Because attorneys do not have the right of full discovery of digital evidence, it is not possible for new evidence to come to light while complying with a defense request for full discovery.?
One of the most critical aspects of digital forensics is validating digital evidence because ensuring the integrity of data you collect is essential for presenting evidence in court.?
The advantage of recording hash values is that you can determine whether data has changed.?
In private sector cases, like criminal and civil cases, the scope is always defined by a search warrant.?
Advanced hexadecimal editors offer many features not available in digital forensics tools, such as hashing speci?c ?les or sectors. ?
What format below is used for VMware images?
?In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters?
Which password recovery method uses every possible letter, number, and character found on a keyboard??
a. ?rainbow table
b. ?dictionary attack
c. ?hybrid attack
d. ?brute-force attack
The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.?
b. ?scope creep
c. ?criminal charges
Which of the following file systems can’t be analyzed by OSForensics?
?In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer.
?Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords:
a. ?Last Bit
b. ?AccessData PRTK
?Within Windows Vista and later, partition gaps are _____________ bytes in length.
Which option below is not a disk management tool??
a. Partition Magic?
b. ?Partition Master
Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.?
c. ?registry edits
d. ?slack space
A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.?
What letter should be typed into DiskEdit in order to mark a good sector as bad??
Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.?
a. ?key vault
b. ?key escrow
c. ?bump key
d. ?master key
What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords??
a. salted passwords
b. ?scrambled passwords
c. ?indexed passwords
d. master passwords
When performing a static acquisition, what should be done after the hardware on a suspect’s computer has been inventoried and documented??
a. ?Inventory and documentation information should be stored on a drive and then the drive should be reformatted.
b. ?Start the suspect’s computer and begin collecting evidence.
c. The hard drive should be removed, if practical, and the system’s date and time values should be recorded from the system’s CMOS.?
d. ?Connect the suspect’s computer to the local network so that up to date forensics utilities can be utilized.
?In order to aid a forensics investigation, a hardware or software ______________ can be utilized to capture keystrokes remotely.
c. ?packet capture
d. ?protocol analyzer
The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.?
a. ?DeepScan Filter
b. Unknown File Filter (UFF)
c. ?Known File Filter (KFF)
d. ?FTK Hash Imager
The term for detecting and analyzing steganography files is _________________.?
A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.?
The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.?
a. ?Open Hash Database
b. ?HashKeeper Online
c. ?National Hashed Software Referenced.
d. National Software Reference Library
Need essay sample on "Computer forensics – 2nd half – quiz 9"? We will write a custom essay sample specifically for you for only $ 13.90/page