IS381 Module 6 Quiz

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Hardware acquisition tools typically have built-in software for data analysis. True False

False

In testing tools, the term "reproducible results" means that if you work in the same lab on the same machine, you generate the same results. True False

False

When using a write-blocking device you can't remove and reconnect drives without having to shut down your workstation. True False

False

Forensics software tools are grouped into ______ and ______ applications. 1. Portable, Desktop 2. Mobile, PC 3. Local, remote 4. GUI, command-line

GUI, command-line

The standards for testing forensics tools are based on which criteria? 1. U.S. Title 18 2. ASTD 1975 3. ISO 17025 4. All of the above

ISO 17025

Which of the following is true of most drive-imaging tools? 1. They perform the same function as a backup. 2. They ensure that the original drive doesn't become corrupt and damage the digital evidence. 3. They must be run from the command line. 4. All of the above

They ensure that the original drive doesn't become corrupt and damage the digital evidence.

An encrypted drive is one reason to choose a logical acquisition. True False

True

Data viewing, keyword searching, decompressing are three subfunctions of the extraction function. True False

True

The primary hashing algorithm the NSRL project uses is SHA-1. True False

True

Hash values are used for which of the following purposes? 1. Determining file size 2. Filling disk slack 3. Reconstructing file fragments 4. Validating that the original data hasn't changed

Validating that the original data hasn't changed

Hashing, filtering, and file header analysis make up which function of digital forensics tools? 1. Validation and verification 2. Acquisition 3. Extraction 4. Reconstruction

Validation and verification

Building a forensic workstation is more expensive than purchasing one. True False

False

Data can't be written to disk with a command-line tool. True False

False

A live acquisition can be replicated. True False

False

The reconstruction function is needed for which of the following purposes? 1. Re-create a suspect drive to show what happened. 2. Create a copy of a drive for other investigators. 3. Re-create a drive compromised by malware. 4. All of the above

All of the above

When validating the results of a forensic analysis, you should do which of the following? 1. Calculate the hash value with two different tools. 2. Repeat the steps used to obtain the digital evidence, using the same tool, and recalculate the hash value to verify the results. 3. Use a command-line tool and then a GUI tool. 4. None of the above

Calculate the hash value with two different tools.

The verification function does which of the following? 1. Proves that a tool performs as intended 2. Creates segmented files 3. Proves that two sets of data are identical via hash values 4. Verifies hex editors

Proves that two sets of data are identical via hash values

A log report in forensics tools does which of the following? 1. Tracks file types 2. Monitors network intrusion attempts 3. Records an investigator's actions in examining a case 4. Lists known good files

Records an investigator's actions in examining a case

According to ISO standard 27037, which of the following is an important factor in data acquisition? 1. The DEFR's competency 2. The DEFR's skills in using the command line 3. Conditions at the acquisition setting 4. None of the above

The DEFR's competency


Kaugnay na mga set ng pag-aaral

Prep U for Brunner and Suddarth's Textbook of Medical Surgical Nursing, 13th Edition Chapter 40: Assessment of Musculoskeletal Function

View Set

UNIT 3: Blood Vessels (Blood Flow) (Mylab and Mastering)

View Set

Marketing Chapters 11, 12,13,14,17,20

View Set

CompTIA A+ 220-1001 Session 5 Post Assessment

View Set