cist 2612

22. On a Linux computer, ____ represents file systems exported to remote hosts.

/dev/hda1

15. In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.

1024

6. In the ____, you justify acquiring newer and better resources to investigate digital forensics cases.

business case

4. A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.

disaster recovery plan

12. Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.

false

25. ____ compression compresses data by permanently discarding bits of information in the file.

lossy

8. Autopsy uses ____ to validate an image.

md5 algorithm

18. To complete a forensic disk analysis and examination, you need to create a ____.

report

21. In macOS, when you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.

resource

10. This device is called a ______ and is a non-conducting probe used to form, shape, guide, and separate fine computer wire terminals, telephone wires and cables.

spudger

5. A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.

steel

11. A judge can exclude evidence obtained from a poorly worded warrant.

true

16. The type of file system an OS uses determines how data is stored on the disk.

true

17. After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.

true

19. Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories.

true

2. After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.

true

20. If a file contains information, it always occupies at least one allocation block.

true

23. Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.

true

24. If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.

true

3. By the 1970s, electronic crimes were increasing, especially in the financial sector.

true

9. Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

true

14. A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.

vm

1. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.

warning banner

13. Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.

warrant