IS381 Module 3 Quiz

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

A logical acquisition collects only specific files of interest to the case. True False

True

What's the maximum file size when writing data to a FAT32 drive? 2 GB 3 GB 4 GB 6 GB

2GB

What are two concerns when acquiring data from a RAID server? 1. Data transfer speeds and type of RAID 2. Type of RAID and antivirus software 3. Amount of data storage needed and type of RAID 4. Split RAID and Redundant RAID

Amount of data storage needed and type of RAID

With remote acquisitions, what problems should you be aware of? 1. Data transfer speeds 2. Access permissions over the network 3. Antivirus, antispyware, and firewall programs 4. The password of the remote computer's user

Antivirus, antispyware, and firewall programs

Which forensics tools can connect to a suspect's remote computer and run surreptitiously? 1. ddfldd and ProDiscover Incident Response 2. EnCase Enterprise and ProDiscover Incident Response 3. dd and ddfldd 4. dd and EnCase Enterprise

EnCase Enterprise and ProDiscover Incident Response

Name two commercial tools that can make a forensic sector-by-sector copy of a drive to a larger drive. 1. dd and Expert Witness 2. dd and EnCase 3. X-Ways Forensics and dd 4. EnCase and X-Ways Forensics

EnCase and X-Ways

Of all the proprietary formats, which one is the unofficial standard? 1. Expert Witness 2. AFF 3. Uncompress dd 4. Segmented dd

Expert Witness

FTK Imager can acquire data in a drive's host protected area. True False

False

In Linux, the fdisk -l command lists the suspect drive as /dev/hda1. So, the following dcfldd is command correct. dcfldd if=image_file.img of=/dev/hda1 True False

False

Slower data transfer speeds and dealing with minor data errors are two disadvantages of the raw format True False

False

When determining which data acquisition method to use you should not consider how long the acquisition will take. True False

False

What does a sparse acquisition collect for an investigation? 1. Only specific files of interest to the case 2. Fragments of unallocated data in addition to the logical allocated data 3. Only the logical allocated data 4. Only fragments of unallocated data

Fragments of unallocated data in addition to the logical allocated data

Name the three formats for digital forensics data acquisitions. 1. Raw, AICIS, and AFF 2. EnCase format, Raw, and dd 3. Raw format, proprietary formats, and AFF 4. dd, Raw, and AFF

Raw format, proprietary formats, and AFF

Why is it a good practice to make two images of a suspect drive in a critical investigation? 1. To speed up the process 2. To have one compressed and one uncompressed copy 3. To ensure at least one good copy of the forensically collected data in case of any failures 4. None of the above

To ensure at least one good copy of the forensically collected data in case of any failures

A hashing algorithm is a program designed to create a binary or hexadecimal number that represents the uniqueness of a data set, file, or entire disk. True False

True

Commonly, proprietary format acquisition files can compress the acquisition data and segment acquisition output files into smaller volumes. True False

True

FTK Imager requires that you use a device such as a USB dongle for licensing. True False

True

The main goal of a static acquisition is the preservation of digital evidence. True False

True

With newer Linux kernel distributions, USB devices are automatically mounted, which can alter data on it. True False

True

What's the most critical aspect of digital evidence? 1. Compression 2. Redundancy 3. Contingency 4. Validation

Validation

In the Linux dcfldd command, which three options are used for validating data? 1. hash, hashlog, and vf 2. h, hl, and vf 3. hash, log, and hashlog 4. vf, of, and vv

hash, hashlog, and vf


Set pelajaran terkait

Astronomy: Facts on Earth and Mars

View Set

The Literature of Children Study Guide

View Set