
Frage
What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?
Antworten
-
AccessData Forensic Toolkit
-
DeepScan
-
ILook
-
Photorec
Frage 23
Frage
The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.
Antworten
-
police ledger
-
police blotter
-
police blogger
-
police recorder
Frage 24
Frage
_______ must be included in an affidavit to support an allegation in order to justify a warrant.
Antworten
-
Verdicts
-
Witnesses
-
Exhibits
-
Subpoenas
Frage 25
Frage
After the evidence has been presented in a trial by jury, the jury must deliver a(n) _______.
Antworten
-
exhibit
-
affidavit
-
allegation
-
verdict
Frage 26
Frage
Linux Live CDs and WinFE disks do not automatically mount hard drives, but can be used to view file systems.
Antworten
- True
- False
Frage 27
Frage
The shielding of sensitive computing systems and prevention of electronic eavesdropping of any computer emissions is known as FAUST by the U.S. Department of Defense.
Antworten
- True
- False
Frage 28
Frage
The recording of all updates made to a workstation or machine is referred to as configuration management.
Antworten
- True
- False
Frage 29
Frage
A disaster recovery plan ensures that workstations and file servers can be restored to their original condition in the event of a catastrophe.
Antworten
- True
- False
Frage 30
Frage
Because they are outdated, ribbon cables should not be considered for use within a forensics lab.
Antworten
- True
- False
Frage 31
Frage
Candidates who complete the IACIS test successfully are designated as a _______.
Antworten
-
Certified Forensic Computer Examiner (CFCE)
-
Certified Forensics Investigator (CFI)
-
Certified Investigative Forensics Examiner (CIFE)
-
Certified Investigative Examiner (CIE)
Frage 32
Frage
What certification program, sponsored by ISC2, requires knowledge of digital forensics, malware analysis, incident response, e-discovery, and other disciplines related to cyber investigations?
Antworten
-
Certified Computer Crime Investigator
-
Certified Forensic Computer Examiner
-
Certified Cyber Forensics Professional
-
EnCase Certified Examiner
Frage 33
Frage
How long are computing components designed to last in a normal business environment?
Antworten
-
12 to 16 months
-
14 to 26 months
-
18 to 36 months
-
36 to 90 months
Frage 34
Frage
Which of the following scenarios should be covered in a disaster recovery plan?
Antworten
-
damage caused by lightning strikes
-
damage caused by flood
-
damage caused by a virus contamination
-
all of the above
Frage 35
Frage
Which operating system listed below is not a distribution of the Linux OS?
Antworten
-
Minix
-
Debian
-
Slackware
-
Fedora
Frage 36
Frage
_______ describes the characteristics of a safe storage container.
Antworten
-
ISO2960
-
NISPOM
-
SSO 990
-
STORSEC
Frage 37
Frage
In order to qualify for the Certified Computer Forensic Technician, Basic Level certification, how many hours of computer forensics training are required?
Antworten
-
10
-
20
-
30
-
40
Frage 38
Frage
Which file system below is utilized by the Xbox gaming system?
Antworten
-
NTFS
-
ReFS
-
EXT
-
FATX
Frage 39
Frage
Which ISO standard below is followed by the ASCLD?
Antworten
-
17025:2005
-
17026:2007
-
12075:2007
-
12076:2005
Frage 40
Frage
_______ is responsible for creating and monitoring lab policies for staff, and provides a safe and secure workplace for staff and evidence.
Antworten
-
The lab manager
-
The lab investigator
-
The lab secretary
-
The lab steward
Frage 41
Frage
What percentage of consumers utilize Intel and AMD PCs?
Antworten
-
60
-
70
-
80
-
90
Frage 42
Frage
_______ can be used to restore backup files directly to a workstation.
Antworten
-
Belarc Advisor
-
Norton Ghost
-
ProDiscover
-
Photorec
Frage 43
Frage
How often should hardware be replaced within a forensics lab?
Antworten
-
Every 6 to 12 months
-
Every 12 to 18 months
-
Every 18 to 24 months
-
Every 24 to 30 months
Frage 44
Frage
A TEMPEST facility is designed to accomplish which of the following goals?
Antworten
-
Prevent data loss by maintaining consistent backups.
-
Shield sensitive computing systems and prevent electronic eavesdropping of computer emissions.
-
Ensure network security from the Internet using comprehensive security software.
-
Protect the integrity of data.
Frage 45
Frage
In order to qualify for the Advanced Certified Computer Forensic Technician certification, a candidate must have _______ years of hands-on experience in computer forensics investigations.
Antworten
-
two
-
three
-
five
-
six
Frage 46
Frage
In order to qualify for the Certified Computer Crime Investigator, Basic Level certification, candidates must provide documentation of at least _______ cases in which they participated.
Antworten
-
5
-
10
-
15
-
20
Frage 47
Frage
Which tool below is not recommended for use in a forensics lab?
Antworten
-
2.5-inch adapters for drives
-
FireWire and USB adapters
-
SCSI cards
-
Degausser
Frage 48
Frage
Which option below is not a recommendation for securing storage containers?
Antworten
-
The container should be located in a restricted area
-
Only authorized access should be allowed, and it should be kept to a minimum.
-
Evidence containers should remain locked when they aren't under direct supervision.
-
Rooms with evidence containers should have a secured wireless network.
Frage 49
Frage
Which option below is not one of the recommended practices for maintaining a keyed padlock?
Antworten
-
Appoint a key custodian.
-
Take inventory of all keys when the custodian changes.
-
Use a master key.
-
Change locks and keys annually.
Frage 50
Frage
_______ is a specialized viewer software program.
Antworten
-
FastView
-
IrfanView
-
ThumbsLoader
-
ABSee
Frage 51
Frage
Hardware and software errors or incompatibilities are a common problem when dealing with older hard drives.
Antworten
- True
- False
Frage 52
Frage
A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.
Antworten
- True
- False
Frage 53
Frage
FTK Imager software can acquire a drive's host protected area.
Antworten
- True
- False
Frage 54
Frage
The ImageUSB utility can be used to create a bootable flash drive.
Antworten
- True
- False
Frage 55
Frage
Which option below is not a hashing function used for validation checks?
Antworten
-
RC4
-
MD5
-
SHA-1
-
CRC32
Frage 56
Frage
The Linux command _____ can be used to write bit-stream data to files.
Antworten
-
write
-
dd
-
cat
-
dump
Frage 57
Frage
Which option below is not a Linux Live CD meant for use as a digital forensics tool?
Antworten
-
Penguin Sleuth
-
Kali Linux
-
Ubuntu
-
CAINE
Frage 58
Frage
The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory.
Antworten
-
dd
-
split
-
echo
-
dcfldd
Frage 59
Frage
Which RAID type utilizes mirrored striping, providing fast access and redundancy?
Antworten
-
RAID 1
-
RAID 3
-
RAID 5
-
RAID 10
Frage 60
Frage
Within the fdisk interactive menu, what character should be entered to view existing partitions?
Antworten
-
1
-
p
-
o
-
d
Frage 61
Frage
When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?
Antworten
-
512 MB
-
2 GB
-
1 TB
-
1 PB
Frage 62
Frage
Which RAID type provides increased speed and data storage capability, but lacks redundancy?
Antworten
-
RAID 0
-
RAID 1
-
RAID 0+1
-
RAID 5
Frage 63
Frage
Which RAID type utilizes a parity bit and allows for the failure of one drive without losing data?
Antworten
-
RAID 1
-
RAID 2
-
RAID 3
-
RAID 5
Frage 64
Frage
_______ creates a virtual volume of a RAID image file, and then makes repairs on the virtual volume, which can then be restored to the original RAID.
Antworten
-
Runtime Software
-
RaidRestore
-
R-Tools R-Studio
-
FixitRaid
Frage 65
Frage
_______ is the utility used by the ProDiscover program for remote access.
Antworten
-
SubSe7en
-
l0pht
-
PDServer
-
VNCServer
Frage 66
Frage
The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.
Antworten
-
intrusion detection system
-
active defense mechanism
-
total awareness system
-
intrusion monitoring system
Frage 67
Frage
Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files?
Antworten
-
Advanced Forensics Disk
-
Advanced Forensic Format
-
Advanced Capture Image
-
Advanced Open Capture
Frage 68
Frage
What is the name of the Microsoft solution for whole disk encryption?
Antworten
-
DriveCrypt
-
TrueCrypt
-
BitLocker
-
SecureDrive
Frage 69
Frage
Which technology below is not a hot-swappable technology?
Antworten
-
USB-3
-
FireWire 1394A
-
SATA
-
IDE
Frage 70
Frage
Computer-stored records are data the system maintains, such as system log files and proxy server logs.
Antworten
- True
- False
Frage 71
Frage
An emergency situation under the PATRIOT Act is defined as the immediate risk of death or personal injury, such as finding a bomb threat in an e-mail.
Antworten
- True
- False
Frage 72
Frage
The Fourth Amendment states that only warrants "particularly describing the place to be searched and the persons or things to be seized" can be issued. The courts have determined that this phrase means a warrant can authorize a search of a specific place for anything.
Antworten
- True
- False
Frage 73
Frage
State public disclosure laws apply to state records, but FOIA allows citizens to request copies of public documents created by federal agencies.
Antworten
- True
- False
Frage 74
Frage
To investigate employees suspected of improper use of company digital assets, a company policy statement about misuse of digital assets allows corporate investigators to conduct covert surveillance with little or no cause, and access company computer systems and digital devices without a warrant.
Antworten
- True
- False
Frage 75
Frage
_______ would not be found in an initial-response field kit.
Antworten
-
Computer evidence bags (antistatic bags)
-
Leather gloves and disposable latex gloves
-
A digital camera with extra batteries or 35mm camera with film and flash
-
External USB devices or a portable hard drive
Frage 76
Frage
_______ is a common cause for lost or corrupted evidence.
Antworten
-
Public access
-
Not having enough people on the processing team
-
Having an undefined security perimeter
-
Professional curiosity
Frage 77
Frage
What does FRE stand for?
Antworten
-
Federal Rules of Evidence
-
Federal Regulations for Evidence
-
Federal Rights for Everyone
-
Federal Rules for Equipment
Frage 78
Frage
If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.
Antworten
-
two
-
five
-
one
-
three
Frage 79
Frage
_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing.
Antworten
-
Second-party evidence
-
Rumor
-
Fiction
-
Hearsay
Frage 80
Frage
You must abide by the _______ while collecting evidence.
Antworten
-
Fourth Amendment
-
Federal Rules of Evidence
-
state's Rules of Evidence
-
Fifth Amendment
Frage 81
Frage
Which of the following is not done when preparing for a case?
Antworten
-
Describe the nature of the case.
-
Identify the type of OS.
-
Set up covert surveillance.
-
Determine whether you can seize the computer or digital device.
Frage 82
Frage
A _______ is not a private sector organization.
Antworten
-
small to medium business
-
large corporation
-
non-government organization
-
hospital
Frage 83
Frage
In cases that involve dangerous settings, what kind of team should be used to recover evidence from the scene?
Antworten
-
B-Team
-
HAZMAT
-
CDC First Responders
-
SWAT
Frage 84
Frage
_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers.
Antworten
-
Hospitals
-
ISPs
-
Law firms
-
News networks
Frage 85
Frage
The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.
Antworten
-
probable cause
-
due diligence
-
accusations
-
reliability
Frage 86
Frage
Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?
Antworten
-
United States v. Wong
-
United States v. Carey
-
United States v. Salgado
-
United States v. Walser
Frage 87
Frage
What should you do while copying data on a suspect's computer that is still live?
Antworten
-
Open files to view contents.
-
Make notes regarding everything you do.
-
Conduct a Google search of unknown extensions using the computer.
-
Check Facebook for additional suspects.
Frage 88
Frage
The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers.
Antworten
-
storage room
-
server farm
-
data well
-
storage hub
Frage 89
Frage
_______ does not recover data in free or slack space.
Antworten
-
Raw format acquisition
-
Live acquisition
-
Static acquisition
-
Sparse acquisition
Frage 90
Frage
When seizing digital evidence in criminal investigations, whose standards should be followed?
Antworten
-
U.S. DOJ
-
ISO/IEC
-
IEEE
-
ITU
Frage 91
Frage
The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest.
Antworten
-
criminal
-
potential data source
-
person of interest
-
witness
Frage 92
Frage
What type of media has a 30-year lifespan?
Antworten
-
DVD-Rs
-
DLT magnetic tape
-
hard drive
-
USB thumb drive
Frage 93
Frage
As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state?
Antworten
-
The power cable should be pulled.
-
The system should be shut down gracefully.
-
The power should be left on.
-
The decision should be left to the Digital Evidence First Responder (DEFR).
Frage 94
Frage
Which system below can be used to quickly and accurately match fingerprints in a database?
Antworten
-
Fingerprint Identification Database (FID)
-
Systemic Fingerprint Database (SFD)
-
Automated Fingerprint Identification System (AFIS)
-
Dynamic Fingerprint Matching System (DFMS)
Frage 95
Frage
A computer stores system configuration and date and time information in the BIOS when power to the system is off.
Antworten
- True
- False
Frage 96
Frage
When data is deleted on a hard drive, only references to it are removed, which leaves the original data on unallocated disk space.
Antworten
- True
- False
Frage 97
Frage
Someone who wants to hide data can create hidden partitions or voids- large unused gaps between partitions on a disk drive. Data that is hidden in partition gaps cannot be retrieved by forensics utilities.
Antworten
- True
- False
Frage 98
Frage
FAT32 is used on older Microsoft OSs, such as MS-DOS 3.0 through 6.22, Windows 95 (first release), and Windows NT 3.3 and 4.0.
Antworten
- True
- False
Frage 99
Frage
Each MFT record starts with a header identifying it as a resident or nonresident attribute.
Antworten
- True
- False
Frage 100
Frage
A typical disk drive stores how many bytes in a single sector?
Antworten
-
8
-
512
-
1024
-
4096
Frage 101
Frage
Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?
Antworten
-
Disk Track Recording (DTR)
-
Zone Based Areal Density (ZBAD)
-
Zone Bit Recording (ZBR)
-
Cylindrical Head Calculation (CHC)
Frage 102
Frage
What hexadecimal code below identifies an NTFS file system in the partition table?
Antworten
-
05
-
07
-
1B
-
A5
Frage 103
Frage
When using the File Allocation Table (FAT), where is the FAT database typically written to?
Antworten
-
The innermost track
-
The outermost track
-
The first sector
-
The first partition
Frage 104
Frage
Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital eXtended capacity (SDCX), and memory sticks:
Antworten
-
FAT12
-
FAT32
-
exFAT
-
VFAT
Frage 105
Frage
What term is used to describe a disk's logical structure of platters, tracks, and sectors?
Antworten
-
cylinder
-
trigonometry
-
geometry
-
mapping
Frage 106
Frage
A Master Boot Record (MBR) partition table marks the first partition starting at what offset?
Antworten
-
0x1CE
-
0x1BE
-
0x1AE
-
0x1DE
Frage 107
Frage
The ___________ command inserts a HEX E5 (0xE5) in a filename's first letter position in the associated directory entry.
Antworten
-
delete
-
edit
-
update
-
clear
Frage 108
Frage
What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?
Antworten
-
$MftMirr
-
$TransAct
-
$LogFile
-
$Backup
Frage 109
Frage
What command below can be used to decrypt EFS files?
Antworten
-
cipher
-
copy
-
efsrecvr
-
decrypt
Frage 110
Frage
Which of the following commands creates an alternate data stream?
Antworten
-
echo text > myfile.txt:stream_name
-
ads create myfile.txt{stream_name} "text"
-
cat text myfile.txt=stream_name
-
echo text
Frage 111
Frage
What term below describes a column of tracks on two or more disk platters?
Antworten
-
sector
-
cluster
-
cylinder
-
header
Frage 112
Frage
Which of the following is not a valid configuration of Unicode?
Antworten
-
UTF-8
-
UTF-16
-
UTF-32
-
UTF-64
Frage 113
Frage
What does the MFT header field at offset 0x00 contain?
Antworten
-
The MFT record identifier FILE
-
The size of the MFT record
-
The length of the header
-
The update sequence array
Frage 114
Frage
The ReFS storage engine uses a __________ sort method for fast access to large data sets.
Antworten
-
A+-tree
-
B+-tree
-
reverse
-
numerical
Frage 115
Frage
What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive?
Antworten
-
PGP Full Disk Encryption
-
Voltage SecureFile
-
BestCrypt
-
TrueCrypt
Frage 116
Frage
The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.
Antworten
-
registry
-
storage
-
hive
-
tree
Frage 117
Frage
What registry file contains user account management and security settings?
Antworten
-
Default.dat
-
Software.dat
-
SAM.dat
-
Ntuser.dat
Frage 118
Frage
What registry file contains installed programs' settings and associated usernames and passwords?
Antworten
-
Default.dat
-
Security.dat
-
Software.dat
-
System.dat
Frage 119
Frage
Addresses that allow the MFT to link to nonresident files are known as _______________.
Antworten
-
virtual cluster numbers
-
logical cluster numbers
-
sequential cluster numbers
-
polarity cluster numbers
Frage 120
Frage
Software forensics tools are grouped into command-line applications and GUI applications
Antworten
- True
- False
Frage 121
Frage
Making a logical acquisition of a drive with whole disk encryption can result in unreadable files.
Antworten
- True
- False
Frage 122
Frage
Physically copying the entire drive is the only type of data-copying method used in software acquisitions.
Antworten
- True
- False
Frage 123
Frage
ISO standard 27037 states that the most important factors in data acquisition are the DEFR's competency and the use of validated tools.
Antworten
- True
- False
Frage 124
Frage
All forensics acquisition tools have a method for verification of the data-copying process that compares the original drive with the image.
Antworten
- True
- False
Frage 125
Frage
What tool below was written for MS-DOS and was commonly used for manual digital investigations?
Antworten
-
SMART
-
Norton DiskEdit
-
ByteBack
-
DataLifter
Frage 126
Frage
In general, what would a lightweight forensics workstation consist of?
Antworten
-
A tablet with peripherals and forensics apps
-
A laptop computer built into a carrying case with a small selection of peripheral options
-
A laptop computer with almost as many bays and peripherals as a tower
-
A tower with several bays and many peripheral devices
Frage 127
Frage
In what mode do most software write-blockers run?
Antworten
-
RW mode
-
Ala mode
-
Shell mode
-
GUI mode
Frage 128
Frage
Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America.
Antworten
-
carving
-
scraping
-
salvaging
-
sculpting
Frage 129
Frage
The ProDiscover utility makes use of the proprietary _______________ file format.
Antworten
-
.img
-
.pro
-
.iso
-
.eve
Frage 130
Frage
What is the purpose of the reconstruction function in a forensics investigation?
Antworten
-
Re-create a suspect's drive to show what happened during a crime or incident.
-
Prove that two sets of data are identical.
-
Copy all information from a suspect's drive, including information that may have been hidden.
-
Generate reports or logs that detail the processes undertaken by a forensics investigator.
Frage 131
Frage
Which of the following options is not a subfunction of extraction?
Antworten
-
logical data copy
-
decrypting
-
bookmarking
-
carving
Frage 132
Frage
In what temporary location below might passwords be stored?
Antworten
-
system32.dll
-
CD-ROM drive
-
Windows registry
-
pagefile.sys
Frage 133
Frage
The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.
Antworten
-
Kali
-
Arch
-
Ubuntu
-
Helix3
Frage 134
Frage
What option below is an example of a platform specific encryption tool?
Antworten
-
GnuPG
-
TrueCrypt
-
BitLocker
-
Pretty Good Privacy (PGP)
Frage 135
Frage
What hex value is the standard indicator for jpeg graphics files?
Antworten
-
FF D8
-
FF D9
-
F8 D8
-
AB CD
Frage 136
Frage
Passwords are typically stored as one-way _____________ rather than in plaintext.
Antworten
-
hex values
-
variables
-
hashes
-
slack spaces
Frage 137
Frage
What program serves as the GUI front end for accessing Sleuth Kit's tools?
Antworten
-
DetectiveGUI
-
Autopsy
-
KDE
-
SMART
Frage 138
Frage
Which of the following is stated within the ISO 27037 standard?
Antworten
-
Hardware acquisition tools can only use CRC-32 hashing.
-
Digital Evidence First Responders should use validated tools.
-
Software forensics tools must provide a GUI interface.
-
Software forensics tools must use the Windows OS.
Frage 139
Frage
The physical data copy subfunction exists under the ______________ function.
Antworten
-
reporting
-
validation / verification
-
extraction
-
acquisition
Frage 140
Frage
A keyword search is part of the analysis process within what forensic function?
Antworten
-
reporting
-
reconstruction
-
extraction
-
acquisition
Frage 141
Frage
What algorithm is used to decompress Windows files?
Antworten
-
Fibonacci
-
Zopfli
-
Shannon-Fano
-
Lempel-Ziv
Frage 142
Frage
What is the goal of the NSRL project, created by NIST?
Antworten
-
Collect known hash values for commercial software and OS files using SHA hashes.
-
Search for collisions in hash values, and contribute to fixing hashing programs.
-
Create hash values for illegal files and distribute the information to law enforcement.
-
Collect known hash values for commercial software and OS files using MD5 hashes.
Frage 143
Frage
When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command.
Antworten
-
format
-
tar
-
dump
-
dd
Frage 144
Frage
_______________ proves that two sets of data are identical by calculating hash values or using another similar method.
Antworten
-
Verification
-
Validation
-
Integration
-
Compilation
Möchten Sie mit GoConqr kostenlos Ihre eigenen Quiz erstellen? eigenen Mehr erfahren.