Labs 1-5

Ace your homework & exams now with Quizwiz!

Which of the following features isn't available in FTK Imager? (Choose all that apply.)

Being optimized to search large volumes of data,Creating .eve image files

Which statement about deleted files is true?

Deleted files can be rebuilt from remnants that haven't been overwritten.

Disk images don't include the MFT.

False

ProDiscover images are the same size as the total size of all evidence files on the original source.

False

Which statement about a ProDiscover Basic image is true?

It copies the MFT and any unallocated free space from the original storage device.

FTK Imager calculates which hash values during file imaging?

MD5

What's the name of the deleted Word file in the C2Proj4.E01 image?

Online.docx

What's the purpose of a write-blocker?

Preventing any data on the original storage device from being overwritten, which would violate the chain of custody

What's the filename of the deleted Excel file in the C2Proj4.E01 image?

Qtr 1 Emp.xls

According to NIST standards, how many wipes should be done to erase data completely?

Seven

Which of the following statements about the MFT is true?

The MFT is updated to indicate free space when files are deleted.

Why does FTK Imager calculate two hash values?

To provide redundant verification that files haven't been altered during imaging

FTK Imager Lite is designed to be portable.

True

When a file is deleted from a storage device, only the pointer to the file location is removed.

True

An ISO image is stored as which of the following?

Uncompressed format

Secure destruction of digital data requires doing which of the following?

Writing 0s and 1s to the storage device to overwrite file remnants.

Forensics investigators should be familiar with more than one forensics analysis tool so that they can maintain the chain of custody.

false

Which image format can be read by Windows, Linux, UNIX, and Mac OS X?

.dd

FTK Imager can produce all the following image formats except ________.

.eve

ProDiscover Basic can perform which of the following image conversions?

.eve to ISO

ProDiscover Basic supports all the following image formats except _________.

.vhd

How many SHA-1 hash files were exported to the C2Proj4 deleted file hashes.csv file?

How many deleted files were recovered in the C2Proj4.E01 image?

How many Excel files were recovered in the C2Proj4.E01 image?

See all study sets

Labs 1-5

Related study sets

pluto

CISSP Domain 4 Communications and Network Security

juvenile justice exam 2

study guide

Exam 2 ISDS

Chemistry (Practice Exam Closer Look Part 2)

Philosophy Week 5

PEDS TEST 1 REVIEW

Pharmacology Prep U Level 5-8 Chapter 47 Lipid Lowering Agents

Intro into Criminal Justice Quiz 1

FACTS ON AGING QUIZ GERONTOLOGY

Quiz transport layer

NTR 3

Lab 20: Introduction to Immunology Simulation

Torts - Trespass to Land and Chattels

Genetics: Chapter 14: Gene Mutation, DNA Repair, and Transposition

APUSH Chapter 9 Vocabulary

STUDY

network 3 chapter 5 exam

Database Management Quiz: Lesson 4