Question 1

If volatile data must be acquired,you may need to do your analysis in a(n)

Accepted Answer

A) Trusted environment 
B) Postmortem environment 
C) Untrusted environment 
D) Dead environment 
A) Trusted environment 
B) Postmortem environment 
C) Untrusted environment 
D) Dead environment

Question 2

Match the following forensic tools with their attributes.
-FTK

Accepted Answer

A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators 
A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators

Question 3

You may need to do a(n)________ analysis during a hacker attack or other intrusion.

Accepted Answer

The answer of You may need to do a(n)________ analysis...

Question 4

Preserving e-evidence and good ________ of steps taken during the investigation are essential for success in computer crime cases.

Accepted Answer

The answer of Preserving e-evidence and good ________ of steps...

Question 5

Match the following forensic tools with their attributes.
-UTK

Accepted Answer

A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators 
A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators

Question 6

Which of the following does NOT affect the choice of forensic tool(s)for a case?

Accepted Answer

A) The operating system 
B) State of the data 
C) Availability of an expert witness 
D) Domestic and international laws 
A) The operating system 
B) State of the data 
C) Availability of an expert witness 
D) Domestic and international laws

Question 7

Match the following forensic tools with their attributes.
-dtSearch

Accepted Answer

A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators 
A)  The universal hexadecimal editor 
B)  Invaluable for combing through large amounts of data 
C)  Exclusively for Macs 
D)  AccessData tool designed for finding and examining evidence 
E)  Primarily for computer crime investigators

Question 8

Under no circumstances should you attempt to create a forensically clean drive by simply ________ the drive.

Accepted Answer

The answer of Under no circumstances should you attempt to...

Question 9

Match the following types of files to their description.
-Write blocker

Accepted Answer

A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy 
A)  Unique digital signature of data 
B)  Additional sectors created to fill a cluster 
C)  Application that prevents changes to a hard drive 
D)  Captures a "snapshot" of everything on the drive 
E)  Mathematical computations that validate a copy

Question 10

A forensics lab is typically considered to be a(n)________ environment.

Accepted Answer

The answer of A forensics lab is typically considered to...

Question 11

Which factor(s)determine the type of tools needed for an analysis?

Accepted Answer

A) The environment 
B) The power sources available where the analysis will be done 
C) The make of the equipment to be analyzed 
D) None of the above 
A) The environment 
B) The power sources available where the analysis will be done 
C) The make of the equipment to be analyzed 
D) None of the above

Question 12

Data may be hidden by all of the following methods EXCEPT

Accepted Answer

A) Using special characters in the actual name 
B) Renaming to a common name used by the operating system 
C) Encrypting the file 
D) Password-protecting the file 
A) Using special characters in the actual name 
B) Renaming to a common name used by the operating system 
C) Encrypting the file 
D) Password-protecting the file

Question 13

A forensics lab should have all of the following applications on hand EXCEPT

Accepted Answer

A) Microsoft Office versions 
B) ClarisWorks 
C) Peachtree Accounting 
D) Visual Basic 
A) Microsoft Office versions 
B) ClarisWorks 
C) Peachtree Accounting 
D) Visual Basic

Question 14

________ data can include spreadsheets,databases,and word processing files.

Accepted Answer

The answer of ________ data can include spreadsheets,databases,and word processing...

Question 15

Match the following forensic tools with their attributes.
-Sleuth Kit

Accepted Answer

A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms 
A)  Investigates the contents of BlackBerry devices 
B)  Graphical user interface consists of a series of panes 
C)  Safely and easily images Mac drives 
D)  Reads the first 32 bits of a file to identify its type 
E)  Open-source program that runs on UNIX plattorms

Question 16

A defensible approach is an objective and unbiased approach that

Accepted Answer

A) Is performed in accordance with forensic science principles 
B) Is conducted with verified tools 
C) Is documented thoroughly 
D) All the above 
A) Is performed in accordance with forensic science principles 
B) Is conducted with verified tools 
C) Is documented thoroughly 
D) All the above

Question 17

The first step in analyzing data is to _________ it.

Accepted Answer

The answer of The first step in analyzing data is...

Question 18

A(n)________ can cause MD5 hashes to be different if different tools are used to acquire a disk image.

Accepted Answer

The answer of A(n)________ can cause MD5 hashes to be...

Question 19

________ is another name for the security key you need to access a system when using EnCase.

Accepted Answer

The answer of ________ is another name for the security...

Question 20

Match between columns
                        Premises: Scanner
Spoofer
Presumption of evidence
Document the activities
Password cracker
Anonymous remailer
Nuker
Preponderance of evidence
Proof beyond reasonable doubt
Presumption

Accepted Answer

The Answer of Used to break encrypted password files and is...

If volatile data must be acquired,you may need to do your analysis in a(n)

Match the following forensic tools with their attributes. -FTK

You may need to do a(n)________ analysis during a hacker attack or other intrusion.

Preserving e-evidence and good ________ of steps taken during the investigation are essential for success in computer crime cases.

Match the following forensic tools with their attributes. -UTK

Which of the following does NOT affect the choice of forensic tool(s)for a case?

Match the following forensic tools with their attributes. -dtSearch

Under no circumstances should you attempt to create a forensically clean drive by simply ________ the drive.

Match the following types of files to their description. -Write blocker

A forensics lab is typically considered to be a(n)________ environment.

Which factor(s)determine the type of tools needed for an analysis?

Data may be hidden by all of the following methods EXCEPT

A forensics lab should have all of the following applications on hand EXCEPT

________ data can include spreadsheets,databases,and word processing files.

Match the following forensic tools with their attributes. -Sleuth Kit

A defensible approach is an objective and unbiased approach that

The first step in analyzing data is to _________ it.

A(n)________ can cause MD5 hashes to be different if different tools are used to acquire a disk image.

________ is another name for the security key you need to access a system when using EnCase.

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters

Exam 3: Tools, Environments, Equipment, and Certifications

If volatile data must be acquired,you may need to do your analysis in a(n)

Match the following forensic tools with their attributes. -FTK

You may need to do a(n)________ analysis during a hacker attack or other intrusion.

Preserving e-evidence and good ________ of steps taken during the investigation are essential for success in computer crime cases.

Match the following forensic tools with their attributes. -UTK

Which of the following does NOT affect the choice of forensic tool(s)for a case?

Match the following forensic tools with their attributes. -dtSearch

Under no circumstances should you attempt to create a forensically clean drive by simply ________ the drive.

Match the following types of files to their description. -Write blocker

A forensics lab is typically considered to be a(n)________ environment.

Which factor(s)determine the type of tools needed for an analysis?

Data may be hidden by all of the following methods EXCEPT

A forensics lab should have all of the following applications on hand EXCEPT

________ data can include spreadsheets,databases,and word processing files.

Match the following forensic tools with their attributes. -Sleuth Kit

A defensible approach is an objective and unbiased approach that

The first step in analyzing data is to _________ it.

A(n)________ can cause MD5 hashes to be different if different tools are used to acquire a disk image.

________ is another name for the security key you need to access a system when using EnCase.

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

Investigating Windows, linux, and Graphic Files

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters