logo image

Computer forensics – 2nd half – quiz 9

Because attorneys do not have the right of full discovery of digital evidence, it is not possible for new evidence to come to light while complying with a defense request for full discovery.?
t/f
false
One of the most critical aspects of digital forensics is validating digital evidence because ensuring the integrity of data you collect is essential for presenting evidence in court.?
t/f
true
The advantage of recording hash values is that you can determine whether data has changed.?
t/f
true
In private sector cases, like criminal and civil cases, the scope is always defined by a search warrant.?
t/f
false
Advanced hexadecimal editors offer many features not available in digital forensics tools, such as hashing speci?c ?les or sectors. ?
t/f
true
What format below is used for VMware images?
a. .vhd
b. .vmdk
c. .s01
d. .aff
b
?In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters?
a. ?NTFS
b. ?FAT
c. ?HFSX
d. ?Ext3fs
b
Which password recovery method uses every possible letter, number, and character found on a keyboard??
a. ?rainbow table
b. ?dictionary attack
c. ?hybrid attack
d. ?brute-force attack
d
The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.?
a. ?litigation
b. ?scope creep
c. ?criminal charges
d. ?violations
b
Which of the following file systems can’t be analyzed by OSForensics?
a. ?FAT12
b. Ext2fs
c. ?HFS+
d. ?XFS
d
?In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer.
a. ?format
b. ?fdisk
c. ?grub
d. ?diskpart
d
?Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords:
a. ?Last Bit
b. ?AccessData PRTK
c. ?OSForensics
d. ?Passware
c
?Within Windows Vista and later, partition gaps are _____________ bytes in length.
a. ?64
b. ?128
c. ?256
d. ?512
b
Which option below is not a disk management tool??
a. Partition Magic?
b. ?Partition Master
c. ?GRUB
d. ?HexEdit
d
Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.?
a. ?hashing
b. ?bit-shifting
c. ?registry edits
d. ?slack space
b
A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.?
a. ?compiler
b. shifter
c. ?macro
d. ?script
c
What letter should be typed into DiskEdit in order to mark a good sector as bad??
a. ?M
b. ?B
c. ?T
d. ?D
b
Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.?
a. ?key vault
b. ?key escrow
c. ?bump key
d. ?master key
b
What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords??
a. salted passwords
b. ?scrambled passwords
c. ?indexed passwords
d. master passwords
a
When performing a static acquisition, what should be done after the hardware on a suspect’s computer has been inventoried and documented??
a. ?Inventory and documentation information should be stored on a drive and then the drive should be reformatted.
b. ?Start the suspect’s computer and begin collecting evidence.
c. The hard drive should be removed, if practical, and the system’s date and time values should be recorded from the system’s CMOS.?
d. ?Connect the suspect’s computer to the local network so that up to date forensics utilities can be utilized.
c
?In order to aid a forensics investigation, a hardware or software ______________ can be utilized to capture keystrokes remotely.
a. ?keygrabber
b. ?keylogger
c. ?packet capture
d. ?protocol analyzer
b
The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.?
a. ?DeepScan Filter
b. Unknown File Filter (UFF)
c. ?Known File Filter (KFF)
d. ?FTK Hash Imager
c
The term for detecting and analyzing steganography files is _________________.?
a. ?carving
b. ?steganology
c. ?steganalysis
d. ?steganomics
c
A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.?
a. ?fdisk
b. ?format
c. ?dd
d. ?DiskEdit
c
The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.?
a. ?Open Hash Database
b. ?HashKeeper Online
c. ?National Hashed Software Referenced.
d. National Software Reference Library
d

Need essay sample on "Computer forensics – 2nd half – quiz 9"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
×
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
|
Complete Buyer Protection
|
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy

We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy