Chat with AIExam 9: Computer Forensics Analysis and Validation
Exam 1: Understanding the Digital Forensics Profession and Investigations50 Questions
Exam 2: The Investigators Office and Laboratory50 Questions
Exam 3: Data Acquisition50 Questions
Exam 4: Processing Crime and Incident Scenes50 Questions
Exam 5: Working With Windows and Cli Systems50 Questions
Exam 6: Current Computer Forensics Tools50 Questions
Exam 7: Macintosh and Linux Boot Processes and File Systems48 Questions
Exam 8: Recovering Graphics Files49 Questions
Exam 9: Computer Forensics Analysis and Validation50 Questions
Exam 10: Virtual Machine and Cloud Forensics50 Questions
Exam 11: Live Acquisitions and Network Forensics50 Questions
Exam 12: Email Investigations50 Questions
Exam 13: Cell Phone and Mobile Device Forensics49 Questions
Exam 14: Report Writing for High Tech Investigations50 Questions
Exam 15: Expert Testimony in High Tech Investigations50 Questions
Exam 16: Ethics for the Investigator and Expert Witness50 Questions
Select questions type
Describe some of the forensic processes involved in investigating an employee suspected of industrial espionage.
Free
(Essay)
4.9/5 
(31)
(31) Correct Answer:
Verified
VerifiedBefore initiating this type of investigation, make sure the company, whether it's a private organization or a public agency, has set up rules of use and limitations of privacy rights. For these investigations, you might need to set up a surveillance camera to monitor the employee's activities in the office. You might also need to plant a software or hardware keylogger (for capturing keystrokes remotely), and you need to engage the network administrator's services to monitor Internet and network activities. In this situation, you might want to do a remote acquisition of the employee's drive, and then use another tool to determine what peripheral devices have been accessed.
Advanced hexadecimal editors offer many features not available in digital forensics tools, such as hashing specific files or sectors.
Free
(True/False)
4.9/5 (33)
(33) Correct Answer:Verified
VerifiedTrue
Describe what happens if a FAT partition containing bad cluster is converted to an NTFS partition, and how you miss evidence that's being hidden.
Free
(Essay)
4.9/5 (36)
(36) Correct Answer:Verified
VerifiedIf a FAT partition containing clusters marked as bad is converted to an NTFS partition, the bad clusters remain marked as bad, so the conversion to NTFS doesn't affect the content of these clusters. Most GUI tools skip clusters marked as bad in FAT and NTFS, and these clusters might contain valuable evidence for an investigation.
What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords?
(Multiple Choice)
4.9/5 (38)
(38) Match the following terms with the correct definitions below:?
-?The result of an investigation expanding beyond its original description because the discovery of unexpected evidence increases the amount of work required.
(Multiple Choice)
4.8/5 (25)
(25) The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.
(Multiple Choice)
4.9/5 (39)
(39) A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.
(Multiple Choice)
4.8/5 (27)
(27) In ProDiscover and other digital forensics tools, raw format image files (.dd extension) don't contain ________, so you must validate them manually to ensure the integrity of data.
(Short Answer)
4.9/5 (31)
(31) What letter should be typed into DiskEdit in order to mark a good sector as bad?
(Multiple Choice)
4.7/5 (41)
(41) Match the following terms with the correct definitions below:?
-?The process of hashing all sectors of a file and then comparing them with sectors on a suspect's disk drive to determine whether there are any remnants of the original file that couldn't be recovered.
(Multiple Choice)
4.8/5 (41)
(41) The term _____________ comes from the Greek word for "hidden writing".
(Short Answer)
4.8/5 (45)
(45) Match the following terms with the correct definitions below:?
-?A file containing the hash value for every possible password that can be generated from a computer's keyboard.
(Multiple Choice)
4.9/5 (34)
(34) When performing a static acquisition, what should be done after the hardware on a suspect's computer has been inventoried and documented?
(Multiple Choice)
4.9/5 (39)
(39) Examining and analyzing digital evidence depend on the nature of the investigation and the amount of data to process. Criminal investigations are limited to finding data defined in the search warrant, and _____ investigations are often limited by court orders for discovery.
(Short Answer)
4.8/5 (29)
(29) Illustrate how an investigator would detect whether a suspect's drive contains hidden partitions.
(Essay)
4.9/5 (38)
(38) Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.
(Multiple Choice)
4.9/5 (33)
(33) Match the following terms with the correct definitions below:?
-?A technology designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
(Multiple Choice)
4.7/5 (33)
(33) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)