Question 1

​The ImageUSB utility can be used to create a bootable flash drive.

Accepted Answer

A) True 
 B)False  True

Question 2

​What is a hashing collision?

Accepted Answer

A hashing collision occurs when two files or data streams with different content produce the same digital fingerprint.

Question 3

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​

Accepted Answer

A) ​RAID 1 
B) ​RAID 3 
C) RAID 5 
D) RAID 10 
A) ​RAID 1 
B) ​RAID 3 
C) RAID 5 
D) RAID 10 D

Question 4

​What is the name of the Microsoft solution for whole disk encryption?

Accepted Answer

A) ​DriveCrypt 
B) ​TrueCrypt 
C) BitLocker 
D) SecureDrive 
A) ​DriveCrypt 
B) ​TrueCrypt 
C) BitLocker 
D) SecureDrive

Question 5

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

Accepted Answer

A) ​intrusion detection system 
B) ​active defense mechanism 
C) total awareness system 
D) intrusion monitoring system 
A) ​intrusion detection system 
B) ​active defense mechanism 
C) total awareness system 
D) intrusion monitoring system

Question 6

​Describe a RAID 6 configuration.

Accepted Answer

​In RAID 6, distributed data and distrib

Question 7

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.​

Accepted Answer

A) True 
 B)False

Question 8

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

Accepted Answer

A) ​-p 
B) ​-s 
C) -b 
D) -S 
A) ​-p 
B) ​-s 
C) -b 
D) -S

Question 9

How can lossless compression be tested?​

Accepted Answer

Lossless compression can be tested using

Question 10

Match the terms with the correct definitions?.
-?An open-source data acquisition format that stores image data and metadata

Accepted Answer

A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension 
A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension

Question 11

The Linux command _____ can be used to write bit-stream data to files.​

Accepted Answer

A) ​write 
B) ​dd 
C) cat 
D) dump 
A) ​write 
B) ​dd 
C) cat 
D) dump

Question 12

Match the terms with the correct definitions?.
-?A data acquisition method used when a suspect computer can't be shut down to perform a static acquisition

Accepted Answer

A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension 
A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension

Question 13

​________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Accepted Answer

Elcomsoft

Question 14

Match the terms with the correct definitions?.
-A data acquisition format that creates simple sequential flat files of a suspect drive or data set

Accepted Answer

A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension 
A) Advanced Forensic Format (AFF) 
B) Host protected area (HP
A)  
C) Live acquisitions 
D) Logical acquisitions 
E) Raw format
F)Redundant array of independent disks (RAI
D) 
G)Sparse acquisition
H)Static acquisitions
I)Whole disk encryption
J).pdg extension

Question 15

What is lossless compression?

Accepted Answer

Lossless compression uses comp

Question 16

What two command line utilities are available on Linux for validating files?

Accepted Answer

Both md5sum and sha1

Question 17

A RAID 3 array uses distributed data and distributed parity in a manner similar to a RAID 5 array.

Accepted Answer

A) True 
 B)False

Question 18

​An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Accepted Answer

A) ​​/ dev​/ hda 
B) ​​/ dev​/ hda1 
C) ​/ dev​/ sda 
D) ​/ dev​/ sda1 
A) ​​/ dev​/ hda 
B) ​​/ dev​/ hda1 
C) ​/ dev​/ sda 
D) ​/ dev​/ sda1

Question 19

​Which RAID type provides increased speed and data storage capability, but lacks redundancy?

Accepted Answer

A) ​RAID 0 
B) ​RAID 1 
C) RAID 0+1 
D) RAID 5 
A) ​RAID 0 
B) ​RAID 1 
C) RAID 0+1 
D) RAID 5

Question 20

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​

Accepted Answer

A) ​512 MB 
B) ​2 GB 
C) 1 TB 
D) 1 PB 
A) ​512 MB 
B) ​2 GB 
C) 1 TB 
D) 1 PB

The ImageUSB utility can be used to create a bootable flash drive.

What is a hashing collision?

Which RAID type utilizes mirrored striping, providing fast access and redundancy?

What is the name of the Microsoft solution for whole disk encryption?

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

Describe a RAID 6 configuration.

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

How can lossless compression be tested?

Match the terms with the correct definitions?. -?An open-source data acquisition format that stores image data and metadata

The Linux command _____ can be used to write bit-stream data to files.

Match the terms with the correct definitions?. -?A data acquisition method used when a suspect computer can't be shut down to perform a static acquisition

________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Match the terms with the correct definitions?. -A data acquisition format that creates simple sequential flat files of a suspect drive or data set

What is lossless compression?

What two command line utilities are available on Linux for validating files?

A RAID 3 array uses distributed data and distributed parity in a manner similar to a RAID 5 array.

An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Which RAID type provides increased speed and data storage capability, but lacks redundancy?

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

Exam 3: Data Acquisition

​The ImageUSB utility can be used to create a bootable flash drive.

​What is a hashing collision?

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​

​What is the name of the Microsoft solution for whole disk encryption?

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

​Describe a RAID 6 configuration.

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.​

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

How can lossless compression be tested?​

Match the terms with the correct definitions?. -?An open-source data acquisition format that stores image data and metadata

The Linux command _____ can be used to write bit-stream data to files.​

Match the terms with the correct definitions?. -?A data acquisition method used when a suspect computer can't be shut down to perform a static acquisition

​________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Match the terms with the correct definitions?. -A data acquisition format that creates simple sequential flat files of a suspect drive or data set

What is lossless compression?

What two command line utilities are available on Linux for validating files?

A RAID 3 array uses distributed data and distributed parity in a manner similar to a RAID 5 array.

​An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

​Which RAID type provides increased speed and data storage capability, but lacks redundancy?

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​

Understanding the Digital Forensics Profession and Investigations

The Investigators Office and Laboratory

Processing Crime and Incident Scenes

Working With Windows and Cli Systems

Current Computer Forensics Tools

Macintosh and Linux Boot Processes and File Systems

Recovering Graphics Files

Computer Forensics Analysis and Validation

Virtual Machine and Cloud Forensics

Live Acquisitions and Network Forensics

Email Investigations

Cell Phone and Mobile Device Forensics

Report Writing for High Tech Investigations

Expert Testimony in High Tech Investigations

Ethics for the Investigator and Expert Witness

Filters

The ImageUSB utility can be used to create a bootable flash drive.

What is a hashing collision?

Which RAID type utilizes mirrored striping, providing fast access and redundancy?

What is the name of the Microsoft solution for whole disk encryption?

Describe a RAID 6 configuration.

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.

How can lossless compression be tested?

The Linux command _____ can be used to write bit-stream data to files.

________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Which RAID type provides increased speed and data storage capability, but lacks redundancy?

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?