Current Digital Forensics Tools (Module 6 Review) - [Computer Forensics]

Ace your homework & exams now with Quizwiz!

In testing tools, the term "reproducible results" means that if you work in the same lab on the same machine, you generate the same results.

False

The reconstruction function is needed for which of the following purposes?

1. Re-create a suspect drive to show what happened. 2. Create a copy of a drive for other investigators. 3. Re-create a drive compromised by malware.

When using a write-blocking device you can't remove and reconnect drives without having to shut down your workstation.

False

Forensics software tools are grouped into ______ and ______ applications.

GUI, command-line

The standards for testing forensics tools are based on which criteria?

ISO 17025

Which of the following digital forensics tools require the MOST expertise? A. Encase B. OSForensics C. Linux 'dd' command line tool D. Autopsy

Linux 'dd' command line tool

Which of the following organisations have a standard for verifying digital forensics tools?

NIST

Which of the following are NOT functions necessary for digital forensics tools?

Obfuscation

A typical forensics lab should include all of the following EXCEPT? A. Autopsy B. Old operating systems C. Older versions of forensics tools D. Old computers

Old computers

Which of the following is true of most drive-imaging tools?

They ensure that the original drive doesn't become corrupt and damage the digital evidence.

An encrypted drive is one reason to choose a logical acquisition.

True

Data viewing, keyword searching, decompressing are three subfunctions of the extraction function.

True

The primary hashing algorithm the NSRL project uses is SHA-1.

True

Hash values are used for which of the following purposes?

Validating that the original data hasn't changed

Hashing, filtering, and file header analysis make up which function of digital forensics tools?

Validation and verification

Which of the following prevents contamination of evidence?

Write-blockers

Building a forensic workstation is more expensive than purchasing one.

False

Hardware acquisition tools typically have built-in software for data analysis.

False

Data can't be written to disk with a command-line tool.

False

A live acquisition can be replicated.

False

When validating the results of a forensic analysis, you should do which of the following?

Calculate the hash value with two different tools.

The verification function does which of the following?

Proves that two sets of data are identical via hash values

A log report in forensics tools does which of the following?

Records an investigator's actions in examining a case

According to ISO standard 27037, which of the following is an important factor in data acquisition?

The DEFR's competency


Related study sets

Practice Questions Child Development

View Set

IT- Anti- Money Laundering Laws and Practices

View Set

(155) Physical Assessment Techniques

View Set

INTERNATIONAL BUSINESS CHAPTER 1

View Set