Close
An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?
A. /dev/hda
B. /dev/hda1
C. /dev/sda
D. /dev/sda1
To create a new primary partition within the fdisk interactive utility, which letter should be typed?
A. c
B. p
C. l
D. n
What is the name of the Microsoft solution for whole disk encryption?
A. DriveCrypt
B. TrueCrypt
C. BitLocker
D. SecureDrive
Which RAID type provides increased speed and data storage capability, but lacks redundancy?
A. RAID 0
B. RAID 1
C. RAID 0+1
D. RAID 5
Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files?
A. Advanced Forensics Disk
B. Advanced Forensic Format
C. Advanced Capture Image
D. Advanced Open Capture
Which option below is not a hashing function used for validation checks?
A. RC4
B. MD5
C. SHA-1
D. CRC32
Which technology below is not a hot-swappable technology?
A. USB-3
B. FireWire 1394A
C. SATA
D. IDE
The Linux command _____ can be used to write bit-stream data to files.
A. write
B. dd
C. cat
D. dump
The Linux command _______ can be used to list the current disk devices connected to the computer.
A. ls -l
B. fdisk -l
C. show drives
D. geom
The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory.
A. dd
B. split
C. dcfldd
D. echo
The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.
A. intrusion detection system
B. active defense mechanism
C. total awareness system
D. intrusion monitoring system
The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.
A. -p
B. -s
C. -b
D. -s
When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?
A. 512 MB
B. 2 GB
C. 1 TB
D. 1 PB
Which RAID type utilizes a parity bit and allows for the failure of one drive without losing data?
A. RAID 1
B. RAID 2
C. RAID 3
D. RAID 5
Which RAID type utilizes mirrored striping, providing fast access and redundancy?
A. RAID 1
B. RAID 3
C. RAID 5
D. RAID 10
Which option below is not a Linux Live CD meant for use as a digital forensics tool?
A. Penguin Sleuth
B. Kali Linux
C. Ubuntu
D. CAINE
Within the fdisk interactive menu, what character should be entered to view existing partitions?
A. l
B. p
C. o
D. d
_______ can be used with the dcfldd command to compare an image file to the original medium.
A. compare
B. cmp
C. vf
D. imgcheck
_______ creates a virtual volume of a RAID image file, and then makes repairs on the virtual volume, which can then be restored to the original RAID.
A. Runtime Software
B. RaidRestore
C. R-Tools R-Studio
D. FixitRaid
_______ is the utility used by the ProDiscover program for remote access.
A. SubSe7en
B. l0pht
C. PDServer
D. VNCServer
