more stuff

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

____ involves recovering information from a computer that was deleted by mistake or lost during a power surge or server crash, for example. Choices: Data recovery Network forensics Computer forensics Disaster recovery

Data recovery

The most common and flexible data-acquisition method is ____. Choices: Disk-to-disk copy Disk-to-network copy Disk-to-image file copy Sparse data copy

Disk-to-image file copy

When Microsoft introduced Windows 2000, it added optional built-in encryption to NTFS called ____. Choices: EFS VFAT LZH RAR

EFS

____ is the file structure database that Microsoft originally designed for floppy disks. Choices: NTFS FAT32 VFAT FAT

FAT

Computer investigations and forensics fall into the same category: public investigations.

False

If damage occurs to the floor, walls, ceilings, or furniture on your computer forensics lab, it does not need to be repaired immediately.

False

If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available.

False

Similar to Linux, Windows also has built-in hashing algorithm tools for digital forensics.

False

The first 5 bytes (characters) for all MFT records are FILE.

False

The law of search and seizure protects the rights of all people, excluding people suspected of crimes.

False

____ often work as part of a team to secure an organization's computers and networks. Choices: Computer analysts Data recovery engineers Forensics investigators Network monitors

Forensics investigators

Linux ISO images that can be burned to a CD or DVD are referred to as ____. Choices: ISO CDs Linux Live CDs Forensic Linux Linux in a Box

Linux Live CDs

On an NTFS disk, immediately after the Partition Boot Sector is the ____. Choices: FAT HPFS MBR MFT

MFT

Windows hard disks can now use a variety of file systems, including FAT16, FAT32, ____, and Resilient File System. Choices: NTFS ext3 FAT24 ext2

NTFS

When Microsoft created Windows 95, it consolidated initialization (.ini) files into the ____. Choices: IniRecord Inidata Registry Metadata

Registry

A good working practice is to use less powerful workstations for mundane tasks and multipurpose workstations for the higher-end analysis tasks.

True

Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of how RAID systems are designed, configured, and sized.

True

After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.

True

One way to examine a partition's physical level is to use a disk editor, such as WinHex, or Hex Workshop.

True

The Fourth Amendment to the U.S. Constitution (and each state's constitution) protects everyone's rights to be secure in their person, residence, and property from search and seizure.

True

The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file.

True

The police blotter provides a record of clues to crimes that have been committed previously.

True

The type of file system an OS uses determines how data is stored on the disk.

True

There's no simple method for getting an image of a RAID server's disks.

True

To help determine which computer forensics tool to purchase, a comparison table of functions, subfunctions, and vendor products is useful.

True

When you research for computer forensics tools, strive for versatile, flexible, and robust tools that provide technical support.

True

Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0 and 3.0, SATA, PATA, and SCSI controllers. Choices: USB IDE LCD PCMCIA

USB

____ can be software or hardware and are used to protect evidence disks by preventing data from being written to them. Choices: Drive-imaging Disk editors Workstations Write-blockers

Write-blockers

____ is how most manufacturers deal with a platter's inner tracks having a smaller circumference than its outer tracks. Choices: Head skew Cylinder skew ZBR Areal density

ZBR

Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed. Choices: litigation allegation blotter prosecution

allegation

In a ____ case, a suspect is charged for a criminal offense, such as burglary, murder, or molestation. Choices: corporate civil criminal fourth amendment

criminal

A ____ is a column of tracks on two or more disk platters. Choices: cylinder sector track head

cylinder

The ____ command creates a raw format file that most computer forensics analysis tools can read, which makes it useful for data acquisitions. Choices: fdisk dd man raw

dd

The raw data format, typically created with the Linux ____ command, is a simple bit-for-bit copy of a data file, a disk partition, or an entire drive. Choices: rawcp dd d2dump dhex

dd

The ____ group manages investigations and conducts forensic analysis of systems suspected of containing evidence related to an incident or a crime. Choices: network intrusion detection digital investigations incident response litigation

digital investigations

A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing. Choices: disaster recovery risk management configuration management security

disaster recovery

If your time is limited, consider using a logical acquisition or ____ acquisition data copy method. Choices: lossless disk-to-disk sparse disk-to-image

disk-to-image

The simplest method of duplicating a disk drive is using a tool that makes a direct ____ copy from the suspect disk to the target location. Choices: partition-to-partition image-to-partition disk-to-image image-to-disk

disk-to-image

A(n) ____ is a person using a computer to perform routine tasks other than systems administration. Choices: complainant user banner end user investigator

end user

Software forensics tools are commonly used to copy data from a suspect's disk drive to a(n) ____. Choices: backup file firmware image file recovery copy

image file

Most remote acquisitions have to be done as ____ acquisitions. Choices: static live sparse hot

live

Records in the MFT are called ____. Choices: hyperdata metadata inodes infodata

metadata

You should have at least one copy of your backups on site and a duplicate or a previous copy of your backups stored in a safe ____ facility. Choices: in-site storage off-site online

off-site

Many password recovery tools have a feature for generating potential lists for a ____ attack. Choices: brute-force password dictionary birthday salting

password dictionary

A forensics workstation consisting of a laptop computer with almost as many bays and peripherals as a stationary workstation is also known as a ____. Choices: stationary workstation field workstation lightweight workstation portable workstation

portable workstation

Current distributions of Linux include two hashing algorithm utilities: md5sum and ____. Choices: rcsum shasum hashsum sha1sum

sha1sum

If your time is limited, consider using a logical acquisition or ____ acquisition data copy method. Choices: lossless disk-to-disk sparse disk-to-image

sparse


Set pelajaran terkait

Fundamentals Exam 2 Blueprint Study Guide

View Set

OSHA - PERSONAL PROTECTIVE EQUIPMENT

View Set

Presidential and Radical Reconstruction

View Set

Acct 335 Chapter 6 Practice Questions

View Set