Question 1

The _______________ executable is the Windows Boot Manager program, which controls boot flow and allows booting multiple OSs.?

Accepted Answer

The answer of The _______________ executable is the Windows Boot...

Question 2

Match each term with the correct definition below:
-A public?/ private key encryption first used in Windows 2000 on NTFS-formatted disks. The file encrypted with a symmetric key, and then a public?/ private key is used to encrypt the symmetric key.?

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 3

​The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

Accepted Answer

A) ​registry 
B) ​storage 
C) hive 
D) tree 
A) ​registry 
B) ​storage 
C) hive 
D) tree

Question 4

Explain the difference between ​logical addresses ​and ​physical addresses​ in Microsoft file structures.

Accepted Answer

Clusters are numbered sequentially, star

Question 5

_____________ is composed of the unused space in a cluster between the end of an active file's content and the end of the cluster.​

Accepted Answer

The answer of _____________ is composed of the unused space...

Question 6

Match each term with the correct definition below:
-A new file system developed for Windows Server 2012. It allows increased stability for disk storage and improved features for data recovery and error checking.?

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 7

​Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

Accepted Answer

A) Disk Track Recording (DTR)​ 
B) ​Zone Based Areal Density (ZBA
D)  
C) Zone Bit Recording (ZBR) 
D) Cylindrical Head Calculation (CH
C)  
A) Disk Track Recording (DTR)​ 
B) ​Zone Based Areal Density (ZBA
D)  
C) Zone Bit Recording (ZBR) 
D) Cylindrical Head Calculation (CH
C)

Question 8

Compare the methods for deleting NTFS files.​

Accepted Answer

​Typically, you use Windows or File Expl

Question 9

Why are ​alternate data streams​ of particular interest when examining NTFS disks?

Accepted Answer

Alternate data streams are ways data can

Question 10

Match each term with the correct definition below:
-?A 16-bit program that identifies hardware components during startup snd sends the information to Ntldr.

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 11

Which of the following is not a valid configuration of Unicode?​

Accepted Answer

A) ​UTF-8 
B) ​UTF-16 
C) UTF-32 
D) UTF-64 
A) ​UTF-8 
B) ​UTF-16 
C) UTF-32 
D) UTF-64

Question 12

Match each term with the correct definition below:
-?A file that specifies the Windows path installation and a variety of other startup options.

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 13

Match each term with the correct definition below:
-?The original Microsoft file structure database. It's written to the outermost track of a disk and contains information about each file stored on the drive. PCs use this to organize files on a disk so that the OS can find the files it needs.

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 14

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?​

Accepted Answer

A) ​0x1CE 
B) ​0x1BE 
C) 0x1AE 
D) 0x1DE 
A) ​0x1CE 
B) ​0x1BE 
C) 0x1AE 
D) 0x1DE

Question 15

What registry file contains installed programs' settings and associated usernames and passwords?​

Accepted Answer

A) ​Default.dat 
B) ​Security.dat 
C) Software.dat 
D) System.dat 
A) ​Default.dat 
B) ​Security.dat 
C) Software.dat 
D) System.dat

Question 16

Match each term with the correct definition below:
-?A device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS.

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 17

What term is used to describe a disk's logical structure of platters, tracks, and sectors?

Accepted Answer

A) ​cylinder 
B) ​trigonometry 
C) geometry 
D) mapping 
A) ​cylinder 
B) ​trigonometry 
C) geometry 
D) mapping

Question 18

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?​

Accepted Answer

A) ​$MftMirr 
B) ​$TransAct 
C) $LogFile 
D) $Backup 
A) ​$MftMirr 
B) ​$TransAct 
C) $LogFile 
D) $Backup

Question 19

Match each term with the correct definition below:
-?The file system that Microsoft created to replace FAT. It uses security features, allows smaller cluster sizes, and uses Unicode, which makes it a more versatile system.

Accepted Answer

A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System 
A) Boot.ini 
B) bootstrap process 
C) Encryption File System 
D) File Allocation Table (FAT) 
E) tracks
F)head
G)NTBootdd.sys
H)NTDetect.com
I)NT File System
J)Resilient File System

Question 20

Addresses that allow the MFT to link to nonresident files are known as _______________.​

Accepted Answer

A) ​virtual cluster numbers 
B) ​logical cluster numbers 
C) sequential cluster numbers 
D) polarity cluster numbers 
A) ​virtual cluster numbers 
B) ​logical cluster numbers 
C) sequential cluster numbers 
D) polarity cluster numbers

The _______________ executable is the Windows Boot Manager program, which controls boot flow and allows booting multiple OSs.?

Match each term with the correct definition below: -A public?/ private key encryption first used in Windows 2000 on NTFS-formatted disks. The file encrypted with a symmetric key, and then a public?/ private key is used to encrypt the symmetric key.?

The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

Explain the difference between logical addresses and physical addresses in Microsoft file structures.

_____________ is composed of the unused space in a cluster between the end of an active file's content and the end of the cluster.

Match each term with the correct definition below: -A new file system developed for Windows Server 2012. It allows increased stability for disk storage and improved features for data recovery and error checking.?

Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

Compare the methods for deleting NTFS files.

Why are alternate data streams of particular interest when examining NTFS disks?

Match each term with the correct definition below: -?A 16-bit program that identifies hardware components during startup snd sends the information to Ntldr.

Which of the following is not a valid configuration of Unicode?

Match each term with the correct definition below: -?A file that specifies the Windows path installation and a variety of other startup options.

Match each term with the correct definition below: -?The original Microsoft file structure database. It's written to the outermost track of a disk and contains information about each file stored on the drive. PCs use this to organize files on a disk so that the OS can find the files it needs.

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?

What registry file contains installed programs' settings and associated usernames and passwords?

Match each term with the correct definition below: -?A device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS.

What term is used to describe a disk's logical structure of platters, tracks, and sectors?

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?

Match each term with the correct definition below: -?The file system that Microsoft created to replace FAT. It uses security features, allows smaller cluster sizes, and uses Unicode, which makes it a more versatile system.

Addresses that allow the MFT to link to nonresident files are known as _______________.

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Exam 5: Working With Windows and Cli Systems

The _______________ executable is the Windows Boot Manager program, which controls boot flow and allows booting multiple OSs.?

Match each term with the correct definition below: -A public?/ private key encryption first used in Windows 2000 on NTFS-formatted disks. The file encrypted with a symmetric key, and then a public?/ private key is used to encrypt the symmetric key.?

​The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

Explain the difference between ​logical addresses ​and ​physical addresses​ in Microsoft file structures.

_____________ is composed of the unused space in a cluster between the end of an active file's content and the end of the cluster.​

Match each term with the correct definition below: -A new file system developed for Windows Server 2012. It allows increased stability for disk storage and improved features for data recovery and error checking.?

​Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

Compare the methods for deleting NTFS files.​

Why are ​alternate data streams​ of particular interest when examining NTFS disks?

Match each term with the correct definition below: -?A 16-bit program that identifies hardware components during startup snd sends the information to Ntldr.

Which of the following is not a valid configuration of Unicode?​

Match each term with the correct definition below: -?A file that specifies the Windows path installation and a variety of other startup options.

Match each term with the correct definition below: -?The original Microsoft file structure database. It's written to the outermost track of a disk and contains information about each file stored on the drive. PCs use this to organize files on a disk so that the OS can find the files it needs.

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?​

What registry file contains installed programs' settings and associated usernames and passwords?​

Match each term with the correct definition below: -?A device driver that allows the OS to communicate with SCSI or ATA drives that aren't related to the BIOS.

What term is used to describe a disk's logical structure of platters, tracks, and sectors?

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?​

Match each term with the correct definition below: -?The file system that Microsoft created to replace FAT. It uses security features, allows smaller cluster sizes, and uses Unicode, which makes it a more versatile system.

Addresses that allow the MFT to link to nonresident files are known as _______________.​

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Data Acquisition

Processing Crime and Incident Scenes

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

Explain the difference between logical addresses and physical addresses in Microsoft file structures.

_____________ is composed of the unused space in a cluster between the end of an active file's content and the end of the cluster.

Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

Compare the methods for deleting NTFS files.

Why are alternate data streams of particular interest when examining NTFS disks?

Which of the following is not a valid configuration of Unicode?

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?

What registry file contains installed programs' settings and associated usernames and passwords?

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?

Addresses that allow the MFT to link to nonresident files are known as _______________.