Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 18: Computer Forensics

Full screen (f)
exit full mode
Question
What keeps track of the location of files and folders on the HDD?

A) the HDD itself
B) the CD-ROM
C) the FAT
D) the CPU
E) the search engine
Use Space or
up arrow
down arrow
to flip the card.
Question
The ultimate goal of obtaining an image of a hard disk drive is to:

A) do so without altering the drive in any way.
B) attempt to determine the owner of the computer in question.
C) locate as much incriminating information as possible.
D) preserve the photographs and video stored on the drive.
E) give priority to the text files on the drive.
Question
When is it necessary to make a "fingerprint" of a HDD?

A) only sometimes
B) almost never
C) in most cases
D) before and after imaging its contents
E) rarely
Question
Which of the following is NOT considered a type of software?

A) Linux
B) Unix
C) Firefox
D) Random Access Memory
E) Excel
Question
The first thing a crime scene investigator should do when encountering computer forensic evidence is:

A) tape each cable to its adjoining component in an effort to preserve the integrity of the physical connections.
B) procure a warrant to search.
C) document the scene.
D) remove the system to the laboratory for processing.
E) unplug every device from the CPU to preserve the hard disk drive.
Question
The primary form of data storage within a personal computer is:

A) the CD-ROM.
B) a zip drive.
C) the hard disk drive.
D) a thumb drive.
E) the recycle bin.
Question
A motherboard:

A) has a socket to accept RAM.
B) connects to every device used by the system.
C) is the main circuit board within a computer.
D) all of the above
E) none of the above
Question
A cluster is a group of ________ in multiples of ________.

A) cylinders, three
B) tracks, three
C) sectors, two
D) partitions, two
E) disks, four
Question
Evidentiary data may be recovered from which of the following?

A) RAM swap files
B) unallocated space on the HDD
C) slack space on the HDD
D) all of the above
E) none of the above
Question
One gigabyte can be expressed as:

A) 1,000 kilobytes (KB).
B) 1,000 bytes.
C) 1,000 megabytes (MB).
D) 8,000 bits.
E) 80,000 kilobytes (KB).
Question
Which of the following is NOT considered a hardware device?

A) the random access memory
B) the operating system
C) the monitor
D) the mouse
E) the hard disk drive
Question
Which of the following is NOT a type of RAM?

A) DAB
B) SSIM
C) SD
D) DDIM
E) none of the above
Question
Which of the following is/are potential sources for forensic evidence on a suspect's personal computer?

A) Internet "cookies"
B) Internet history
C) cache
D) all of the above
E) A and B only
Question
One of the most common places to begin to look for evidential data is in:

A) any learn-to-type tutorial.
B) the spreadsheet files.
C) the word processing or text-based document files.
D) a CAD package.
E) a photograph editing program.
Question
A Network Interface Card (NIC) enables a personal computer to communicate with other computers via:

A) a wired connection.
B) a wireless connection.
C) a satellite connection.
D) all of the above
E) A and B only
Question
Which of the following is NOT associated with the partitioning of a HDD?

A) cylinder
B) sector
C) track
D) quadrant
E) cluster
Question
Which of the following is the best definition of latent data?

A) unallocated space
B) those data which are typically of little use to forensic investigators
C) anything readily available to the user, also known as visible data
D) those data that are hidden from view
E) an automatically saved copy of a file that was recently modified
Question
The term bit is short for:

A) binary digit.
B) database.
C) tidbit.
D) byte.
E) beneath image threshold.
Question
A software algorithm used to create a "fingerprint" of a file or an entire HDD is called:

A) RAM.
B) MD5.
C) CPU.
D) ROM.
E) MAC OS.
Question
Once a file is deleted by a user, it:

A) is obliterated from the system and cannot be recovered.
B) is retained until the disk space it occupies is allocated for another use.
C) may be identified using forensic image acquisition software.
D) A and B
E) B and C
Question
A device that permits only requested traffic to enter a computer system is known as a(n) :

A) internet cache
B) network traffic manager
C) firewall
D) central processing unit (CPU)
E) cookie
Question
The two types of slack space are ___________ slack and ___________ slack.

A) IP; TTI
B) unallocated: ROM
C) cluster; file
D) RAM; ROM
E) file; RAM
Question
The ___________ is a complex network of wires that carry data from one hardware device to another.

A) network
B) central processing unit (CPU)
C) operating system
D) motherboard
E) hard disc drive
Question
All data readily available to a computer user is known as ___________ data.

A) visible
B) allocated
C) latent
D) slack
E) swap
Question
A(n) ___________ is placed on a hard disk drive by a website to track certain information about its visitors.

A) e-mail
B) cache
C) phish
D) IP address
E) cookie
Question
The complex of wires located on the motherboard which serves to carry data from one hardware device to another is:

A) the BIOS.
B) system bus.
C) RAM.
D) ROM.
E) central processing unit.
Question
A directory or index cataloging the content of the Internet is called:

A) a web browser.
B) the world wide web.
C) a search engine.
D) an IPO.
E) a chat room.
Question
One should not look for "latent" data in:

A) RAM slack.
B) temporary files.
C) unallocated space.
D) file slack.
E) deleted files.
Question
List and describe the hardware and the software components of a computer.
Question
Unauthorized intrusion into a computer is called:

A) whacking.
B) spamming.
C) crashing.
D) hacking.
E) slamming.
Question
Which of the following actions taken at the crime scene involving a computer are incorrect?

A) upon arrival, sketching the overall layout as well as photographing it
B) photographing any running monitors
C) placing corresponding labels on cords from peripheral devices and the port to which each cord was connected
D) removing the plug from the back of the computer, not from the wall
E) none of the above
Question
Describe the difference between read-only memory and random-access memory.
Question
The boot (start-up) process for a computer is controlled by:

A) USB thumb drives.
B) RAM.
C) the hard disc drive.
D) Floppy discs.
E) ROM.
Question
Sectors are typically ___________ bytes in size.

A) 512
B) 256
C) 126
D) 2050
E) 1024
Question
The definition of software is:

A) primary component of storage in the personal computer
B) program permitting the user to manage files and applications
C) set of instructions compiled into a program that performs a particular task
D) storage programs used to start the boot process
E) a complex network of wires that carry data from one hardware device to another
Question
Which of the following is not considered to be classified as software?

A) Floppy discs
B) Accounting applications
C) Web browsers
D) Operating systems
E) Word processors
Question
One should not search for "visible" data in:

A) unallocated space.
B) swab files.
C) windows.
D) Quicken.
E) temporary files.
Question
The most commonly used feature of the Internet is:

A) academic research.
B) chat rooms.
C) long-distance phone service.
D) email.
E) online shopping.
Question
If a file system defines a cluster as six sectors, how many bytes of information can be stored on each cluster?

A) 512
B) 3,072
C) 24,576
D) none of the above
Question
Hard drive partitions are typically divided into:

A) Clusters
B) Sectors
C) Cylinders
D) Tracks
E) All of the above
Question
Describe how e-mails, chat and IM's can be traced and recovered by a computer forensics expert.
Question
Describe how a hard disk is partitioned.
Question
What are the areas of the computer that forensic examiners will examine to retrieve forensic data.
Question
List and describe three locations where forensic investigators may pinpoint the origin of a hacker.
Question
What is the difference between and location of visible and latent data?
Question
Describe the proper procedure for preserving computer evidence at a crime scene.
Question
Explain the various areas found on the computer where a user's Internet activities can be investigated.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/47
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 18: Computer Forensics
1
What keeps track of the location of files and folders on the HDD?

A) the HDD itself
B) the CD-ROM
C) the FAT
D) the CPU
E) the search engine
C
2
The ultimate goal of obtaining an image of a hard disk drive is to:

A) do so without altering the drive in any way.
B) attempt to determine the owner of the computer in question.
C) locate as much incriminating information as possible.
D) preserve the photographs and video stored on the drive.
E) give priority to the text files on the drive.
A
3
When is it necessary to make a "fingerprint" of a HDD?

A) only sometimes
B) almost never
C) in most cases
D) before and after imaging its contents
E) rarely
D
4
Which of the following is NOT considered a type of software?

A) Linux
B) Unix
C) Firefox
D) Random Access Memory
E) Excel
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
5
The first thing a crime scene investigator should do when encountering computer forensic evidence is:

A) tape each cable to its adjoining component in an effort to preserve the integrity of the physical connections.
B) procure a warrant to search.
C) document the scene.
D) remove the system to the laboratory for processing.
E) unplug every device from the CPU to preserve the hard disk drive.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
6
The primary form of data storage within a personal computer is:

A) the CD-ROM.
B) a zip drive.
C) the hard disk drive.
D) a thumb drive.
E) the recycle bin.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
7
A motherboard:

A) has a socket to accept RAM.
B) connects to every device used by the system.
C) is the main circuit board within a computer.
D) all of the above
E) none of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
8
A cluster is a group of ________ in multiples of ________.

A) cylinders, three
B) tracks, three
C) sectors, two
D) partitions, two
E) disks, four
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
9
Evidentiary data may be recovered from which of the following?

A) RAM swap files
B) unallocated space on the HDD
C) slack space on the HDD
D) all of the above
E) none of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
10
One gigabyte can be expressed as:

A) 1,000 kilobytes (KB).
B) 1,000 bytes.
C) 1,000 megabytes (MB).
D) 8,000 bits.
E) 80,000 kilobytes (KB).
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is NOT considered a hardware device?

A) the random access memory
B) the operating system
C) the monitor
D) the mouse
E) the hard disk drive
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is NOT a type of RAM?

A) DAB
B) SSIM
C) SD
D) DDIM
E) none of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is/are potential sources for forensic evidence on a suspect's personal computer?

A) Internet "cookies"
B) Internet history
C) cache
D) all of the above
E) A and B only
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
14
One of the most common places to begin to look for evidential data is in:

A) any learn-to-type tutorial.
B) the spreadsheet files.
C) the word processing or text-based document files.
D) a CAD package.
E) a photograph editing program.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
15
A Network Interface Card (NIC) enables a personal computer to communicate with other computers via:

A) a wired connection.
B) a wireless connection.
C) a satellite connection.
D) all of the above
E) A and B only
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following is NOT associated with the partitioning of a HDD?

A) cylinder
B) sector
C) track
D) quadrant
E) cluster
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is the best definition of latent data?

A) unallocated space
B) those data which are typically of little use to forensic investigators
C) anything readily available to the user, also known as visible data
D) those data that are hidden from view
E) an automatically saved copy of a file that was recently modified
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
18
The term bit is short for:

A) binary digit.
B) database.
C) tidbit.
D) byte.
E) beneath image threshold.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
19
A software algorithm used to create a "fingerprint" of a file or an entire HDD is called:

A) RAM.
B) MD5.
C) CPU.
D) ROM.
E) MAC OS.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
20
Once a file is deleted by a user, it:

A) is obliterated from the system and cannot be recovered.
B) is retained until the disk space it occupies is allocated for another use.
C) may be identified using forensic image acquisition software.
D) A and B
E) B and C
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
21
A device that permits only requested traffic to enter a computer system is known as a(n) :

A) internet cache
B) network traffic manager
C) firewall
D) central processing unit (CPU)
E) cookie
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
22
The two types of slack space are ___________ slack and ___________ slack.

A) IP; TTI
B) unallocated: ROM
C) cluster; file
D) RAM; ROM
E) file; RAM
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
23
The ___________ is a complex network of wires that carry data from one hardware device to another.

A) network
B) central processing unit (CPU)
C) operating system
D) motherboard
E) hard disc drive
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
24
All data readily available to a computer user is known as ___________ data.

A) visible
B) allocated
C) latent
D) slack
E) swap
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
25
A(n) ___________ is placed on a hard disk drive by a website to track certain information about its visitors.

A) e-mail
B) cache
C) phish
D) IP address
E) cookie
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
26
The complex of wires located on the motherboard which serves to carry data from one hardware device to another is:

A) the BIOS.
B) system bus.
C) RAM.
D) ROM.
E) central processing unit.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
27
A directory or index cataloging the content of the Internet is called:

A) a web browser.
B) the world wide web.
C) a search engine.
D) an IPO.
E) a chat room.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
28
One should not look for "latent" data in:

A) RAM slack.
B) temporary files.
C) unallocated space.
D) file slack.
E) deleted files.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
29
List and describe the hardware and the software components of a computer.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
30
Unauthorized intrusion into a computer is called:

A) whacking.
B) spamming.
C) crashing.
D) hacking.
E) slamming.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following actions taken at the crime scene involving a computer are incorrect?

A) upon arrival, sketching the overall layout as well as photographing it
B) photographing any running monitors
C) placing corresponding labels on cords from peripheral devices and the port to which each cord was connected
D) removing the plug from the back of the computer, not from the wall
E) none of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
32
Describe the difference between read-only memory and random-access memory.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
33
The boot (start-up) process for a computer is controlled by:

A) USB thumb drives.
B) RAM.
C) the hard disc drive.
D) Floppy discs.
E) ROM.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
34
Sectors are typically ___________ bytes in size.

A) 512
B) 256
C) 126
D) 2050
E) 1024
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
35
The definition of software is:

A) primary component of storage in the personal computer
B) program permitting the user to manage files and applications
C) set of instructions compiled into a program that performs a particular task
D) storage programs used to start the boot process
E) a complex network of wires that carry data from one hardware device to another
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
36
Which of the following is not considered to be classified as software?

A) Floppy discs
B) Accounting applications
C) Web browsers
D) Operating systems
E) Word processors
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
37
One should not search for "visible" data in:

A) unallocated space.
B) swab files.
C) windows.
D) Quicken.
E) temporary files.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
38
The most commonly used feature of the Internet is:

A) academic research.
B) chat rooms.
C) long-distance phone service.
D) email.
E) online shopping.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
39
If a file system defines a cluster as six sectors, how many bytes of information can be stored on each cluster?

A) 512
B) 3,072
C) 24,576
D) none of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
40
Hard drive partitions are typically divided into:

A) Clusters
B) Sectors
C) Cylinders
D) Tracks
E) All of the above
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
41
Describe how e-mails, chat and IM's can be traced and recovered by a computer forensics expert.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
42
Describe how a hard disk is partitioned.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
43
What are the areas of the computer that forensic examiners will examine to retrieve forensic data.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
44
List and describe three locations where forensic investigators may pinpoint the origin of a hacker.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
45
What is the difference between and location of visible and latent data?
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
46
Describe the proper procedure for preserving computer evidence at a crime scene.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
47
Explain the various areas found on the computer where a user's Internet activities can be investigated.
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 47 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree