Question 1

By default,the ________ is used as virtual memory.

Accepted Answer

swap file

Question 2

Match the following keys to their hive file.
-HKEY_CLASSES_ROOT

Accepted Answer

A) Default 
B) System 
C) SAM 
D) Software 
A) Default 
B) System 
C) SAM 
D) Software

Question 3

Match the following to their data structures.
-Superblock

Accepted Answer

A) Contain metadata for each file 
B) Unit of allocation for storage 
C) Created for every file system mounted 
D) Contains information about the directory structure 
A) Contain metadata for each file 
B) Unit of allocation for storage 
C) Created for every file system mounted 
D) Contains information about the directory structure

Question 4

Which of the following is NOT one of the file types available within Linux?

Accepted Answer

A) Block devices 
B) Directories 
C) Named pipes 
D) Superblock 
A) Block devices 
B) Directories 
C) Named pipes 
D) Superblock

Question 5

Match the following file types to their description.
-Block devices

Accepted Answer

A) Unbuffered files used to exchange data 
B) Virtual connections between two processes 
C) Provide a FIFO mechanism 
D) Buffered files used to exchange data 
A) Unbuffered files used to exchange data 
B) Virtual connections between two processes 
C) Provide a FIFO mechanism 
D) Buffered files used to exchange data

Question 6

The ________ command gives Linux users the ability to perform administrative duties,which require a separate password for each user.

Accepted Answer

The answer of The ________ command gives Linux users the...

Question 7

The ________ tracks those actions deemed as events by the software application.

Accepted Answer

The answer of The ________ tracks those actions deemed as...

Question 8

In an NTFS system,by default,which of the following have access to files and folders not uniquely theirs?

Accepted Answer

A) Each user in the Group folder 
B) Only those users in the Users folder 
C) Each user who successfully logs in 
D) Only the user assigned to those resources 
A) Each user in the Group folder 
B) Only those users in the Users folder 
C) Each user who successfully logs in 
D) Only the user assigned to those resources

Question 9

The process of retrieving image data from unallocated or slack space is called ________.

Accepted Answer

data carvi

Question 10

Which of the following is one of the default directories created when installing Linux?

Accepted Answer

A) /setup 
B) /default 
C) /bin 
D) /swap 
A) /setup 
B) /default 
C) /bin 
D) /swap

Question 11

________ are used to determine where data starts and ends when graphic files are located in unallocated or slack space.

Accepted Answer

The answer of ________ are used to determine where data...

Question 12

Match the following GREP tokens with their related functions.
-[]

Accepted Answer

A) Used to match the ASCII hexadecimal representation of a single character 
B) Implements an OR situation 
C) When placed after a character, matches any number of occurrences of that character 
D) Matches a single character 
A) Used to match the ASCII hexadecimal representation of a single character 
B) Implements an OR situation 
C) When placed after a character, matches any number of occurrences of that character 
D) Matches a single character

Question 13

Match the hex signature with its file extension.
-FF D8 FF E1 xx xx 45 78 69 66 00

Accepted Answer

A) BMP 
B) ICO 
C) PNG 
D) JPEG 
A) BMP 
B) ICO 
C) PNG 
D) JPEG

Question 14

Match the following to their data structures.
-Dentry object

Accepted Answer

A) Contain metadata for each file 
B) Unit of allocation for storage 
C) Created for every file system mounted 
D) Contains information about the directory structure 
A) Contain metadata for each file 
B) Unit of allocation for storage 
C) Created for every file system mounted 
D) Contains information about the directory structure

Question 15

Match the type of directory to its definition.
-/var

Accepted Answer

A) Where files with no names are placed 
B) Contains information on printers, log files, and transient data 
C) Could be a rich source of evidence if not recently cleaned 
D) Library files 
E) Contains shadow password files 
A) Where files with no names are placed 
B) Contains information on printers, log files, and transient data 
C) Could be a rich source of evidence if not recently cleaned 
D) Library files 
E) Contains shadow password files

Question 16

Match between columns
                        Premises: Sockets

Accepted Answer

The Answer of Buffered files used to exchange data and is...

Question 17

Match the following keys to their hive file.
-HKEY_USERS Default

Accepted Answer

A) Default 
B) System 
C) SAM 
D) Software 
A) Default 
B) System 
C) SAM 
D) Software

Question 18

In Linux,everything-including all devices,partitions,and folders-is seen as a unified ________.

Accepted Answer

The answer of In Linux,everything-including all devices,partitions,and folders-is seen as...

Question 19

Sources of e-evidence within Windows subfolders can include all of the following EXCEPT

Accepted Answer

A) Pointers to Office files 
B) Listing of programs on the Quick Launch bar 
C) Pointers to Internet Favorites 
D) The user's address book 
A) Pointers to Office files 
B) Listing of programs on the Quick Launch bar 
C) Pointers to Internet Favorites 
D) The user's address book

By default,the ________ is used as virtual memory.

Match the following keys to their hive file. -HKEY_CLASSES_ROOT

Match the following to their data structures. -Superblock

Which of the following is NOT one of the file types available within Linux?

Match the following file types to their description. -Block devices

The ________ command gives Linux users the ability to perform administrative duties,which require a separate password for each user.

The ________ tracks those actions deemed as events by the software application.

In an NTFS system,by default,which of the following have access to files and folders not uniquely theirs?

The process of retrieving image data from unallocated or slack space is called ________.

Which of the following is one of the default directories created when installing Linux?

________ are used to determine where data starts and ends when graphic files are located in unallocated or slack space.

Match the following GREP tokens with their related functions. -[]

Match the hex signature with its file extension. -FF D8 FF E1 xx xx 45 78 69 66 00

Match the following to their data structures. -Dentry object

Match the type of directory to its definition. -/var

Match the following keys to their hive file. -HKEY_USERS Default

In Linux,everything-including all devices,partitions,and folders-is seen as a unified ________.

Sources of e-evidence within Windows subfolders can include all of the following EXCEPT

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Tools, Environments, Equipment, and Certifications

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters

Exam 7: Investigating Windows, linux, and Graphic Files

By default,the ________ is used as virtual memory.

Match the following keys to their hive file. -HKEY_CLASSES_ROOT

Match the following to their data structures. -Superblock

Which of the following is NOT one of the file types available within Linux?

Match the following file types to their description. -Block devices

The ________ command gives Linux users the ability to perform administrative duties,which require a separate password for each user.

The ________ tracks those actions deemed as events by the software application.

In an NTFS system,by default,which of the following have access to files and folders not uniquely theirs?

The process of retrieving image data from unallocated or slack space is called ________.

Which of the following is one of the default directories created when installing Linux?

________ are used to determine where data starts and ends when graphic files are located in unallocated or slack space.

Match the following GREP tokens with their related functions. -[]

Match the hex signature with its file extension. -FF D8 FF E1 xx xx 45 78 69 66 00

Match the following to their data structures. -Dentry object

Match the type of directory to its definition. -/var

Match the following keys to their hive file. -HKEY_USERS Default

In Linux,everything-including all devices,partitions,and folders-is seen as a unified ________.

Sources of e-evidence within Windows subfolders can include all of the following EXCEPT

Forensic Evidence and Crime Investigation

Computer Forensics Anddigital Detective Work

Tools, Environments, Equipment, and Certifications

Policies and Procedures

Data, PDA, and Cell Phone Forensics

Operating Systems and Data Transmission Basics for Digital Investigations

E-Mail and Webmail Forensics

Internet and Network Forensics and Intrusion Detection

Tracking Down Those Who Intend to Do Harm on a Large Scale

Fraud and Forensic Accounting Investigation

Federal Rules and Criminal Codes

Ethical and Professional Responsibility in Testimony

Filters