Chat with AIExam 4: Data Acquisition
Exam 1: Computer Forensics and Investigations As a Profession50 Questions
Exam 2: Understanding Computer Investigations50 Questions
Exam 3: The Investigators Office and Laboratory50 Questions
Exam 4: Data Acquisition50 Questions
Exam 5: Processing Crime and Incident Scenes50 Questions
Exam 6: Working With Windows and Dos Systems50 Questions
Exam 7: Current Computer Forensics Tools50 Questions
Exam 8: Macintosh and Linux Boot Processes and File Systems50 Questions
Exam 9: Computer Forensics Analysis and Validation50 Questions
Exam 10: Recovering Graphics Files50 Questions
Exam 11: Virtual Machines, Network Forensics, and Live Acquisitions50 Questions
Exam 12: E-Mail Investigations48 Questions
Exam 13: Cell Phone and Mobile Device Forensics37 Questions
Exam 14: Report Writing for High-Tech Investigations48 Questions
Exam 15: Expert Testimony in High-Tech Investigations50 Questions
Exam 16: Ethics for the Expert Witness35 Questions
Select questions type
____________________ is the default format for acquisitions for Guidance Software EnCase.
(Short Answer)
5.0/5 
(45)
(45) The most common and flexible data-acquisition method is ____.
(Multiple Choice)
4.9/5 (33)
(33) Explain the use of hash algorithms to verify the integrity of lossless compressed data.
(Essay)
4.9/5 (38)
(38) Microsoft has recently added ____ in its Vista Ultimate and Enterprise editions, which makes performing static acquisitions more difficult.
(Multiple Choice)
5.0/5 (31)
(31) What are some of the features offered by proprietary data acquisition formats?
(Essay)
4.9/5 (38)
(38) What are the requirements for acquiring data on a suspect computer using Linux?
(Essay)
4.9/5 (44)
(44) Many acquisition tools don't copy data in the host protected area (HPA) of a disk drive.
(True/False)
4.8/5 (33)
(33) Match each item with a statement below:
-used with .jpeg files to reduce file size and doesn't affect image quality when the file is restored and viewed
(Multiple Choice)
4.8/5 (49)
(49) If your time is limited, consider using a logical acquisition or ____ acquisition data copy method.
(Multiple Choice)
4.8/5 (35)
(35) Match each item with a statement below:
-shows the known drives connected to your computer
(Multiple Choice)
4.8/5 (36)
(36) Match each item with a statement below:
-open source data acquisition format
(Multiple Choice)
5.0/5 (46)
(46) ____ has developed the Rapid Action Imaging Device (RAID) to make forensically sound disk copies.
(Multiple Choice)
4.7/5 (37)
(37) What are the advantages and disadvantages of using Windows acquisition tools?
(Essay)
4.8/5 (36)
(36) Match each item with a statement below:
-forensic tool developed by Guidance Software
(Multiple Choice)
4.8/5 (38)
(38) The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your evidence image file.
(True/False)
4.9/5 (45)
(45) Bit-stream data to files copy technique creates simple sequential flat files of a suspect drive or data set. The output of these flat files is referred to as a(n) ____________________ format.
(Short Answer)
4.8/5 (33)
(33) Popular archiving tools, such as PKZip and WinZip, use an algorithm referred to as ____________________ compression.
(Short Answer)
4.9/5 (39)
(39) What are the steps to update the Registry for Windows XP SP2 to enable write-protection with USB devices?
(Essay)
4.7/5 (31)
(31) FTK Imager requires that you use a device such as a USB or parallel port dongle for licensing.
(True/False)
4.8/5 (41)
(41) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)