470 midterm study guide

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What hexadecimal code below identifies an NTFS file system in the partition table?​

07

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?​

0x1BE

At what distance can the EMR from a computer monitor be picked up

1/2 mile

When was the Freedom of Information Act originally enacted?

1960s

What is the maximum amount of time computing components are designed to last in normal business operations?

36 months

By what percentage can lossless compression reduce image file size?

50%

​A typical disk drive stores how many bytes in a single sector?

512

When recovering evidence from a contaminated crime scene, the investigator should take measures to avoid damage to the drive from overheating. At what temperature should the investigator take action? Correct!

80 degrees or higher

Which term refers to an accusation or supposition of fact that a crime has been committed and is made by the complainant, based on the incident?

Allegation

What does the investigator in a criminal or public-sector case submit, at the request of the prosecuting attorney, if he or she has enough information to support a search warrant?

An affidavit

What will allow the investigator to arrive at a scene, acquire the needed data, and return to the lab as quickly as possible?

An initial-response field kit

What term refers to the individual who has the power to conduct digital forensic investigations?

Authorized requester

​The ReFS storage engine uses a __________ sort method for fast access to large data sets.

B+tree

In what process is the acquisition of newer and better resources for investigation justified?

Building a business case

When federal courts are evaluating digital evidence from computer-generated records, what exception is applied to hearsay?

Business-records exception

When confidential business data are included with the criminal evidence, what are they referred to as?

Commingled data

Which entity was formed by the FBI in 1984 to handle the increasing number of cases involving digital evidence?

Computer Analysis and Response Team

What process refers to recording all the updates made to a workstation?

Configuration management

Which Pacific Northwest agency meets to discuss problems that digital forensics examiners encounter?

Criminal

A technician is trying to recover information on a computer that has been hidden or deleted on purpose in order to hide evidence of a crime. Which type of task is the technician performing?

Digital forensics

Which group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime?

Digital investigations

When an investigator seeks a search warrant, which of the following must be included in an affidavit to support the allegation of a crime?

Exhibits

Which group often works as part of a team to secure an organization's computers and networks?

Forensics investigators

What organization was created by police officers in order to formalize credentials for digital investigators?

IACIS

Which agency introduced training on software for forensics investigations by the early 1990s?

IACIS

Which is the most accurate statement about investigating and controlling computer incident scenes in private-sector environments as compared to crime scenes?

Investigating and controlling the scene is much easier in private sector environments.

What must be done, under oath, to verify that the information in the affidavit is true?

It must be notarized.

What does Autopsy use to validate an image?

MD5

What is most often the focus of digital investigations in the private sector?

Misuse of digital assets

In addition to FAT16, FAT32, and Resilient File System, which file system can Windows hard disks also use?

NTFS

Without a warning banner, what right might employees assume they have when using a company's computer systems and network accesses?

Privacy

Methods for restoring large data sets are important for labs using which type of servers?

RAID

Which RAID configuration, also called mirrored striping, is a combination of RAID 1 and RAID 0?

RAID 10

Which RAID configuration offers the greatest access speed and most robust data recovery capability?

RAID 15

In addition to RAID 0, what type of RAID configuration is available for Windows XP, 2000, and NT servers and workstations?

RAID1

At a minimum, what do most company policies require that employers have in order to initiate an investigation?

Reasonable suspicion that a law or policy is being violated.

​What registry file contains user account management and security settings?

SAM.dat

In addition to environmental issues, what issues are the investigator's primary concerns when working at the scene to gather information about an incident or a crime?

Safety

What type of acquisition is typically done on a computer seized during a police raid?

Static

What material is recommended for secure storage containers and cabinets?

Steel

During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. What did the U.S. Department of Defense call this special computer-emission shielding? Correct!

Tempest

At what location does the forensics investigator conduct investigations, store evidence, and do most of his or her work?

The digital forensics lab

What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive?

TrueCrypt

Which of the following is not a valid configuration of Unicode?​

UTF - 64

What reports are generated at the local, state, and federal levels to show the types and frequency of crimes committed?

Uniform crime reports

What kind of forensic investigation lab best preserves the integrity of evidence?

a secure facility

What do law enforcement investigators need in order to remove computers from a crime scene and transport them to a lab?

a warrant

Which type of kit should include all the tools the investigator can afford to take to the field?

an extensive response field kit

Where should your computer backups be kept?

an off site facility

How frequently should floors and carpets in the computer forensic lab be cleaned to help minimize dust that can cause static electricity?

at least once a week

What type of records are considered data that the system maintains, such as system log files and proxy server logs

computer generated

What term below describes a column of tracks on two or more disk platters?

cylinder

What command works similarly to the dd command but has many features designed for computer forensics acquisitions?

dcfldd

What command creates a raw format file that most computer forensics analysis tools can read?

dd

The ___________ command inserts a HEX E5 (0xE5) in a filename's first letter position in the associated directory entry.​

delete

What is the most common and flexible data-acquisition method?

disk to image file copy

What command below can be used to decrypt EFS files?​

efsrecvr

What term refers to a person using a computer to perform routine tasks other than systems administration?

end user

How frequently does IACIS require recertification to demonstrate continuing work in the field of computer forensics?

every 3 years

What term is used to describe a disk's logical structure of platters, tracks, and sectors?

geometry

​The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

hive

What type of acquisition is done if the computer has an encrypted drive and the password or passphrase is available?

live

What type of acquisition is used for most remote acquisitions?

live

Addresses that allow the MFT to link to nonresident files are known as _______________.​

logical cluster numbers

What type of evidence do courts consider evidence data in a computer to be

physical

What standard is used to determine whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest?

probable cause

The presence of police officers and other professionals who aren't part of the crime scene-processing team may result in the loss or corruption of data through which process?

professional curiosity

Which type of format acquisition leaves the investigator unable to share an image between different vendors' computer forensics analysis tools?

proprietary

What is the third stage of a criminal case, after the complaint and the investigation?

prosecution

. In addition to md5sum, which hashing algorithm utility is included with current distributions of Linux?

sha1sum

What registry file contains installed programs' settings and associated usernames and passwords?​

software.dat

If your time is limited, what type of acquisition data copy method should you consider?

sparse

When using the File Allocation Table (FAT), where is the FAT database typically written to?​

the outermost track

Under what circumstances are digital records considered admissible?

they are business records

What did Microsoft add to its newer operating systems that makes performing static acquisitions more difficult? Correct!

whole disk encryption

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?​

​$LogFile

What does the MFT header field at offset 0x00 contain?

​The MFT record identifier FILE

Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

​Zone Bit Recording (ZBR)

Which of the following commands ​creates an alternate data stream?

​echo text > myfile.txt:stream_name

Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital eXtended capacity (SDCX), and memory sticks:​

​exFAT


Ensembles d'études connexes

Lecture 4: Cultural Competence, Cultural Humility & Communication (EXAM 1)

View Set

Chapter 48: Nursing Care of a Family when a Child has an Endocrine or a Metabolic Disorder

View Set

Biology Chapter Three Study Guide

View Set

Orthopedic Assessment-Stephanie Nelson Tarleton State University Final Exam Review

View Set

Minimizing Human Impact on the Environment

View Set