Question 1

In general, forensics workstations can be divided into what categories? Explain each category.

Accepted Answer

Forensics workstations typically fall in

Question 2

Physically copying the entire drive is the only type of data-copying method used in software acquisitions.

Accepted Answer

A) True 
 B)False

Question 3

​What is the purpose of the reconstruction function in a forensics investigation?

Accepted Answer

A) ​Prove that two sets of data are identical. 
B) ​Copy all information from a suspect's drive, including information that may have been hidden. 
C) Re-create a suspect's drive to show what happened during a crime or incident. 
D) Generate reports or logs that detail the processes undertaken by a forensics investigator. 
A) ​Prove that two sets of data are identical. 
B) ​Copy all information from a suspect's drive, including information that may have been hidden. 
C) Re-create a suspect's drive to show what happened during a crime or incident. 
D) Generate reports or logs that detail the processes undertaken by a forensics investigator.

Question 4

​The ProDiscover utility makes use of the proprietary _______________ file format.

Accepted Answer

A) ​.eve 
B) ​.pro 
C) .img 
D) .iso 
A) ​.eve 
B) ​.pro 
C) .img 
D) .iso

Question 5

The National Software Reference Library has compiled a list of known ___________ for a variety of OSs, applications, and images​.

Accepted Answer

The answer of The National Software Reference Library has compiled...

Question 6

​When performing disk acquisition, the raw data format is typically created with the UNIX​/ Linux _____________ command.

Accepted Answer

A) ​format 
B) ​dd 
C) dump 
D) tar 
A) ​format 
B) ​dd 
C) dump 
D) tar

Question 7

What are the three minimum steps of a basic digital forensics examination protocol?​

Accepted Answer

The three steps of a simple forensics ex

Question 8

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, ​dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.​

Accepted Answer

A) Ubuntu​ 
B) ​Helix3 
C) Arch 
D) Kali 
A) Ubuntu​ 
B) ​Helix3 
C) Arch 
D) Kali

Question 9

The physical data copy subfunction exists under the ______________ function.​

Accepted Answer

A) ​acquisition 
B) ​validation ​/ verification 
C) extraction 
D) reporting 
A) ​acquisition 
B) ​validation ​/ verification 
C) extraction 
D) reporting

Question 10

The NIST ________________ program establishes guidelines for selecting and using forensics tools.

Accepted Answer

Computer F

In general, forensics workstations can be divided into what categories? Explain each category.

Physically copying the entire drive is the only type of data-copying method used in software acquisitions.

What is the purpose of the reconstruction function in a forensics investigation?

The ProDiscover utility makes use of the proprietary _______________ file format.

The National Software Reference Library has compiled a list of known ___________ for a variety of OSs, applications, and images.

When performing disk acquisition, the raw data format is typically created with the UNIX/ Linux _____________ command.

What are the three minimum steps of a basic digital forensics examination protocol?

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.

The physical data copy subfunction exists under the ______________ function.

The NIST ________________ program establishes guidelines for selecting and using forensics tools.

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Exam 6: Current Computer Forensics Tools

In general, forensics workstations can be divided into what categories? Explain each category.

Physically copying the entire drive is the only type of data-copying method used in software acquisitions.

​What is the purpose of the reconstruction function in a forensics investigation?

​The ProDiscover utility makes use of the proprietary _______________ file format.

The National Software Reference Library has compiled a list of known ___________ for a variety of OSs, applications, and images​.

​When performing disk acquisition, the raw data format is typically created with the UNIX​/ Linux _____________ command.

What are the three minimum steps of a basic digital forensics examination protocol?​

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, ​dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.​

The physical data copy subfunction exists under the ______________ function.​

The NIST ________________ program establishes guidelines for selecting and using forensics tools.

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

What is the purpose of the reconstruction function in a forensics investigation?

The ProDiscover utility makes use of the proprietary _______________ file format.

The National Software Reference Library has compiled a list of known ___________ for a variety of OSs, applications, and images.

When performing disk acquisition, the raw data format is typically created with the UNIX/ Linux _____________ command.

What are the three minimum steps of a basic digital forensics examination protocol?

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.

The physical data copy subfunction exists under the ______________ function.