exam 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

NTFS

was introduced when Microsoft created Windows NT and is still the main file system in Windows 10.

virtual machine

A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.

cylinder

A ____ is a column of tracks on two or more disk platters.

portable workstation

A forensics workstation consisting of a laptop computer with a built-in LCD monitor and almost as many bays and peripherals as a stationary workstation is also known as a ____.

dd

Raw data is a direct copy of a disk drive. An example of a Raw image is output from the UNIX/Linux ____ command.

meta data

Records in the MFT are called ____.

carving

Recovering any type of file fragments is called_______.

image file

Software forensics tools are commonly used to copy data from a suspect's disk drive to a(n) ____.

Lossy

What kind of data compression should you use if you want to discard of some redundant bits?

vector

What type of graphics use lines instead of dots to make up an image?

EFS

When Microsoft introduced Windows 2000, it added built-in encryption to NTFS called ____.

hiding

Data ____ involves changing or manipulating a file to conceal information.

Master Directory Block MDB)

On older Macintosh OSs all information about the volume is stored in the ____.

hexadecimal editor, computer forensics tool

Getting a hash value with a ____ is much faster and easier than with a(n) ____.

subpoenas

In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover.

resource

In older Mac OSs, a file consists of two parts: a data fork, where data is stored, and a ____ fork, where file metadata and application information are stored.

inodes

Linux is unique in that it uses ____, or information nodes, that contain descriptive information about each file or directory.

key escrow

Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system data failure.

password dictionary

Many password recovery tools have a feature that allows generating potential lists for a ____ attack.

extents overflow file

On Mac OSs, File Manager uses the ____ to store any information not in the MDB or Volume Control Block (VCB).

NSRL

The NIST project that has as a goal to collect all known hash values for commercial software applications and OS files is ____.

Advanced SCSI programing interface

The ____ provides several software drivers that allow communication between the OS and the SCSI component.

NIST

The ____ publishes articles, provides tools, and creates procedures for testing and validating computer forensics software.

data runs

The file or folder's MFT record provides cluster addresses where the file is stored on the drive's partition. These cluster addresses are called ____.

data block

The final component in the UNIX and Linux file system is a(n) ____, which is where directories and files are stored on a disk drive.

SHA-1

The primary hash algorithm used by the NSRL project is ____.

recovery certificate

The purpose of the ____ is to provide a mechanism for recovering files encrypted with EFS if there's a problem with the user's original private key.

disk-to-disk

The simplest method of duplicating a disk drive is using a tool that does a direct ____ copy from the original disk to the target disk.

volume bitmap

With Mac OSs, a system application called ____ tracks each block on a volume to determine which blocks are in use and which ones are available to receive data.

investigation plan

You begin any computer forensics case by creating a(n) ____.

remote acquisitions

____ are handy when you need to image the drive of a computer far away from your location or when you don't want a suspect to be aware of an ongoing investigation.

brute-force

____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.

write-blockers

____ can be software or hardware and are used to protect evidence disks by preventing you from writing any data to the evidence disk.

device drivers

____ contain instructions for the OS for hardware devices, such as the keyboard, mouse, and video card, and are stored in the systemroot\Windows\System32\Drivers folder.

config.sys

____ is a text file containing commands that typically run only at system startup to enhance the computer's DOS configuration.

steganography

____ is defined as the art and science of hiding messages in such a way that only the intended recipient knows the message is there.

ZBR

____ is how most manufacturers deal with a platter's inner tracks being shorter than its outer tracks.

FAT

____ is the file structure database that Microsoft originally designed for floppy disks.

discrimination

____ of data involves sorting and searching through all investigation data.

password

____ recovery is a fairly easy task in computer forensic analysis.

areal density

____ refers to the number of bits in one square inch of a disk platter.

live

____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search.

User32.sys

______ is a core Win32 subsystem DLL file.


Ensembles d'études connexes

Practice Questions PT 2: Upper GI Problems

View Set

Liver, Gallbladder, and Pancreas

View Set

Chapter 16 Dilutive Securties and Earnings Per Share

View Set

Pharm: Chapter 34 therapy for fluid volume, 32: Drug Therapy for Fluid Volume Excess, Chapter 34: Drug Therapy for Fluid Volume Excess, Chapter 34: Drug Therapy for Fluid Volume Excess, 28: Drug Therapy for Hypertension, Prep U: Chapter 26=Drug Thera…

View Set

Operant and Classical Conditioning

View Set

Psychology test 2 questions: chapters 6,8,9,11

View Set