Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 10: Acquisition and Examination of Forensic Evidence

Full screen (f)
exit full mode
Question
What is the name for the device that allows read-only access to all accessible data on a drive and keeps anything from being written to an original drive?

A) wiping tool
B) write-blocker
C) EnCase
D) Cell-brite
Use Space or
up arrow
down arrow
to flip the card.
Question
What US government agency operates the Computer Forensic Tool Testing Project?

A) National Institute of Standards and Technology (NIST)
B) National Security Agency (NSA)
C) Internet Crime Complaint Center (IC3)
D) Action Fraud
Question
Which of the following is not a specific criteria identified for imaging tools by NIST?

A) the tool shall log I/O errors
B) tools shall not alter the original disk
C) tools shall be affordable
D) tools shall make a duplicate or image of an original disk
Question
What is the term used to refer to the organization of a hard drive into separate storage spaces?

A) extracting
B) partitioning
C) wiping
D) carving
Question
What is the term used to refer to files that have been manipulated in order to conceal the contents of the original file?

A) cleaned files
B) wiped files
C) deleted files
D) hidden files
Question
What is the term used to refer to the copy and capture of original data files in a way that makes them available for analyses that minimizes the likelihood of error?

A) preservation
B) instant process
C) carving
D) wiping
Question
When an examiner validates that the hard drive image they are working with is an authentic duplicate of the original, they use a unique algorithm to generate a:

A) copy
B) digi-bit
C) hash value
D) partitioned file
Question
What phrase references the process of searching for files and extracting that data without considering the larger file systems?

A) file signature
B) wiping
C) partitioning
D) file carving
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/8
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Acquisition and Examination of Forensic Evidence
1
What is the name for the device that allows read-only access to all accessible data on a drive and keeps anything from being written to an original drive?

A) wiping tool
B) write-blocker
C) EnCase
D) Cell-brite
B
2
What US government agency operates the Computer Forensic Tool Testing Project?

A) National Institute of Standards and Technology (NIST)
B) National Security Agency (NSA)
C) Internet Crime Complaint Center (IC3)
D) Action Fraud
A
3
Which of the following is not a specific criteria identified for imaging tools by NIST?

A) the tool shall log I/O errors
B) tools shall not alter the original disk
C) tools shall be affordable
D) tools shall make a duplicate or image of an original disk
C
4
What is the term used to refer to the organization of a hard drive into separate storage spaces?

A) extracting
B) partitioning
C) wiping
D) carving
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Unlock Deck
k this deck
5
What is the term used to refer to files that have been manipulated in order to conceal the contents of the original file?

A) cleaned files
B) wiped files
C) deleted files
D) hidden files
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Unlock Deck
k this deck
6
What is the term used to refer to the copy and capture of original data files in a way that makes them available for analyses that minimizes the likelihood of error?

A) preservation
B) instant process
C) carving
D) wiping
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Unlock Deck
k this deck
7
When an examiner validates that the hard drive image they are working with is an authentic duplicate of the original, they use a unique algorithm to generate a:

A) copy
B) digi-bit
C) hash value
D) partitioned file
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Unlock Deck
k this deck
8
What phrase references the process of searching for files and extracting that data without considering the larger file systems?

A) file signature
B) wiping
C) partitioning
D) file carving
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 8 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree