forensics-chapter 7

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which of these are subfunctions of reconstructing drives? (Choose all that apply)

disk-to-disk copy, image-to-partition copy, partition-to-partition copy

NIST testing procedures are valid only for government agencies. True or False?False

False

Sleuth Kit is used to access Autopsy's tools. True or False?

False

Hash values are used for which of the following purposes? (Choose all that apply.)

Filtering, Validating

The standards for testing forensics tools are based on which criteria?

ISO 17025

What two data-copying methods are used in software data acquisitions?

Logical and physical

What's the name of the NIST project established to collect all known hash values for commercial software and OS files?

National Software Reference Library

Many of the newer GUI tools use a lot of system resources. True or False?

True

Hashing, filtering, and file header analysis make up which function of computer forensics tools?

Validation and discrimination

When validating the results of a forensic analysis, you should do which of the following?

a.Calculate the hash value b.Use a different tool to compare the results

Data can't be written to the disk with a command-line tool. True or False?

False

During a remote acquisition of a suspect drive, RAM data is lost. True or False?

False

Building a forensic workstation is more expensive than purchasing one. True or False?

False

A live acquisition is considered an accepted forensics practice. True or False?

False

Which of these are required functions for computer forensics tools?

Acquisition, Validation and discrimination, Extraction

Of the six functions of computer forensics tools, which of these are subfunctions of the Extraction function?

Decompressing, Decrypting, Bookmarking

Which of the following tools can examine files created by WinZip?

FTK

A disk partition can be copied only with a command-line acquisition tool. True or False?

False

When considering new forensics software tools, you should do which of the following?

Test and validate the software.

Which of the following is true of most drive-imaging tools? (Choose all that apply.)

They ensure that the original drive doesn't become corrupt , They create a copy of the original drive.


Set pelajaran terkait

Cognitive Psychology Exam 2 (Chapters 4, 5, & 6)

View Set

Mod 12: Disorders of the Liver, Biliary Tract, and Pancreas

View Set

Leadership Module 1 Practice Questions

View Set

CITI program IRB Social and Behavioral Responsible Conduct of Research

View Set

Simulate Your Exam - Missed Questions

View Set