Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Exam 18: Digital Evidence on Unix Systems

arrow
Exam 1: Foundations of Digital Forensics 36 Questionsadd course
Exam 2: Language of Computer Crime Investigation33 Questionsadd course
Exam 3: Digital Evidence in the Courtroom29 Questionsadd course
Exam 4: Cybercrime Law: a United States Perspective30 Questionsadd course
Exam 5: Cybercrime Law: a European Perspective30 Questionsadd course
Exam 6: Conducting Digital Investigations33 Questionsadd course
Exam 7: Handling a Digital Crime Scene32 Questionsadd course
Exam 8: Investigative Reconstruction With Digital Evidence32 Questionsadd course
Exam 9: Modus Operandi, Motive, and Technology32 Questionsadd course
Exam 10: Violent Crime and Digital Evidence30 Questionsadd course
Exam 11: Digital Evidence As Alibi18 Questionsadd course
Exam 12: Sex Offenders on the Internet31 Questionsadd course
Exam 13: Computer Intrusions32 Questionsadd course
Exam 14: Cyberstalking31 Questionsadd course
Exam 15: Computer Basics for Digital Investigators34 Questionsadd course
Exam 16: Applying Forensic Science to Computers31 Questionsadd course
Exam 17: Digital Evidence on Windows Systems30 Questionsadd course
Exam 18: Digital Evidence on Unix Systems30 Questionsadd course
Exam 19: Digital Evidence on Macintosh Systems29 Questionsadd course
Exam 20: Digital Evidence on Mobile Devices32 Questionsadd course
Exam 21: Network Basics for Digital Investigators33 Questionsadd course
Exam 22: Applying Forensic Science to Networks35 Questionsadd course
Exam 23: Digital Evidence on the Internet30 Questionsadd course
Exam 25: Digital Evidence at the Network and Transport Layers30 Questionsadd course
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags
search iconSearch Question
flashcardsStudy Flashcards
Select questions type
  • Essay
  • Multiple Choice
  • Short Answer
  • True False
  • Matching
  • Select Tags

One of the difficulties in examining UNIX systems is that the file system is extremely complex, making it difficult for the examiner to recover data.

Free
(True/False)
4.8/5
(37)
Question 1
Correct Answer:
Verified

False

Most data-carving tools operate on the assumption that the operating system generally tries to save data in contiguous sectors.

Free
(True/False)
4.8/5
(32)
Question 2
Correct Answer:
Verified

True

As UNIX was never designed to work on networks, there are very few native utilities designed to access the Internet.

Free
(True/False)
4.8/5
(29)
Question 3
Correct Answer:
Verified

False

What is the most efficient method for a forensic examiner to confirm whether a particular tool or methodology works in a forensically acceptable manner?

(Multiple Choice)
4.9/5
(31)
Question 4

In UNIX, when a file is moved within a volume, the inode change date-time (ctime) is:

(Multiple Choice)
4.7/5
(32)
Question 5

In a block group, file data is located in___________ .

(Multiple Choice)
4.9/5
(39)
Question 6

Given a sufficiently powerful computer, even "strong" encryption can be broken in a short time.

(True/False)
5.0/5
(35)
Question 7

When requesting a search warrant, remotely connected systems cannot be considered part of the target system, so it may be necessary to obtain proper authorization before examining them.

(True/False)
4.7/5
(43)
Question 8

One of the most common web browsers on UNIX systems is:

(Multiple Choice)
4.8/5
(36)
Question 9

One of the most useful areas to search for notable data on a Linux system is in file slack.

(True/False)
4.9/5
(35)
Question 10

The inode table can be found in the ___________.

(Multiple Choice)
4.9/5
(27)
Question 11

On UNIX systems that receive e-mail, incoming messages are held in , in separate files for each user account until a user accesses them.

(Multiple Choice)
4.9/5
(37)
Question 12

The UNIX convention of "piping" the results of one command into another is a serious limitation and is detrimental to using the UNIX platform for forensic examinations.

(True/False)
4.8/5
(33)
Question 13

___________, which is part of the standard Linux distribution, can be used to make a bitstream copy of evidentiary media to either image files or sterile media.

(Multiple Choice)
4.8/5
(31)
Question 14

The Coroner's Toolkit and The Sleuth Kit are examples of open source___________ .

(Multiple Choice)
4.9/5
(31)
Question 15

grep is a standard Linux tool that searches a specified file or region for a specified string.

(True/False)
4.7/5
(32)
Question 16

When a file is deleted on a UNIX System, the ctime of its parent directory is:

(Multiple Choice)
4.7/5
(32)
Question 17

A list of currently mounted drives, including those not listed in the file system mount table, is kept in "/etc/mtab."

(True/False)
4.9/5
(31)
Question 18

Unlike the standard DOS/Windows environments, the UNIX environment has the capability of_________ , thereby preventing the contents of evidentiary media from being changed.

(Multiple Choice)
4.9/5
(33)
Question 19

MAC times, which are found in the___________ , are an example of file system traces.

(Multiple Choice)
4.8/5
(32)
Question 20
Showing 1 - 20 of 30
close modal

Filters

  • Essay(0)
  • Multiple Choice(0)
  • Short Answer(0)
  • True False(0)
  • Matching(0)