Question 1

The defense request for full discovery of digital evidence applies only to criminal cases in the United States.

Accepted Answer

A) True 
 B)False  True

Question 2

How can you hide data by marking bad clusters?

Accepted Answer

One data-hiding technique is placing sensitive or incriminating data in free space on disk partition clusters.This method is more common in FAT file systems.This technique involves using a disk editor, such as Norton DiskEdit, to mark good clusters as bad clusters.The OS then considers these clusters unusable.The only way they can be accessed from the OS is by changing them to good clusters with a disk editor.
To mark a good cluster as bad using Norton Disk Edit, you type the letter B in the FAT entry corresponding to that cluster.You can then use any DOS disk editor to write and read data to this cluster, which is effectively hidden because it appears as bad to the OS.

Question 3

A nonsteganographic graphics file has a different size than an identical steganographic graphics file.

Accepted Answer

A) True 
 B)False  False

Question 4

FTK provides two options for searching for keywords: indexed search and ____________________ search.

Accepted Answer

The answer of FTK provides two options for searching for...

Question 5

Match each item with a statement below:
-defines the investigation's goal and scope, the materials needed, and the tasks to perform

Accepted Answer

A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander 
A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander

Question 6

For most law-enforcement-related computing investigations, the investigator is limited to working with data defined in the search ____________________.

Accepted Answer

The answer of For most law-enforcement-related computing investigations, the investigator...

Question 7

Match each item with a statement below:
-a password recovery program available from AccessData

Accepted Answer

A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander 
A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander

Question 8

Briefly describe the differences between brute-force attacks and dictionary attacks to crack passwords.

Accepted Answer

Brute-force attacks use every possible l

Question 9

____ are handy when you need to image the drive of a computer far away from your location or when you don't want a suspect to be aware of an ongoing investigation.

Accepted Answer

A)  Scope creeps 
B)  Remote acquisitions 
C)  Password recovery tools 
D)  Key escrow utilities 
A)  Scope creeps 
B)  Remote acquisitions 
C)  Password recovery tools 
D)  Key escrow utilities

Question 10

One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it.

Accepted Answer

A)  Norton DiskEdit 
B)  PartitionMagic 
C)  System Commander 
D)  LILO 
A)  Norton DiskEdit 
B)  PartitionMagic 
C)  System Commander 
D)  LILO

Question 11

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

Accepted Answer

A) True 
 B)False

Question 12

Match each item with a statement below:
-one of the most critical aspects of computer forensics

Accepted Answer

A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander 
A) Court orders for discovery 
B) Investigation plan 
C) Digital Intelligence PDWipe 
D) Live search 
E) Cabinet
F)PRTK
G)Validating digital evidence
H)MD5
I)System Commander

Question 13

____ is defined as the art and science of hiding messages in such a way that only the intended recipient knows the message is there.

Accepted Answer

A)  Bit shifting 
B)  Encryption 
C)  Marking bad clusters 
D)  Steganography 
A)  Bit shifting 
B)  Encryption 
C)  Marking bad clusters 
D)  Steganography

Question 14

FTK and other computer forensics programs use ____ to tag and document digital evidence.

Accepted Answer

A)  tracers 
B)  hyperlinks 
C)  bookmarks 
D)  indents 
A)  tracers 
B)  hyperlinks 
C)  bookmarks 
D)  indents

Question 15

You begin any computer forensics case by creating a(n) ____.

Accepted Answer

A)  investigation plan 
B)  risk assessment report 
C)  evidence custody form 
D)  investigation report 
A)  investigation plan 
B)  risk assessment report 
C)  evidence custody form 
D)  investigation report

Question 16

____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search.

Accepted Answer

A)  Online 
B)  Inline 
C)  Active 
D)  Live 
A)  Online 
B)  Inline 
C)  Active 
D)  Live

Question 17

Describe the effects of scope creep on an investigation in the corporate environment.

Accepted Answer

In the corporate environment, however, e

Question 18

Marking bad clusters data-hiding technique is more common with ____ file systems.

Accepted Answer

A)  NTFS 
B)  FAT 
C)  HFS 
D)  Ext2fs 
A)  NTFS 
B)  FAT 
C)  HFS 
D)  Ext2fs

Question 19

____ recovery is a fairly easy task in computer forensic analysis.

Accepted Answer

A)  Data 
B)  Partition 
C)  Password 
D)  Image 
A)  Data 
B)  Partition 
C)  Password 
D)  Image

Question 20

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

Accepted Answer

A)  NTI 
B)  BestCrypt 
C)  FTK 
D)  PRTK 
A)  NTI 
B)  BestCrypt 
C)  FTK 
D)  PRTK

The defense request for full discovery of digital evidence applies only to criminal cases in the United States.

How can you hide data by marking bad clusters?

A nonsteganographic graphics file has a different size than an identical steganographic graphics file.

FTK provides two options for searching for keywords: indexed search and ____________________ search.

Match each item with a statement below: -defines the investigation's goal and scope, the materials needed, and the tasks to perform

For most law-enforcement-related computing investigations, the investigator is limited to working with data defined in the search ____________________.

Match each item with a statement below: -a password recovery program available from AccessData

Briefly describe the differences between brute-force attacks and dictionary attacks to crack passwords.

____ are handy when you need to image the drive of a computer far away from your location or when you don't want a suspect to be aware of an ongoing investigation.

One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it.

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

Match each item with a statement below: -one of the most critical aspects of computer forensics

____ is defined as the art and science of hiding messages in such a way that only the intended recipient knows the message is there.

FTK and other computer forensics programs use ____ to tag and document digital evidence.

You begin any computer forensics case by creating a(n) ____.

____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search.

Describe the effects of scope creep on an investigation in the corporate environment.

Marking bad clusters data-hiding technique is more common with ____ file systems.

____ recovery is a fairly easy task in computer forensic analysis.

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

Computer Forensics and Investigations As a Profession

Understanding Computer Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Dos Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Virtual Machines, Network Forensics, and Live Acquisitions

E-Mail Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High-Tech Investigations

Expert Testimony in High-Tech Investigations

Ethics for the Expert Witness

Filters

Exam 9: Computer Forensics Analysis and Validation

The defense request for full discovery of digital evidence applies only to criminal cases in the United States.

How can you hide data by marking bad clusters?

A nonsteganographic graphics file has a different size than an identical steganographic graphics file.

FTK provides two options for searching for keywords: indexed search and ____________________ search.

Match each item with a statement below: -defines the investigation's goal and scope, the materials needed, and the tasks to perform

For most law-enforcement-related computing investigations, the investigator is limited to working with data defined in the search ____________________.

Match each item with a statement below: -a password recovery program available from AccessData

Briefly describe the differences between brute-force attacks and dictionary attacks to crack passwords.

____ are handy when you need to image the drive of a computer far away from your location or when you don't want a suspect to be aware of an ongoing investigation.

One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it.

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

Match each item with a statement below: -one of the most critical aspects of computer forensics

____ is defined as the art and science of hiding messages in such a way that only the intended recipient knows the message is there.

FTK and other computer forensics programs use ____ to tag and document digital evidence.

You begin any computer forensics case by creating a(n) ____.

____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search.

Describe the effects of scope creep on an investigation in the corporate environment.

Marking bad clusters data-hiding technique is more common with ____ file systems.

____ recovery is a fairly easy task in computer forensic analysis.

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

Computer Forensics and Investigations As a Profession

Understanding Computer Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Dos Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Virtual Machines, Network Forensics, and Live Acquisitions

E-Mail Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High-Tech Investigations

Expert Testimony in High-Tech Investigations

Ethics for the Expert Witness

Filters