Computer Forensics Test

A(n) ________ can possess one of two values: 1 or 0.

Bit

FireWire is based upon which of the following standards? A. 802.11 B. ANSI N42 C. IEEE 1394 D. ISO 9660

. IEEE 1394.

Which of the following values are found in hexadecimal? A. 0 or 1 B. 0-9 and A-F C. 0-9 D. A-F

0-9 and A-F.

A nibble represents how many bits? A. 2 B. 4 C. 8 D. 16

4

Which of the following contains the permissions associated with files? A. Journal B. Alternate data stream C. Access control list D. BIOS

Access control list.

A Chain of Custody form is used to document which of the following?

Anyone who has been in contact with evidence in a case.

Which of the following best describes an actuator arm on a hard disk? A. It is an area of the disk that can no longer be used to store data. B. It is a circular disk made from aluminum, ceramic, or glass where data is stored magnetically. C. It is found at the center of the disk, is powered by a motor, and is used to spin the platters. D. It contains a read/write head that modifies the magnetization of the disk.

D. It contains a read/write head, which modifies the magnetization of the disk.

________ ________ refers to the structure of a hard disk in terms of platters, tracks, and sectors.

Disk Geometry

________ ________ is a Windows application used to view event logs.

Event Viewer

________ is the base 16 numbering system, which includes numbers 0 to 9 and letters A to F.

Hexadecimal

. The world's largest international police organization is called ________.

INTERPOL

A(n) ________ is comprised of eight bits and is the smallest addressable unit in memory.

byte

evidentiary

constituting evidence or proof, having the quality of evidence

The process of scrambling plain text into an unreadable format using a mathematical formula is called ________.

encryption

A defendant can prove his innocence with the use of ________ evidence.

exculpatory

A(n) ____ disk is a thin, flexible, plastic computer storage disc that is housed in a rigid plastic rectangular casing.

floppy

2. Computer ________ is the use of digital evidence in a criminal investigation.

forensics

The less reflective surfaces on a CD that have not been burned by a laser are called ____.

pits

Short-term, volatile memory, the contents of which disappear when a computer is powered down, is called ________ access memory

random

Computer ________ is the prevention of unauthorized access to computers and their associated resources.

security

8. A(n) ________ is a device used to capture the information stored in the magnetic strip of an ATM, credit, or debit card.

skimmer

Chain of Custody

the documented and unbroken transfer of evidence

Fault ____ means that if one component in a system, like a hard disk drive, fails then the system will continue to operate.

tolerance

A(n) ____ is a hardware device that allows an individual to read data from a device, like a hard drive, without writing to that device.

write-blocker

Which of the following values are found in binary? A. 0 or 1 B. 0-9 and A-F C. 0-9 D. A-F

A. 0 or 1.

Which of the following statements best describes a bit-stream imaging tool?

A. A bit-stream imaging tool produces a bit-for-bit copy of the original media. B. A bit-stream imaging tool often provides the examiner with deleted files.

Which of the following are benefits of email evidence?

A. Email evidence generally exists in multiple areas. B. It can often be found easier than other types of evidence. C. It has been accepted as admissible evidence in a number of cases.

The reflective surfaces on a CD burned flat by a laser are referred to as which of the following? A. Lands B. Pits C. Mirrors D. Craters

A. Lands.

Which of the following is volatile memory that is used for processes that are currently running on a computer? A. RAM B. ROM C. Hard disk drive D. Flash

A. RAM.

Which of the following statements is not true about Regional Computer Forensics Laboratories (RCFLs)? A. RCFLs can be used by criminal defense lawyers. B. The establishment of RCFLs has been sponsored by the FBI. C. RCFLs not only are used for investigations, but also provide computer forensics training. D. RCFLs exist in both the United States and Europ

A. RCFLs can be used by criminal defense lawyers.

Which of the following terms best describes the hiding, altering, or destroying of evidence related to an investigation? A. Spoliation of evidence B. Manipulation of evidence C. Inculpatory evidence D. Exculpatory evidence

A. Spoliation of evidence.

Which of the following is true of solid state drives? A. They have no moving parts. B. Files are stored on metal platters. C. It is volatile memory. D. None of the above are true.

A. They have no moving parts.

BitLocker

An encryption tool that was introduced with the Ultimate and Enterprise editions of Microsoft Windows Vista, which allows for encryption at the file, folder, or drive level.

6. Which of the following statements is not true about photo images? A. Images can possess evidence of where the suspect has been. B. Images cannot be easily found using bit-stream imaging tools such as FTK. C. An image can identify the make and model of the digital camera. D. Basically just one type of digital image is used today

B. Images cannot be easily found using bit-stream imaging tools, like FTK.

Boot ____ is a utility included with Mac OS X 10.6 (Snow Leopard) that enables to user to run Windows operating system on an Intel-based Mac.

Boot Camp is a utility that is included with Mac OS X 10.6 (Snow Leopard) that allows the user to run Windows operating system on an Intel-based Mac.

Which of the following is a high-capacity optical disc that can be used to store high-definition video? A. CD B. DVD C. BD D. VCD

C. BD.

Which of the following facilitates the communication between a computer's CPU and hard disks? A. Actuator arm B. ROM chip C. Disk controller D. FireWire

C. Disk controller.

Which of the following best defines computer forensics?

Computer forensics is the use of digital evidence to solve a crime.

Which of the following best describes the information contained in the MFT? A. File and folder metadata B. File compression and encryption C. File permissions D. All of the above

D. All of the above.

Which of the following is true of a disk clone? A. It is a bootable copy. B. It can be used as a hard drive backup. C. Neither A nor B. D. Both A and B.

D. Both A and B.

Which of the following memory cards is most likely to be found in Sony electronics? A. Secure Digital Card B. CompactFlash C. MultiMedia Card D. Memory Stick

D. Memory Stick.

Which of the following refers to the rigid disk where files are stored magnetically? A. Cylinder B. Actuator C. Spindle D. Platter

D. Platter.

Which of the following refers to two or more disks used in conjunction with one another to provide increased performance and reliability through redundancy? A. RAM B. SCSI C. IDE D. RAID

D. RAID.

. Which of the following acts established the Department of Homeland Security and mandated that the United States Secret Service establish Electronic Crime Task Forces nationwide? A. Health Insurance Portability and Accountability Act B. Children's Online Privacy Protection Act C. The PROTECT Act D. The USA PATRIOT Act

D. The U.S. PATRIOT Act.

Which of the following is a UNIX command that produces a raw data image of a storage medium, like a hard drive or magnetic tape in a forensically sound manner? A. aa B. bb C. cc D. dd

D. dd.

________ is the process of eliminating the amount of fragmentation in a file system to make file chunks (512KB blocks) closer together and increase free space areas on a disk.

Defragmentation

________ file system was introduced in 1980 as the first version of FAT and is the file system found on floppy disks

FAT 32

Which of the following file systems was developed for use on the Xbox? A. FAT12 B. FAT16 C. FAT32 D. FATX

FATX

The Computer Analysis and Response Team (CART) is a unit of which government agency?

FBI

____ collection is a memory management process that removes unused files to make more memory available.

Garbage

________ is a public-private agency of the FBI, which promotes the exchange of information between the private and public sectors on issues related to terrorism, intelligence, and security matters.

InfraGard

Integrated Drive ____ is a drive interface, connector, and controller, which is largely based on IBM PC standards, for devices like hard disk drives, tape drives, and optical drives.

Integrated Drive Electronics is a drive interface, connector and controller, which is largely based on IBM PC standards, for devices like hard disk drives, tape drives, and optical drives.

The Host ____ Area is a region on a hard disk will often contain code associated with the BIOS for booting and recovery purposes.

Protected

What is the name of the nonvolatile storage that can generally not be modified and is involved in the boot process? A. RAM B. Flash memory C. Partition D. ROM

ROM

Which of the following Windows features allows the user to extend virtual memory using a removable flash device? A. BitLocker B. Volume Shadow Copy C. ReadyBoost D. Backup and Restore

ReadyBoost

The Master Boot ________ is used by the BIOS to start the boot process

Record

____ ATA is an interface that connects devices, like hard disk drives to host bus adapters

Serial ATA is an interface that connects devices, like hard disk drives to host bus adapters.

Encryption

The process of scrambling plain text into an unreadable format using a mathematical formula.

Computer Forensics

The use of digital data to solve a crime

A(n) ________ server delivers HTML documents and related resources in response to client computer requests.

Web

________ ________ is a hierarchical database that stores system configuration information. The Registry is comprised of two elements, keys and values.

Windows Registry

1. A(n) ________ is a set of steps used to solve a problem.

algorithm

Exculpatory evidence

any information having a tendency to clear a person of guilt or blame

The ________ uses tracked changes to files for fast and efficient restoration of files when there is a system failure or power outage.

journal

A disk ____ is actually one file or a group of files that contain bit-for-bit copies of a hard drive but cannot be used for booting a computer or other operations.

A disk image is actually one file or a group of files that contain bit-for-bit copies of a hard drive but cannot be used for booting a computer or other operations.

bit-stream imaging tool

A tool that produces a bit-for-bit copy of original media, including files marked for deletion.

Computer Analysis and Response Team

A unit within the FBI that is responsible for providing support for investigations that require skilled computer forensics examinations.