CIST 2612 QUIZZES

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.

virtual machine

When recovering evidence from a contaminated crime scene, if the temperature in the contaminated room is higher than ____ degrees, you should take measures to avoid damage to the drive from overheating.

80

Computing components are designed to last 18 to ____ months in normal business operations.

36

____ refers to the number of bits in one square inch of a disk platter.

Areal Density

Microsoft has added ____ with BitLocker to its newer operating systems, which makes performing static acquisitions more difficult.

BACKUP UTILITIES

Generally, digital records are considered admissible if they qualify as a ____ record

BUSINESS

Investigating and controlling computer incident scenes in private-sector environments is ____ in crime scenes.

MUCH EASIER THAN

____ is the standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest.

PROBABLE CAUSE

Evidence is commonly lost or corrupted through ____, which involves the presence of police officers and other professionals who aren't part of the crime scene-processing team.

PROFESSIONAL CURIOUSITY

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools.

PROPRIETARY

In ____, two or more disk drives become one large volume, so the computer views the disks as a single disk.

RAID 0

____, or mirrored striping, is a combination of RAID 1 and RAID 0.

RAID 10

____, or mirrored striping with parity, is a combination of RAID 1 and RAID 5.

RAID 15

Every business or organization must have a well-defined process describing when an investigation can be initiated. At a minimum, most company policies require that employers have a ____ that a law or policy is being violated.

REASONABLE SUSPICION

____involves determining how much risk is acceptable for any process or operation, such as replacing equipment.

RISK MANAGEMENT

Environmental and ____ issues are your primary concerns when you're working at the scene to gather information about an incident or a crime.

SAFETY

To preserve the integrity of evidence, your lab should function as an evidence locker or safe, making it a ____ or a secure storage safe.

SECURE FACILITY

Real-time surveillance requires ____ data transmissions between a suspect's computer and a network server.

SNIFFING

One technique for extracting evidence from large systems is called ____.

SPARSE ACQUISITION

Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example.

STATIC

A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.

STEEL

When seizing computer evidence in criminal investigations, follow the ____ standards for seizing digital data.

U.S DoJ

___are generated at the federal, state, and local levels to show the types and frequency of crimes committed.

UNIFORM CRIME REPORTS

____ is a core Win32 subsystem DLL file.

User32.sys

Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.

WARRANT

The FOIA was originally enacted in the ____.

1960s

The EMR from a computer monitor can be picked up as far away as ___mile.

1/2

In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.

1024

____, located in the root folder of the system partition, specifies the Windows XP path installation and contains options for selecting the Windows version

Boot.ini

What HTCN certification level requires candidates have three years of experience in computing investigations for law enforcement or corporate cases?

CERTIFIED COMPUTER FORENSICS TECHNICIAN., BASIC

____ records are data the system maintains, such as system log files and proxy server logs.

COMPUTER-GENERATED

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.

DCFLDD

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions.

DD

____ contain instructions for the OS for hardware devices, such as the keyboard, mouse, and video card, and are stored in the systemroot\Windows\System32\Drivers folder.

DEVICE DRIVERS

A _______ is where you conduct your investigations, store evidence , and do most of your work.

DIGITAL FORENSICS LAB

A _____ plan specifies how to rebuild a forensic workstation after is has been severely contaminated by a virus from a drive you're analyzing.

DISASTER RECOVERY

The most common and flexible data-acquisition method is ____.

DISK -TO-IMAGE FILE COPY

Older Microsoft disk compression tools, such as DoubleSpace or ____, eliminate only slack disk space between files.

DRIVESPACE

When Microsoft introduced Windows 2000, it added optional built-in encryption to NTFS called ____.

EFS

____ is the file structure database that Microsoft originally designed for floppy disks.

FAT

One way to investigate older and unusual computing systems is to keep track of ____ that you can find through an online search.

FORUMS AND BLOGS

You use the ____ option with the dcfldd command to designate a hashing algorithm of md5, sha1, sha256, sha384, or sha512.

HASH

Most federal courts that evaluate digital evidence from computer-generated records assume that the records contain ____.

HEARSAY

___ was created by police officers who wanted to formalize credentials in digital investigations.

IACIS

With a(n) ____ you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible.

INITIAL RESPONSE FIELD-KIT

Linux ISO images that can be burned to a CD or DVD are referred to as ____.

LINUX LIVE CDS

Most remote acquisitions have to be done as ____ acquisitions.

LIVE

The ____ command displays pages from the online help manual for information on Linux commands and their options.

MAN

Autopsy uses ____ to validate an image.

MD5

On an NTFS disk, immediately after the Partition Boot Sector is the ____.

MFT

Records in the MFT are called ____

Metadata

____, located in the root folder of the system partition, is the device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS.

NTBootdd.sys

____ is a 16-bit real-mode program that queries the system for device and configuration data, and then passes its findings to Ntldr.

NTDetect.com

Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Resilient File System.

NTFS

____ was introduced when Microsoft created Windows NT and is still the main file system in Windows 10.

NTFS

____ is Windows XP system service dispatch stubs to executables functions and internal support functions.

Ntdll.dll

____ is the physical address support program for accessing more than 4 GB of physical RAM.

Ntkrnlpa.exe

You should have at least one copy of your backups on site and a duplicate or a previous copy of your backups stored in a safe

OFF-SITE

Floors and carpets on your computer forensic lab should be cleaned at least ____ a week to help minimize dust that can cause static electricity.

ONCE

During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____.

TEMPEST

____ is how most manufacturers deal with a platter's inner tracks having a smaller circumference than its outer tracks.

ZBR

A ____ is a column of tracks on two or more disk platters.

cylinder

The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are called ____.

data runs

The purpose of the ____ is to provide a mechanism for recovering files encrypted with EFS if there's a problem with the user's original private key.

recovery certificate

When Microsoft created Windows 95, it consolidated initialization (.ini) files into the ____.

registry


Kaugnay na mga set ng pag-aaral

Chapter 39: Fluid, Electrolyte, and Acid-Base Balance

View Set

Intro to Business: Chapter 7 - Operations Management and Quality

View Set

NU270 Week 10 PrepU: Diversity (Chapter 5)

View Set

International Econ Midterm - SIS 616

View Set