Chat with AI
Deck 15: Computer Basics for Digital Investigators
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/34
Play
Full screen (f)
Deck 15: Computer Basics for Digital Investigators
1
The boot sector in a FAT volume contains all of the following information EXCEPT:
A) Partition table
B) The number of file allocation tables available
C) Cluster size
D) Volume label
A) Partition table
B) The number of file allocation tables available
C) Cluster size
D) Volume label
A
2
Encrypted data can be recovered using which of the following methods?
A) Trying every possible encryption key
B) Obtaining the passphrase used to protect the encryption key
C) Recovering plaintext versions of data from unallocated and slack space
D) All of the above
A) Trying every possible encryption key
B) Obtaining the passphrase used to protect the encryption key
C) Recovering plaintext versions of data from unallocated and slack space
D) All of the above
D
3
How many bytes are in a kilobyte?
A) 8
B) 100
C) 1000
D) 1024
A) 8
B) 100
C) 1000
D) 1024
D
4
The storage capacity of a hard drive with 256 heads, 63 sectors, and 1024 cylinders is:
A) 8.4 Gbytes
B) 7.8 Gbytes
C) 8 Gbytes
D) 9 Gbytes
A) 8.4 Gbytes
B) 7.8 Gbytes
C) 8 Gbytes
D) 9 Gbytes
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
5
The BIOS can be password protected.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
6
By default, computers will boot from a floppy disk if one is present in the system.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
7
Which encryption scheme is weakest?
A) RSA
B) ROT13
C) DES
D) DSA
A) RSA
B) ROT13
C) DES
D) DSA
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
8
Hard drive settings stored in a computer's CMOS RAM chip are always correct and accurate.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
9
The POST verifies that all of the computer's components are functioning properly.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
10
Solaris computers store data in:
A) Hexadecimal
B) Little-endian
C) Octal
D) Big-endian
A) Hexadecimal
B) Little-endian
C) Octal
D) Big-endian
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following are limitations to salvaging data through data carving?
A) File name and date-time stamps that were associated with the file are not salvaged.
B) The size of the original file may not be known, making it necessary to guess how much data to carve out.
C) Simple carving assumes all portions of the file were stored contiguously, and not fragmented.
D) All of the above.
A) File name and date-time stamps that were associated with the file are not salvaged.
B) The size of the original file may not be known, making it necessary to guess how much data to carve out.
C) Simple carving assumes all portions of the file were stored contiguously, and not fragmented.
D) All of the above.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
12
The first sector of a hard disk contains a:
A) Boot sector
B) Master boot record
C) Volume
D) Partition
A) Boot sector
B) Master boot record
C) Volume
D) Partition
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
13
The CMOS RAM chip stores a computer's date and time.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
14
The first sector of a volume contains a:
A) Boot sector
B) Master boot record
C) Root Directory
D) Partition
A) Boot sector
B) Master boot record
C) Root Directory
D) Partition
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
15
The big-endian representation of "FB 78 7A 23" is:
A) 78 FB 23 7A
B) 7A 23 FB 78
C) 23 7A 78 FB
D) FB 7A 78 23
A) 78 FB 23 7A
B) 7A 23 FB 78
C) 23 7A 78 FB
D) FB 7A 78 23
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
16
What can you do to determine the number of sectors on a hard drive larger than 8GB?
A) Use a UNIX tool like hdparm
B) Use a Windows tools like EnCase
C) Check the drive manufacturer's website for the specific drive
D) All of the above
A) Use a UNIX tool like hdparm
B) Use a Windows tools like EnCase
C) Check the drive manufacturer's website for the specific drive
D) All of the above
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
17
On Intel-based computers, system date and time information is maintained in:
A) CMOS
B) System.conf
C) MBR
D) Boot record
A) CMOS
B) System.conf
C) MBR
D) Boot record
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
18
The ENIAC was the first digital computer.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
19
In NTFS, an example of a file system feature that can be used to conceal data is:
A) Setting the Read/Only attribute on the folder you want to protect
B) Storing data in a hidden partition
C) Using alternate data streams
D) None of the above
A) Setting the Read/Only attribute on the folder you want to protect
B) Storing data in a hidden partition
C) Using alternate data streams
D) None of the above
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
20
File slack space is:
A) The space between the end of a volume and the end of a partition
B) The sectors in a cluster that are not occupied by the file in that cluster
C) The space on a disk that is not allocated to files
D) The space left on a disk after a file is deleted
A) The space between the end of a volume and the end of a partition
B) The sectors in a cluster that are not occupied by the file in that cluster
C) The space on a disk that is not allocated to files
D) The space left on a disk after a file is deleted
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
21
Many digital forensics laboratories have the capability to recover overwritten data from a hard drive.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
22
The Macintosh Open Firmware can be instructed to boot from a CD-ROM by holding down the "b" key.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
23
A sector is composed of multiple clusters.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
24
Unicode can represent more characters than ASCII.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
25
Digital forensics examiners do not need to be concerned about the distinction between little-endian and big-endian representations because automated tools make the necessary translation.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
26
Describe the main steps that your computer takes during the boot process from the time you press the power switch to the first appearance of the operating system. Why is this important to a forensic examiner?
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
27
The Sun OpenBoot PROM can be interrupted by depressing the "Stop" key.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
28
The number of sectors on any hard drive is calculated by multiplying its CHS values.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
29
Although storage media come in many forms, hard disks are the richest sources of digital evidence on computers.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
30
What is the storage capacity of a hard drive with 64 heads, 63 sectors, and 787 cylinders?
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
31
How do you remove data from a hard drive to prevent it from being recovered (e.g., delete partition table, reformat drive, delete files)?
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
32
What is the ASCII representation of this hexadecimal data: "54686520737573706563742773206E616D65206973204D69636861656C"?
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
33
Where is the partition table located on a hard drive, and what does it contain?
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
34
Sectors are 557 bytes long but only 512 bytes are used to store data.
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 34 flashcards in this deck.
