Question 1

Match the following forensic tools with their attributes.
-MacQuisition Boot CD

Accepted Answer

A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms 
A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms C

Question 2

A dead analysis is also referred to as a(n)________ analysis.

Accepted Answer

postmortem

Question 3

Match between columns
                        Premises: Active data

Accepted Answer

The Answer of File space that is now available for is...

Question 4

________,from Paraben Forensics,is a comprehensive tool for investigating the contents of Palm Pocket PCs that run on Windows CE.

Accepted Answer

The answer of ________,from Paraben Forensics,is a comprehensive tool for...

Question 5

Documentation of the evidence can include which of the following?

Accepted Answer

A) Name of the suspect's supervisor 
B) Status of the computer 
C) Name of the investigating officer 
D) All the above 
A) Name of the suspect's supervisor 
B) Status of the computer 
C) Name of the investigating officer 
D) All the above

Question 6

To protect original data from any alteration,you

Accepted Answer

A) Use gloves when working with the hard drive 
B) Make a forensic copy of the original data 
C) Do your forensic work as quickly as possible 
D) Use the operating system to copy all relevant files 
A) Use gloves when working with the hard drive 
B) Make a forensic copy of the original data 
C) Do your forensic work as quickly as possible 
D) Use the operating system to copy all relevant files

Question 7

When you forensically wipe a hard drive,you

Accepted Answer

A) Write over all areas of the disk with a single character 
B) Reformat the hard drive using standard disk utilities 
C) Delete all active data from the hard drive 
D) Use a forensic tool to physically clean the hard drive 
A) Write over all areas of the disk with a single character 
B) Reformat the hard drive using standard disk utilities 
C) Delete all active data from the hard drive 
D) Use a forensic tool to physically clean the hard drive

Question 8

Match the following types of files to their description.
-Cyclic redundancy check

Accepted Answer

A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy 
A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy

Question 9

Match the following types of files to their description.
-Drive imaging

Accepted Answer

A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy 
A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy

Question 10

Match the following forensic tools with their attributes.
-PDA Seizure

Accepted Answer

A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms 
A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms

Question 11

A drive image is "fingerprinted" using an encryption technique called ________.

Accepted Answer

The answer of A drive image is "fingerprinted" using an...

Question 12

When a copy is made,the contents of a hard drive are stored as a series of compressed ________ files.

Accepted Answer

The answer of When a copy is made,the contents of...

Question 13

Which of the following tools is designed for use with Linux systems?

Accepted Answer

A) BlackBag 
B) WinHex 
C) Autopsy 
D) PDA Seizure 
A) BlackBag 
B) WinHex 
C) Autopsy 
D) PDA Seizure

Question 14

Which of the following is the preferred way to make a forensic copy?

Accepted Answer

A) Create a mirror image. 
B) Produce a sector-by-sector copy. 
C) Copy residual data only. 
D) Make a back-up tape image. 
A) Create a mirror image. 
B) Produce a sector-by-sector copy. 
C) Copy residual data only. 
D) Make a back-up tape image.

Question 15

Match the following types of files to their description.
-Message digest

Accepted Answer

A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy 
A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy

Question 16

Match the following forensic tools with their attributes.
-HeaderBuilder

Accepted Answer

A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms 
A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms

Question 17

Match the following forensic tools with their attributes.
-WinHex

Accepted Answer

A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators 
A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators

Question 18

Match the following terms to their meanings.
-Automatically stored data

Accepted Answer

A)  A file renamed to look like an operating system file 
B)  Data easily viewed through file manager programs 
C)  Cache files and history files 
D)  File space that is now available for being written to 
A)  A file renamed to look like an operating system file 
B)  Data easily viewed through file manager programs 
C)  Cache files and history files 
D)  File space that is now available for being written to

Question 19

Match the following forensic tools with their attributes.
-EnCase software

Accepted Answer

A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms 
A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms

Question 20

The current best approach to powering down a suspect PC is to

Accepted Answer

A) Simply power it down using the operating system 
B) Keep it running on an UPS 
C) Don't power it down 
D) Pull the power plug 
A) Simply power it down using the operating system 
B) Keep it running on an UPS 
C) Don't power it down 
D) Pull the power plug

Match the following forensic tools with their attributes. -MacQuisition Boot CD

A dead analysis is also referred to as a(n)________ analysis.

________,from Paraben Forensics,is a comprehensive tool for investigating the contents of Palm Pocket PCs that run on Windows CE.

Documentation of the evidence can include which of the following?

To protect original data from any alteration,you

When you forensically wipe a hard drive,you

Match the following types of files to their description. -Cyclic redundancy check

Match the following types of files to their description. -Drive imaging

Match the following forensic tools with their attributes. -PDA Seizure

A drive image is "fingerprinted" using an encryption technique called ________.

When a copy is made,the contents of a hard drive are stored as a series of compressed ________ files.

Which of the following tools is designed for use with Linux systems?

Which of the following is the preferred way to make a forensic copy?

Match the following types of files to their description. -Message digest

Match the following forensic tools with their attributes. -HeaderBuilder

Match the following forensic tools with their attributes. -WinHex

Match the following terms to their meanings. -Automatically stored data

Match the following forensic tools with their attributes. -EnCase software

The current best approach to powering down a suspect PC is to

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters

Exam 3: Tools, Environments, Equipment, and Certifications

Match the following forensic tools with their attributes. -MacQuisition Boot CD

A dead analysis is also referred to as a(n)________ analysis.

________,from Paraben Forensics,is a comprehensive tool for investigating the contents of Palm Pocket PCs that run on Windows CE.

Documentation of the evidence can include which of the following?

To protect original data from any alteration,you

When you forensically wipe a hard drive,you

Match the following types of files to their description. -Cyclic redundancy check

Match the following types of files to their description. -Drive imaging

Match the following forensic tools with their attributes. -PDA Seizure

A drive image is "fingerprinted" using an encryption technique called ________.

When a copy is made,the contents of a hard drive are stored as a series of compressed ________ files.

Which of the following tools is designed for use with Linux systems?

Which of the following is the preferred way to make a forensic copy?

Match the following types of files to their description. -Message digest

Match the following forensic tools with their attributes. -HeaderBuilder

Match the following forensic tools with their attributes. -WinHex

Match the following terms to their meanings. -Automatically stored data

Match the following forensic tools with their attributes. -EnCase software

The current best approach to powering down a suspect PC is to

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters