Digital Forensics Post-Course Assessment

Confidential business data included with the criminal evidence are referred to as ____ data. A) Commingled B) Exposed C) Revealed D) Public

A) Commingled

The SIM file structure begins with the root of the system (____). A) MF B) EF C) DF D) DCS

A) MF

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions. A) dd B) man C) raw D) fdisk

A) dd

In a prefetch file, the application's last access date and time are at offset ____. A) 0xD4 B) 0x90 C) 0x80 D) 0x88

B) 0x90

____, located in the root folder of the system partition, specifies the Windows XP path installation and contains options for selecting the Windows version. A) NTBootdd.sys B) Boot.ini C) BootSec.dos D) NTDetect.com

B) Boot.ini

The FBI ____ was formed in 1984 to handle the increasing number of cases involving digital evidence. A) Federal Rules of Evidence (FRE) B) Computer Analysis and Response Team (CART) C) Department of Defense Computer Forensics Laboratory (DCFL) D) DIBS

B) Computer Analysis and Response Team (CART)

On Mac OSs, the ____ stores any file information not in the MDB or Volume Control Block (VCB). A) Master directory block B) Extents overflow file C) Volume information block D) Catalog

B) Extents overflow file

Marking bad clusters data-hiding technique is more common with ____ file systems. A) HFS B) FAT C) Ext2fs D) NTFS

B) FAT

Under copyright laws, computer programs may be registered as ____. A) Audiovisual works B) Literary works C) Motion pictures D) Architectural works

B) Literary works

____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. A) /etc/var/log/maillog B) /etc/var/log/maillog C) /etc/sendmail.cf D) /etc/syslog.conf

C) /etc/sendmail.cf

The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients. A) ISFCE B) HTCIA C) ABA D) IACIS

C) ABA

Recovering fragments of a file is called ____. A) Saving B) Rebuilding C) Carving D) Slacking

C) Carving

The ____ digital network, a faster version of GSM, is designed to deliver data. A) TDMA B) D-AMPS C) EDGE D) iDEN

C) EDGE

The ____ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack. A) WinHex B) OpenForensics C) FROST D) ARC

C) FROST

____ from both the plaintiff's and defense's attorneys is an optional phase of the trial. Generally, it's allowed to cover an issue raised during cross-examination of a witness. A) Opening statements B) Closing arguments C) Rebuttal D) Plaintiff

C) Rebuttal

____ provide additional resource material not included in the body of the report. A) Conclusions B) Discussion C) References D) Appendixes

D) Appendixes

____ is a layered network defense strategy developed by the National Security Agency (NSA). A) PsShutdown B) Anti-Rootkit C) Order of volatility D) Defense in Depth

D) Defense in Depth

____ disks are commonly used with Sun Solaris systems. A) DiskSpy B) FIRE IDE C) F.R.E.D. D) SPARC

D) SPARC

During the Cold War, defense contractors were required to shield sensitive computing systems and prevent electronic eavesdropping of any computer emissions. The U.S. Department of Defense calls this special computer-emission shielding ____. A) EMR B) NISPOM C) RAID D) TEMPEST

D) TEMPEST

Intel ____ has responded to the need for security and performance by producing different CPU designs. A) Parallels Virtualization B) Hyper-V C) KVM D) Virtualization Technology (VT)

D) Virtualization Technology (VT)