Forensics Review Quiz 1

¡Supera tus tareas y exámenes ahora con Quizwiz!

How is Unallocated Space named in FTK and FTK Viewer

Each unallocated space is named after the sector or cluster from which it starts in.

Name three file systems FTK Imager can read.

FAT (12,16, 32), NTFS, HFS

How can you get all the images in a case to appear in the File List on the Graphic Tab

Find the user that you want to display all of the Graphics for, and "Quick Pick" them... This will show you all of the Graphics for that user.

You use the ____ option with the dcfldd command to designate a hashing algorithm of md5, sha1, sha256, sha384, or sha512. a. hashlog b. checksum c. hash d. md5sum

hash

Name four imaging formats FTK Imager can write.

.001 - Raw dd(Linux dd), .S01 - SMART, .aff - Advanced Forensics Format, .ADI - AccessData Custom Content Logical Images

Name the 2 default KFF Groups

AD_Alert, AD_Ingnore

When archiving a case, which two things must occur separately

Detach, Archive

In the ____, you justify acquiring newer and better resources to investigate digital forensics cases. a. risk evaluation b. upgrade policy c. configuration plan d. business case

business case

The affidavit must be ____ under sworn oath to verify that the information in the affidavit is true. a. challenged b. notarized c. recorded d. examined

notarized

Name three things a case reviewer cannot do

Create, Add, or delete Cases. Administer Users. Use the Decrypt Files Menu option.

Name the five images that FTK Imager can read.

EnCase (.E01), Virtual Hard Disk (.vhd), Pinnacle CD Image (.pdi), Gear CD Image (.p01), Tar Archive (.tar)

Computer investigations and forensics fall into the same category: public investigations. True False

False

If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately. True False

False

If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available. True False

False

What are the 8 Primary Containers of the Overview Tab

File Items, File Extension, File Category, File Status, Labels, Bookmarks, Cluster Topic, Document Content

Name four different media and data storage devices.

Floppy Disk, Hard Drives, CD's, Tablets

If the computer has an encrypted drive, a ____ acquisition is done if the password or passphrase is available. a. live b. local c. passive d. static

Live

Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility. a. professional conduct b. professional policy c. line of authority d. oath

Professional Conduct

____ involves determining how much risk is acceptable for any process or operation, such as replacing equipment. a. Risk configuration b. Change management c. Risk management d. Configuration management

Risk Management

After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant. True False

True

Computing systems in a forensics lab should be able to process typical cases in a timely manner. True False

True

To be a successful computer forensics investigator, you must be familiar with more than one computing platform. True False

True

Which file category is Unallocated Space Located

Unallocated space is located under Overview tab.

In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____. a. blotter b. litigation report c. affidavit d. exhibit report

affidavit

In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. a. authority of right b. authorized requester c. line of right d. authority of line

authorized requester

In a ____ case, a suspect is charged for a criminal offense, such as burglary, murder, or molestation. a. criminal b. fourth amendment c. civil d. corporate

criminal

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. a. Computer forensics b. Disaster recovery c. Network forensics d. Data recovery

data recovery

A ____ is where you conduct your investigations, store evidence, and do most of your work. a. workbench b. storage room c. digital forensics lab d. forensic workstation

digital forensics lab

The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime. a. digital investigations b. incident response c. network intrusion detection d. litigation

digital investigations

A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing. a. configuration management b. security c. disaster recovery d. risk management

disaster recovery

A(n) ____ is a person using a computer to perform routine tasks other than systems administration. a. investigator b. end user c. complainant d. user banner

end user

___ often work as part of a team to secure an organization's computers and networks. a. Computer analysts b. Data recovery engineers c. Forensics investigators d. Network monitors

forensics investigators

Floors and carpets on your computer forensic lab should be cleaned at least ____ a week to help minimize dust that can cause static electricity. a. once b. twice c. three times d. four times

once

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools. a. AFF b. AFD c. raw d. proprietary

proprietary

In general, a criminal case follows three stages: the complaint, the investigation, and the ____. a. blotter b. allegation c. prosecution d. litigation

prosecution

A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock. a. wood b. steel c. gypsum d. expanded metal

steel


Conjuntos de estudio relacionados

chapter 12 - distributing products and services

View Set

Health Assessment Chapter 15 Ears

View Set

Lewis Ch. 51 & 52 STIs, Breast Disorders

View Set

basic techniques in microbiology final

View Set

Slope Intercept Form Graphing, Slope-Intercept, Slope

View Set