Changing the way you learn

Question	Answer
The ProDiscover utility makes use of the proprietary _______________ file format. a. .img b. .pro c. .iso d. .eve	d. .eve
What algorithm is used to decompress Windows files? a. Fibonacci b. Zopfli c. Shannon-Fano d. Lempel-Ziv	d. Lempel-Ziv
What is the purpose of the reconstruction function in a forensics investigation? a. Re-create a suspect's drive to show what happened during a crime or incident. b. Prove that two sets of data are identical. c. Copy all information from a suspect's drive, including information that may have been hidden. d. Generate reports or logs that detail the processes undertaken by a forensics investigator.	a. Re-create a suspect's drive to show what happened during a crime or inc
When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command. a. format b. tar c. dump d. dd	d. dd
A keyword search is part of the analysis process within what forensic function? a. reporting b. reconstruction c. extraction d. acquisition	c. extraction
In general, what would a lightweight forensics workstation consist of? a. A tablet with peripherals and forensics apps b. A laptop computer built into a carrying case with a small selection of peripheral options c. A laptop computer with almost as many bays and peripherals as a tower d. A tower with several bays and many peripheral devices	b. A laptop computer built into a carrying case with a small selection of peripheral options
In what mode do most write-blockers run? a. RW mode b. BIOS mode c. Shell mode d. GUI mode	c. Shell mode
In what temporary location below might passwords be stored? a. system32.dll b. CD-ROM drive c. Windows registry d. pagefile.sys	d. pagefile.sys
Passwords are typically stored as one-way _____________ rather than in plaintext. a. hex values b. variables c. hashes d. slack spaces	b. variables
Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America. a. carving b. scraping c. salvaging d. sculpting	a. carving
The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface. a. Kali b. Arch c. Ubuntu d. Helix3	a. Kali
The physical data copy subfunction exists under the ______________ function. a. reporting b. validation / verification c. extraction d. acquisition	d. acquisition
What hex value is the standard indicator for jpeg graphics files? a. FF D8 b. FF D9 c. F8 D8 d. AB CD	a. FF D8
What is the goal of the NSRL project, created by NIST? a. Collect known hash values for commercial software and OS files using SHA hashes. b. Search for collisions in hash values, and contribute to fixing hashing programs. c. Create hash values for illegal files and distribute the information to law enforcement. d. Collect known hash values for commercial software and OS files using MD5 hashes.	a. Collect known hash values for commercial software and OS files using SHA hashes.
What option below is an example of a platform specific encryption tool? a. GnuPG b. TrueCrypt c. BitLocker d. Pretty Good Privacy (PGP)	c. BitLocker
What program serves as the GUI front end for accessing Sleuth Kit's tools? a. DetectiveGUI b. Autopsy c. KDE d. SMART	b. Autopsy
What tool below was written for MS-DOS and was commonly used for manual digital investigations? a. SMART b. Norton DiskEdit c. ByteBack d. DataLifter	b. Norton DiskEdit
Which of the following is stated within the ISO 27037 standard? a. Hardware acquisition tools can only use CRC-32 hashing. b. Digital Evidence First Responders should use validated tools. c. Software forensics tools must provide a GUI interface. d. Software forensics tools must use the Windows OS.	b. Digital Evidence First Responders should use validated tools.
Which of the following options is not a sub-function of extraction? a. logical data copy b.decrypting c. bookmarking d. carving	a. logical data copy
_______________ proves that two sets of data are identical by calculating hash values or using another similar method. a. Verification b. Validation c. Integration d. Compilation	a. Verification

The ProDiscover utility makes use of the proprietary _______________ file format. a. .img b. .pro c. .iso d. .eve

d. .eve

What algorithm is used to decompress Windows files? a. Fibonacci b. Zopfli c. Shannon-Fano d. Lempel-Ziv

d. Lempel-Ziv

What is the purpose of the reconstruction function in a forensics investigation? a. Re-create a suspect's drive to show what happened during a crime or incident. b. Prove that two sets of data are identical. c. Copy all information from a suspect's drive, including information that may have been hidden. d. Generate reports or logs that detail the processes undertaken by a forensics investigator.

a. Re-create a suspect's drive to show what happened during a crime or inc

When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command. a. format b. tar c. dump d. dd

d. dd

A keyword search is part of the analysis process within what forensic function? a. reporting b. reconstruction c. extraction d. acquisition

c. extraction

In general, what would a lightweight forensics workstation consist of? a. A tablet with peripherals and forensics apps b. A laptop computer built into a carrying case with a small selection of peripheral options c. A laptop computer with almost as many bays and peripherals as a tower d. A tower with several bays and many peripheral devices

b. A laptop computer built into a carrying case with a small selection of peripheral options

In what mode do most write-blockers run? a. RW mode b. BIOS mode c. Shell mode d. GUI mode

c. Shell mode

In what temporary location below might passwords be stored? a. system32.dll b. CD-ROM drive c. Windows registry d. pagefile.sys

d. pagefile.sys

Passwords are typically stored as one-way _____________ rather than in plaintext. a. hex values b. variables c. hashes d. slack spaces

b. variables

Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America. a. carving b. scraping c. salvaging d. sculpting

a. carving

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface. a. Kali b. Arch c. Ubuntu d. Helix3

a. Kali

The physical data copy subfunction exists under the ______________ function. a. reporting b. validation / verification c. extraction d. acquisition

d. acquisition

What hex value is the standard indicator for jpeg graphics files? a. FF D8 b. FF D9 c. F8 D8 d. AB CD

a. FF D8

What is the goal of the NSRL project, created by NIST? a. Collect known hash values for commercial software and OS files using SHA hashes. b. Search for collisions in hash values, and contribute to fixing hashing programs. c. Create hash values for illegal files and distribute the information to law enforcement. d. Collect known hash values for commercial software and OS files using MD5 hashes.

a. Collect known hash values for commercial software and OS files using SHA hashes.

What option below is an example of a platform specific encryption tool? a. GnuPG b. TrueCrypt c. BitLocker d. Pretty Good Privacy (PGP)

c. BitLocker

What program serves as the GUI front end for accessing Sleuth Kit's tools? a. DetectiveGUI b. Autopsy c. KDE d. SMART

b. Autopsy

What tool below was written for MS-DOS and was commonly used for manual digital investigations? a. SMART b. Norton DiskEdit c. ByteBack d. DataLifter

b. Norton DiskEdit

Which of the following is stated within the ISO 27037 standard? a. Hardware acquisition tools can only use CRC-32 hashing. b. Digital Evidence First Responders should use validated tools. c. Software forensics tools must provide a GUI interface. d. Software forensics tools must use the Windows OS.

b. Digital Evidence First Responders should use validated tools.

Which of the following options is not a sub-function of extraction? a. logical data copy b.decrypting c. bookmarking d. carving

a. logical data copy

_______________ proves that two sets of data are identical by calculating hash values or using another similar method. a. Verification b. Validation c. Integration d. Compilation

a. Verification

Next up

SCIA 470 Chapter 6

Description

Resource summary

Similar

	Created by Tyler Rock over 5 years ago