Close
The ProDiscover utility makes use of the proprietary _______________ file format.
a. .img
b. .pro
c. .iso
d. .eve
What algorithm is used to decompress Windows files?
a. Fibonacci
b. Zopfli
c. Shannon-Fano
d. Lempel-Ziv
What is the purpose of the reconstruction function in a forensics investigation?
a. Re-create a suspect's drive to show what happened during a crime or incident.
b. Prove that two sets of data are identical.
c. Copy all information from a suspect's drive, including information that may have been hidden.
d. Generate reports or logs that detail the processes undertaken by a forensics investigator.
When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command.
a. format
b. tar
c. dump
d. dd
A keyword search is part of the analysis process within what forensic function?
a. reporting
b. reconstruction
c. extraction
d. acquisition
In general, what would a lightweight forensics workstation consist of?
a. A tablet with peripherals and forensics apps
b. A laptop computer built into a carrying case with a small selection of peripheral options
c. A laptop computer with almost as many bays and peripherals as a tower
d. A tower with several bays and many peripheral devices
In what mode do most write-blockers run?
a. RW mode
b. BIOS mode
c. Shell mode
d. GUI mode
In what temporary location below might passwords be stored?
a. system32.dll
b. CD-ROM drive
c. Windows registry
d. pagefile.sys
Passwords are typically stored as one-way _____________ rather than in plaintext.
a. hex values
b. variables
c. hashes
d. slack spaces
Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America.
a. carving
b. scraping
c. salvaging
d. sculpting
The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.
a. Kali
b. Arch
c. Ubuntu
d. Helix3
The physical data copy subfunction exists under the ______________ function.
a. reporting
b. validation / verification
c. extraction
d. acquisition
What hex value is the standard indicator for jpeg graphics files?
a. FF D8
b. FF D9
c. F8 D8
d. AB CD
What is the goal of the NSRL project, created by NIST?
a. Collect known hash values for commercial software and OS files using SHA hashes.
b. Search for collisions in hash values, and contribute to fixing hashing programs.
c. Create hash values for illegal files and distribute the information to law enforcement.
d. Collect known hash values for commercial software and OS files using MD5 hashes.
What option below is an example of a platform specific encryption tool?
a. GnuPG
b. TrueCrypt
c. BitLocker
d. Pretty Good Privacy (PGP)
What program serves as the GUI front end for accessing Sleuth Kit's tools?
a. DetectiveGUI
b. Autopsy
c. KDE
d. SMART
What tool below was written for MS-DOS and was commonly used for manual digital investigations?
a. SMART
b. Norton DiskEdit
c. ByteBack
d. DataLifter
Which of the following is stated within the ISO 27037 standard?
a. Hardware acquisition tools can only use CRC-32 hashing.
b. Digital Evidence First Responders should use validated tools.
c. Software forensics tools must provide a GUI interface.
d. Software forensics tools must use the Windows OS.
Which of the following options is not a sub-function of extraction?
a. logical data copy
b.decrypting
c. bookmarking
d. carving
_______________ proves that two sets of data are identical by calculating hash values or using another similar method.
a. Verification
b. Validation
c. Integration
d. Compilation
