Deck 19: Computer Forensics

A)The CD-ROM.
B)The hard disk drive.
C)A zip drive.
D)The recycle bin.

A)The search engine
B)The HDD itself
C)The CPU
D)The FAT

A)Locate as much incriminating information as possible.
B)Preserve the photographs and video stored on the drive.
C)Give priority to the text files on the drive.
D)Obtain information without altering the drive in any way.

A)MD5.
B)ROM.
C)RAM.
D)MAC OS.

A)Linux
B)Firefox
C)Excel
D)Random Access Memory

A)Partitions, two
B)Disks, four
C)Cylinders, three
D)Sectors, two

A)The hard disk drive.
B)ROM.
C)RAM.
D)USB thumb drives.

A)Slack space on the HDD
B)Unallocated space on the HDD
C)RAM swap files
D)All of the above

A)1,000 bytes.
B)1,000 megabytes (MB).
C)1,000 kilobytes (KB).
D)8,000 bits.

A)Quadrant
B)Sector
C)Track
D)Cluster

A)Anything readily available to the user, also known as visible data
B)Data that are hidden from view
C)An automatically saved copy of a file that was recently modified
D)Data which are typically of little use to forensic investigators

A)Is obliterated from the system and cannot be recovered.
B)Is retained until the disk space it occupies is allocated for another use.
C)May be identified using forensic image acquisition software.
D)Both B and C

A)The spreadsheet files.
B)A photograph editing program.
C)A CAD package.
D)The word processing or text-based document files.

A)Unplug every device from the CPU to preserve the hard disk drive.
B)Procure a warrant to search.
C)Remove the system to the laboratory for processing.
D)Document the scene.

A)Is the main circuit board within a computer.
B)Has a socket to accept RAM.
C)Connects to every device used by the system.
D)All of the above

A)Tidbit.
B)Byte.
C)Binary digit.
D)Database.

A)In most cases
B)Only sometimes
C)Before and after imaging its contents
D)Rarely

A)Monitor
B)Hard disk drive
C)Mouse
D)Operating system

A)A wired connection.
B)A wireless connection.
C)A satellite connection.
D)Both A and B

A)Upon arrival, sketching the overall layout as well as photographing it
B)Photographing any running monitors
C)Removing the plug from the back of the computer, not from the wall
D)None of the above

A)Internet "cookies"
B)Internet history
C)Cache
D)All of the above

A)Uniform Replacement Listing.
B)Unlimited Real-time Link.
C)Uniform Resource Locator.
D)User-Resource Link.

A)126 bytes
B)256 bytes
C)512 bytes
D)1024 bytes

A)Swap files.
B)Temporary files.
C)Unallocated space.
D)Windows.

A)24,576
B)512
C)3,072
D)307.2

A)Turn the mobile device off.
B)Leave the mobile device on.
C)Leave the mobile device on, but place it in a Faraday shield.
D)None of the above

A)File; RAM
B)RAM; ROM
C)Cluster; file
D)IP; TTI

A)Crashing.
B)Whacking.
C)Hacking.
D)Spamming.

A)RAM slack
B)File slack
C)Unallocated space
D)All of the above

A)SSIM
B)DDIM
C)SD
D)DAB

A)Cookies
B)Cache
C)Favorite sites
D)Slack files

A)System bus
B)Central processing unit (CPU)
C)Random-access memory (RAM)
D)Network interface card (NIC)

A)RAM.
B)ROM.
C)System bus.
D)Central processing unit.

A)Sectors.
B)Clusters.
C)Tracks.
D)All of the above

A)Swap files.
B)RAM.
C)ROM.
D)Slack files.

A)SMS.
B)MMS.
C)GPS.
D)RAM.

A)RAM slack.
B)File slack.
C)Unallocated space.
D)Temporary files.

A)Area network
B)Cable modem
C)Domain
D)Caching system

A)Phish
B)IP address
C)E-mail
D)Cookie

A)Central processing unit (CPU).
B)Firewall.
C)Cookie.
D)Internet cache.

A)Swap
B)Latent
C)Visible
D)Allocated

A)Motherboard
B)Central processing unit (CPU)
C)Hard disk drive
D)Operating system

A)Storage programs used to start the boot process.
B)A set of instructions compiled into a program that performs a particular task.
C)A complex network of wires that carry data from one hardware device to another.
D)A primary component of storage in the personal computer.