Question 1

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.

Accepted Answer

A)  raw 
B)  bitcopy 
C)  dcfldd 
D)  man 
A)  raw 
B)  bitcopy 
C)  dcfldd 
D)  man

Question 2

Current distributions of Linux include two hashing algorithm utilities: md5sum and ____.

Accepted Answer

A)  rcsum 
B)  shasum 
C)  hashsum 
D)  sha1sum 
A)  rcsum 
B)  shasum 
C)  hashsum 
D)  sha1sum

Question 3

Match each item with a statement below:
-example of a disk-to-disk copy maker tool

Accepted Answer

A) SafeBack 
B) WinZip 
C) Data acquisition 
D) AFF 
E) IXimager
F)fdisk -l
G)Lossy compression
H)Jaz disk
I)EnCase 
A) SafeBack 
B) WinZip 
C) Data acquisition 
D) AFF 
E) IXimager
F)fdisk -l
G)Lossy compression
H)Jaz disk
I)EnCase

Question 4

SnapBack DatArrest can perform a data copy of an evidence drive in ____ ways.

Accepted Answer

A)  two 
B)  three 
C)  four 
D)  five 
A)  two 
B)  three 
C)  four 
D)  five

Question 5

Match each item with a statement below:
-type of SCSI drive

Accepted Answer

A) SafeBack 
B) WinZip 
C) Data acquisition 
D) AFF 
E) IXimager
F)fdisk -l
G)Lossy compression
H)Jaz disk
I)EnCase 
A) SafeBack 
B) WinZip 
C) Data acquisition 
D) AFF 
E) IXimager
F)fdisk -l
G)Lossy compression
H)Jaz disk
I)EnCase

Question 6

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools.

Accepted Answer

A)  proprietary 
B)  raw 
C)  AFF 
D)  AFD 
A)  proprietary 
B)  raw 
C)  AFF 
D)  AFD

Question 7

____ is the only automated disk-to-disk tool that allows you to copy data to a slightly smaller target drive than the original suspect's drive.

Accepted Answer

A)  SafeBack 
B)  EnCase 
C)  SnapCopy 
D)  SMART 
A)  SafeBack 
B)  EnCase 
C)  SnapCopy 
D)  SMART

Question 8

What are the considerations you should have when deciding what data-acquisition method to use on your investigation?

Accepted Answer

To determine which data acquisition meth

Question 9

SnapBack DatArrest runs from a true ____ boot floppy.

Accepted Answer

A)  UNIX 
B)  Linux 
C)  Mac OS X 
D)  MS-DOS 
A)  UNIX 
B)  Linux 
C)  Mac OS X 
D)  MS-DOS

Question 10

One advantage with live acquisitions is that you are able to perform repeatable processes.

Accepted Answer

A) True 
 B)False

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.

Current distributions of Linux include two hashing algorithm utilities: md5sum and ____.

Match each item with a statement below: -example of a disk-to-disk copy maker tool

SnapBack DatArrest can perform a data copy of an evidence drive in ____ ways.

Match each item with a statement below: -type of SCSI drive

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools.

____ is the only automated disk-to-disk tool that allows you to copy data to a slightly smaller target drive than the original suspect's drive.

What are the considerations you should have when deciding what data-acquisition method to use on your investigation?

SnapBack DatArrest runs from a true ____ boot floppy.

One advantage with live acquisitions is that you are able to perform repeatable processes.

Computer Forensics and Investigations As a Profession

Understanding Computer Investigations

The Investigators Office and Laboratory

Processing Crime and Incident Scenes

Working With Windows and Dos Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Computer Forensics Analysis and Validation

Recovering Graphics Files

Virtual Machines, Network Forensics, and Live Acquisitions

E-Mail Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High-Tech Investigations

Expert Testimony in High-Tech Investigations

Ethics for the Expert Witness

Filters

Exam 4: Data Acquisition

The ____ command, works similarly to the dd command but has many features designed for computer forensics acquisitions.

Current distributions of Linux include two hashing algorithm utilities: md5sum and ____.

Match each item with a statement below: -example of a disk-to-disk copy maker tool

SnapBack DatArrest can perform a data copy of an evidence drive in ____ ways.

Match each item with a statement below: -type of SCSI drive

One major disadvantage of ____ format acquisitions is the inability to share an image between different vendors' computer forensics analysis tools.

____ is the only automated disk-to-disk tool that allows you to copy data to a slightly smaller target drive than the original suspect's drive.

What are the considerations you should have when deciding what data-acquisition method to use on your investigation?

SnapBack DatArrest runs from a true ____ boot floppy.

One advantage with live acquisitions is that you are able to perform repeatable processes.

Computer Forensics and Investigations As a Profession

Understanding Computer Investigations

The Investigators Office and Laboratory

Processing Crime and Incident Scenes

Working With Windows and Dos Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Computer Forensics Analysis and Validation

Recovering Graphics Files

Virtual Machines, Network Forensics, and Live Acquisitions

E-Mail Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High-Tech Investigations

Expert Testimony in High-Tech Investigations

Ethics for the Expert Witness

Filters