Chapter 3 Quiz Questions

Ace your homework & exams now with Quizwiz!

What's the maximum file size when writing data to a FAT32 drive?

2 GB

FTK Imager can acquire data in a drive's host protected area.

False

FTK Imager requires that you use a device such as a USB dongle for licensing.

True

With remote acquisitions, what problems should you be aware of?

Antivirus, antispyware, and firewall programs

Why is it a good practice to make two images of a suspect drive in a critical investigation?

To ensure at least one good copy of the forensically collected data in case of any failures

With newer Linux kernel distributions, USB devices are automatically mounted, which can alter data on it.

True

What are two concerns when acquiring data from a RAID server?

Amount of data storage needed and type of RAID

Which forensics tools can connect to a suspect's remote computer and run surreptitiously?

EnCase Enterprise and ProDiscover Incident Response

Name two commercial tools that can make a forensic sector-by-sector copy of a drive to a larger drive.

EnCase and X-Ways Forensics

Of all the proprietary formats, which one is the unofficial standard?

Expert Witness

In Linux, the fdisk -l command lists the suspect drive as /dev/hda1. So, the following dcfldd is command correct. dcfldd if=image_file.img of=/dev/hda1

False

Slower data transfer speeds and dealing with minor data errors are two disadvantages of the raw format

False

When determining which data acquisition method to use you should not consider how long the acquisition will take.

False

What does a sparse acquisition collect for an investigation?

Fragments of unallocated data in addition to the logical allocated data

Name the three formats for digital forensics data acquisitions.

Raw format, proprietary formats, and AFF

A hashing algorithm is a program designed to create a binary or hexadecimal number that represents the uniqueness of a data set, file, or entire disk.

True

A logical acquisition collects only specific files of interest to the case.

True

Commonly, proprietary format acquisition files can compress the acquisition data and segment acquisition output files into smaller volumes.

True

The main goal of a static acquisition is the preservation of digital evidence.

True

What's the most critical aspect of digital evidence?

Validation

In the Linux dcfldd command, which three options are used for validating data?

hash, hashlog, and vf


Related study sets

PSYC 7400 CH 1 - Intro and Approach Overviews

View Set

Principles of finance chapter 8, 9, 10

View Set

SCI & MS NCLEX Style Practice Questions

View Set

Lecture 2: Implicit and Explicit Attitudes- PSC 152 Exam 2

View Set

MULTIPLYING AND DIVIDING FRACTIONS

View Set

Chapter 10: Understanding work teams

View Set

Chapter 15 -Male Reproductive System

View Set