​How many bits are required to create a pixel capable of displaying 65,536 different colors?

Which of the following is not considered to be a non-standard graphics file format?​

All TIF files start at offset 0 with what 6 hexadecimal characters?​

What kind of graphics file combines bitmap and vector graphics types?​

The process of converting raw picture data to another format is called _________________.​

What format was developed as a standard for storing metadata in image files?

Which of the following formats is not considered to be a standard graphics file format?

Select below the utility that is not a lossless compression utility:

In simple terms, _____________ compression ​discards bits in much the same way rounding off decimal values discards numbers.

What file type starts at offset 0 with a hexidecimal value of FFD8?​

How many different colors can be displayed by a 24 bit colored pixel?​

The _____________ format is a proprietary format used by Adobe Photoshop.

For EXIF JPEG files, the hexadecimal value starting at offset 2 is _____________.

Referred to as a digital negative, the _______ is typically used on many higher-end digital cameras.​

The Lempel-Ziv-Welch (LZW) algorithm is used in _____________ compression.​

For all JPEG files, the ending hexadecimal marker, also known as the end of image (EOI), is ____________.​

Which graphics file format below is rarely compressed?

When looking at a byte of information in binary, such as 11101100, what is the first bit on the left referred to as?​

What act defines precisely how copyright laws pertain to graphics?

Which of the following is not a type of graphic file that is created by a graphics program?​

What format below is used for VMware images?

​In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters?

Which password recovery method uses every possible letter, number, and character found on a keyboard?​

The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.​

Which of the following file systems can't be analyzed by OSForensics?

In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer.

Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords:

Within Windows Vista and later, partition gaps are _____________ bytes in length.

Which option below is not a disk management tool?​

Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.​

A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.​

What letter should be typed into DiskEdit in order to mark a good sector as bad?​

Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.​

What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords?​

When performing a static acquisition, what should be done after the hardware on a suspect's computer has been inventoried and documented?​

In order to aid a forensics investigation, a hardware or software ______________ can be utilized to capture keystrokes remotely.

The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.​

The term for detecting and analyzing steganography files is _________________.​

A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.​

The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.​

What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided as shareware?​

The __________ disk image file format is associated with the VirtualBox hypervisor.​

What Windows Registry key contains associations for file extensions?​

In VirtualBox, ____________ different types of virtual network adapters are possible, such as AMD and Intel Pro adapters

The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of Ubuntu?​

Select below the option that is not a common type 1 hypervisor:​

The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the three modes?​

​The _______________ command line program is a common way of examining network traffic, which provides records of network activity while it is running, and produce hundreds or thousands of records.

Select below the program within the PsTools suite that allows you to run processes remotely:​

The ​tcpdump and Wireshark utilities both use what well known packet capture format?

The ___________________ is a good tool for extracting information from large Libpcap files; you simply specify the time frame you want to examine.

The _____________________ tool is an updated version of BackTrack, and contains more than 300 tools, such as password crackers, network sniffers, and freeware forensics tools.​

In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM​ to display a virtual machine's network adapters?

What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine?​

What processor instruction set is required in order to utilize virtualization software?​

Select the file below that is used in VirtualBox to create a virtual machine:​

The __________________ is the version of Pcap available for Linux based operating systems.​

What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and viruses?​

At what layers of the OSI model do most packet analyzers function?​

In a __________ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading a server with established connections.​

What command below could be used on a UNIX system to help locate log directories?​

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.​

E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.​

Syslog is generally configured to put all e-mail related log information into what file?​

What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data?​

On a UNIX system​, where is a user's mail stored by default?

Where does the Postfix UNIX mail server store e-mail?​

One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.​

What information is not typically included in an e-mail header?​

​In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application Programming Interface, and served as the database file?

What type of Facebook profile is usually only given to law enforcement with a warrant?​

Which option below is the correct path to the sendmail configuration file?​

​In what state is sending unsolicited e-mail illegal?

What service below can be used to map an IP address to a domain name, and then find the domain name's ​point of contact?

Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups?

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.​

The Suni Munshani v. Signal Lake Venture Fund II, LP et al case is an example of a case that involves e-mail ____________.​

In order to retrieve logs from exchange, the PowerShell cmdlet _______________________ can be used.​

​Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.

Which service below does not put log information into /var/log/maillog?​

What frequencies can be used by GSM with the TDMA technique?​

What digital network technology is a digital version of the original analog standard for cell phones?

The _______________ component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; sometimes referred to as a "cell phone tower".​

What organization is responsible for the creation of the requirements for carriers to be considered 4G?

Nonvolatile memory on a mobile device can contain OS files and stored user data, such as a __________________ and backed-up files.

​The ___________________ technology is designed for GSM and Universal Mobile Telecommunications Systems (UMTS) technology, supports 45 Mbps to 144 Mbps transmission speeds.

Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis?​

GSM refers to mobile phones as "mobile stations" and divides a station into two parts, the __________ and the mobile equipment (ME).​

​What digital network technology was developed during World War II?

What type of mobile forensics method listed by NIST guidelines involves looking at a device's content page by page and taking pictures?

​What method below is not an effective method for isolating a mobile device from receiving signals?

​Select below the option that is not a typical feature of smartphones on the market today:

What standard introduced sleep mode to enhance battery life, and is used with TDMA?​

Within NIST guidelines for mobile forensics methods, the ______________ method requires physically removing flash memory chips and gathering information at the binary level.​

​On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures?

​Where is the OS stored on a smartphone?

The ________________ technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and supports transmission speeds of 12 Mbps​

Which of the following is not a type of peripheral memory card used in PDAs?​

Which component of cell communication is used to route digital packets for the network and relies on a database to support subscribers?​

Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA).