ITSY-2343 Mid Term Review

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

____ is the file structure database that Microsoft originally designed for floppy disks. a. NTFS b. FAT32 c. VFAT d. FAT

FAT

In ____, two or more disk drives become one large volume, so the computer views the disks as a single disk. a. RAID 0 b. RAID 1 c. RAID 5 d. RAID 6

a. RAID 0

____ is a data-hiding technique that uses host files to cover the contents of a secret message. a. Steganography b. Steganalysis c. Graphie d. Steganos

a. Steganography

Image files can be reduced by as much as ____% of the original when using lossless compression. a. 15 b. 25 c. 30 d. 50

d. 50

The uppercase letter ____ has a hexadecimal value 41. a. "A" b. "C" c. "G" d. "Z"

a. "A"

For Windows XP, 2000, and NT servers and workstations, RAID 0 or ____ is available. a. 1 b. 4 c. 2 d. 5

a. 1

Digital forensics tools are divided into ____ major categories. a. 2 b. 3 c. 4 d. 5

a. 2

____ was created by police officers who wanted to formalize credentials in digital investigations. a. HTCN b. NISPOM c. TEMPEST d. IACIS

IACIS

____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program. a. Replacement b. Append c. Substitution d. Insertion

Insertion

When recovering evidence from a contaminated crime scene, if the temperature in the contaminated room is higher than ____ degrees, you should take measures to avoid damage to the drive from overheating. a. 80 b. 90 c. 95 d. 105

a. 80

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. a. Data recovery b. Network forensics c. Computer forensics d. Disaster recovery

a. Data recovery

When Microsoft introduced Windows 2000, it added optional built-in encryption to NTFS called ____. a. EFS b. VFAT c. LZH d. RAR

a. EFS

By the early 1990s, the ____ introduced training on software for forensics investigations. a. IACIS b. FLETC c. CERT d. DDBIA

a. IACIS

Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Resilient File System. a. NTFS b. ext3 c. FAT24 d. ext2

a. NTFS

The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03. a. TIFF b. XIF c. JPEG d. GIF

b. XIF

Generally, digital records are considered admissible if they qualify as a ____ record. a. hearsay b. business c. computer-generated d. computer-stored

b. business

In the ____, you justify acquiring newer and better resources to investigate digital forensics cases. a. risk evaluation b. business case c. configuration plan d. upgrade policy

b. business case

The raw data format, typically created with the Linux ____ command, is a simple bit-for-bit copy of a data file, a disk partition, or an entire drive. a. rawcp b. dd c. d2dump d. dhex

b. dd

A ____ is where you conduct your investigations, store evidence, and do most of your work. a. forensic workstation b. digital forensics lab c. storage room d. workbench

b. digital forensics lab

A(n) ____ should include all the tools you can afford to take to the field. a. initial-response field kit b. extensive-response field kit c. forensic lab d. forensic workstation

b. extensive-response field kit

Most remote acquisitions have to be done as ____ acquisitions. a. static b. live c. sparse d. hot

b. live

Records in the MFT are called ____. a. hyperdata b. metadata c. inodes d. infodata

b. metadata

Most digital investigations in the private sector involve ____. a. e-mail abuse b. misuse of digital assets c. Internet abuse d. VPN abuse

b. misuse of digital assets

Without a warning banner, employees might have an assumed ____ when using a company's computer systems and network accesses. a. line of authority b. right of privacy c. line of privacy d. line of right

b. right of privacy

A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock. a. gypsum b. steel c. wood d. expanded metal

b. steel

The most common and flexible data-acquisition method is ____. a. Disk-to-disk copy b. Disk-to-network copy c. Disk-to-image file copy d. Sparse data copy

c. Disk-to-image file copy

____ was introduced when Microsoft created Windows NT and is still the main file system in Windows 10. a. FAT32 b. VFAT c. NTFS d. HPFS

NTFS

____ is Windows XP system service dispatch stubs to executables functions and internal support functions. a. Ntdll.dll b. User32.dll c. Advapi32.dll d. Gdi32.dll

Ntdll.dll

Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0 and 3.0, SATA, PATA, and SCSI controllers. a. USB b. IDE c. LCD d. PCMCIA

a. USB

In addition to warning banners that state a company's rights of computer ownership, businesses should specify a(n) ____ who has the power to conduct investigations. a. authorized requester b. authority of line c. line of right d. authority of right

a. authorized requester

A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing. a. disaster recovery b. risk management c. configuration management d. security

a. disaster recovery

The simplest way to access a file header is to use a(n) ____ editor a. hexadecimal b. image c. disk d. text

a. hexadecimal

Under copyright laws, computer programs may be registered as ____. a. literary works b. motion pictures c. architectural works d. audiovisual works

a. literary works

Investigating and controlling computer incident scenes in private-sector environments is ____ in crime scenes. b. as easy as c. as difficult as d. more difficult than

a. much easier than

Courts consider evidence data in a computer as ____ evidence. a. physical b. invalid c. virtual d. logical

a. physical

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools. a. proprietary b. raw c. AFF d. AFD

a. proprietary

A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will. a. warning banner b. right of privacy c. line of authority d. right banner

a. warning banner

Microsoft has added ____ with BitLocker to its newer operating systems, which makes performing static acquisitions more difficult. a. whole disk encryption b. backup utilities c. recovery wizards d. NTFS

a. whole disk encryption

The EMR from a computer monitor can be picked up as far away as ____ mile. a. 1/4 b. 1/2 c. 3/4 d. 1

b. 1/2

In general, forensics workstations can be divided into ____ categories. a. 2 b. 3 c. 4 d. 5

b. 3

____ involves sorting and searching through investigation findings to separate good data and suspicious data. a. Validation b. Filtering c. Acquisition d. Reconstruction

b. Filtering

____ compression compresses data by permanently discarding bits of information in the file. a. Redundant b. Lossy c. Huffman d. Lossless

b. Lossy

Autopsy uses ____ to validate an image. a. RC4 b. MD5 c. AFF d. AFD

b. MD5

____ is the physical address support program for accessing more than 4 GB of physical RAM. a. Hal.dll b. Ntkrnlpa.exe c. BootSect.dos d. Io.sys

b. Ntkrnlpa.exe

The primary hash algorithm used by the NSRL project is ____. a. MD5 b. SHA-1 c. CRC-32 d. RC4

b. SHA-1

____ disks are commonly used with Sun Solaris systems. a. F.R.E.D. b. SPARC c. FIRE IDE d. DiskSpy

b. SPARC

____ has been used to protect copyrighted material by inserting digital watermarks into a file. a. Encryption b. Steganography c. Compression d. Archiving

b. Steganography

____ is a 16-bit real-mode program that queries the system for device and configuration data, and then passes its findings to Ntldr. a. Hal.dll b. Boot.ini c. NTDetect.com d. BootSect.dos

c. NTDetect.com

____ are generated at the federal, state, and local levels to show the types and frequency of crimes committed. a. HTCN reports b. IDE reports c. Uniform crime reports d. ASCLD reports

c. Uniform crime reports

____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes. a. Bitmap images b. Metafile graphics c. Vector graphics d. Line-art images

c. Vector graphics

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions. a. raw b. bitcopy c. dcfldd d. man

c. dcfldd

It's the investigator's responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant. a. litigation b. prosecution c. exhibits d. reports

c. exhibits

If you can't open a graphics file in an image viewer, the next step is to examine the file's ____. a. extension b. name c. header data d. size

c. header data

Most federal courts that evaluate digital evidence from computer-generated records assume that the records contain ____. a. conclusive b. regular c. hearsay d. direct

c. hearsay

With a(n) ____ you can arrive at a scene, acquire the data you need, and return to the lab as quickly as possible. a. bit-stream copy utility b. extensive-response field kit c. initial-response field kit d. seizing order

c. initial-response field kit

If the computer has an encrypted drive, a ____ acquisition is done if the password or passphrase is available. a. passive b. static c. live d. local

c. live

You should have at least one copy of your backups on site and a duplicate or a previous copy of your backups stored in a safe ____ facility. a. in-site b. storage c. off-site d. online

c. off-site

Corporations often follow the ____ doctrine, which is what happens when a civilian or corporate investigative agent delivers evidence to a law enforcement officer. a. silver-tree b. gold-tree c. silver-platter d. gold-platter

c. silver-platter

____ records are data the system maintains, such as system log files and proxy server logs. a. Computer-generated b. Business c. Computer-stored d. Hearsay

computer generated

Magnet ____ enables you to acquire the forensic image and process it in the same step. a. DEFR b. FTK c. dd d. AXIOM

d. AXIOM

The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence. a. Federal Rules of Evidence (FRE) b. Department of Defense Computer Forensics Laboratory (DCFL) c. DIBS d. Computer Analysis and Response Team (CART)

d. Computer Analysis and Response Team (CART)

____ contain instructions for the OS for hardware devices, such as the keyboard, mouse, and video card, and are stored in the a. Hal.dll b. Pagefile.sys c. Ntoskrnl.exe d. Device drivers

d. Device drivers

The first tools that analyzed and extracted data from floppy disks and hard disks were MS-DOS tools for ____ PC file systems. a. Apple b. Atari c. Commodore d. IBM

d. IBM

The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes. a. EPS b. BMP c. GIF d. JPEG

d. JPEG

On an NTFS disk, immediately after the Partition Boot Sector is the ____. a. FAT b. HPFS c. MBR d. MFT

d. MFT

____ involves determining how much risk is acceptable for any process or operation, such as replacing equipment. a. Risk configuration b. Change management c. Configuration management d. Risk management

d. Risk management

The image format XIF is derived from the more common ____ file format. a. GIF b. JPEG c. BMP d. TIF

d. TIF

In a criminal or public case, if you have enough information to support a search warrant, the prosecuting attorney might direct you to submit a(n) ____. a. blotter b. exhibit report c. litigation report d. affidavit

d. affidavit

One way to compare results and verify your a new tool is by using a ____, such as HexWorkshop, or WinHex. a. disk imager b. write-blocker c. bit-stream copier d. disk editor

d. disk editor

You use ____ to create, modify, and save bitmap, vector, and metafile graphics. a. graphics viewers b. image readers c. image viewers d. graphics editors

d. graphics editors

Published company policies provide a(n) ____ for a business to conduct internal investigations. a. litigation path b. allegation resource c. line of allegation d. line of authority

d. line of authority

The ____ command displays pages from the online help manual for information on Linux commands and their options. a. cmd b. hlp c. inst d. man

d. man

Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility. a. professional policy b. oath c. line of authority d. professional conduct

d. professional conduct

Evidence is commonly lost or corrupted through ____, which involves the presence of police officers and other professionals who aren't part of the crime scene-processing team. a. onlookers b. HAZMAT teams c. FOIA laws d. professional curiosity

d. professional curiosity

In general, a criminal case follows three stages: the complaint, the investigation, and the ____. a. litigation b. allegation c. blotter d. prosecution

d. prosecution

Every business or organization must have a well-defined process describing when an investigation can be initiated. At a minimum, most company policies require that employers have a ____ that a law or policy is being violated. a. confirmed suspicion b. proof c. court order stating d. reasonable suspicion

d. reasonable suspicion

To preserve the integrity of evidence, your lab should function as an evidence locker or safe, making it a ____ or a secure storage safe. a. secure workstation b. secure workbench c. protected PC d. secure facility

d. secure facility

One technique for extracting evidence from large systems is called ____. a. RAID copy b. RAID imaging c. large evidence file recovery d. sparse acquisition

d. sparse acquisition

Typically, a(n) ____ acquisition is done on a computer seized during a police raid, for example. a. live b. online c. real-time d. static

d. static

Steganalysis tools are also called ____. a. image editors b. image tools c. hexadecimal editors d. steg tools

d. steg tools


Ensembles d'études connexes

math chapter 2 Quest review problems

View Set

Med-Surg Ch 45 Renal and Urologic Problems

View Set

Chapter 1: Introduction to Computers and Programming

View Set

PEDO (L'examen en dentisterie pédiatrique)

View Set

Geography 332 - Study Guide for Megalopolis

View Set

Thirteenth, Fourteenth, & Fifteenth Amendments

View Set