Data Forensics I PRETEST

¡Supera tus tareas y exámenes ahora con Quizwiz!

When was the Freedom of Information Act originally enacted?

1960s

When recovering evidence from a contaminated crime scene, the investigator should take measures to avoid damage to the drive from overheating. At what temperature should the investigator take action?

80 degrees or higher

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant?

An affidavit

What term refers to the individual who has the power to conduct digital forensic investigations?

Authorized requester

In what process is the acquisition of newer and better resources for investigation justified?

Building a business case

A technician is trying to recover information on a computer that has been hidden or deleted on purpose in order to hide evidence of a crime. Which type of task is the technician performing?

Data recovery

The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. What are these cluster addresses called?

Data runs

What term refers to a person using a computer to perform routine tasks other than systems administration?

End user

What must be done, under oath, to verify that the information in the affidavit is true?

It must be notarized

What type of acquisition is used for most remote acquisitions?

Live

What is most often the focus of digital investigations in the private sector?

Misuse of digital assets

Which filename refers to the Windows XP system service dispatch stubs to executables functions and internal support functions?

Ntdll.dll

What type of evidence do courts consider evidence data in a computer to be?

Physical

If your time is limited, what type of acquisition data copy method should you consider?

Sparse

Which technique can be used for extracting evidence from large systems?

Sparse acquisition

Under what circumstances are digital records considered admissible?

They are business records

What command works similarly to the dd command but has many features designed for computer forensics acquisitions?

dcfldd


Conjuntos de estudio relacionados

chap 40 child with neuromuscular

View Set

Finance Exam Wrong Answered Questions Chapter 4

View Set

Mod 8 SLAAC and DHCPv6 HW Homework in Homework

View Set

Module 5 MGMT 417 Affirmative Action

View Set

3rd trimester practice exam help

View Set

GBS 151 Intro to business lesson 1 - 6

View Set

ATI Med Surg Exam 1 Practice Questions

View Set

VSIM Josephine Morrow Pre-Sim & Post-Sim Answers

View Set

capitulo 8 human anatomy and Physiology examen 2

View Set