logo image

Computer forensics – quiz 5

A computer stores system configuration and date and time information in the BIOS when power to the system is off
When data is deleted on a hard drive, only references to it are removed, which leaves the original data on unallocated disk space
Someone who wants to hide data can create hidden partitions or void-large unused gaps between partitions on a disk drive. Data that is hidden in partition gaps cannot be retrieved by forensics utilities
FAT32 is used on older Microsoft OSs, such as ms-dos 3.0 through 6.22, windows 95 (first release), and windows NT 3.3 and 4.0
Each MFT record starts with a header identifying it as a resident or nonresident attribute
A typical disk drive stores how many bytes in a single sector?
a. 8
b. 512
c. 1024
d. 4096
Most manufacturers use what technique in order to deal with the fact that a platter’s inner tracks have a smaller circumference than the outer tracks?
a. disk track recording (DTR)
b. zone based areal density (ZBAD)
c. zone bit recording (ZBR)
d. cylindrical head calculation (CHC)
What hexadecimal code below identifies an NTFS file system in the partition table?
a. 05
b. 07
c. 1B
d. A5
When using the file allocation table (FAT), where is the FAT database typically written to?
a. the innermost track
b. the outermost track
c. the first sector
d. the first partition
Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital extended capacity (SDCX), and memory sticks:
a. FAT12
b. FAT32
c. exFAT
What term is used to describe a disk’s logical structure of platters, tracks, and sectors?
a. cylinder
b. trigonometry
c. geometry
d. mapping
a master boot record (MBR) partition table marks the first partition starting at what offset?
a. 0x1CE
b. 0x1BE
c. 0x1AE
d. 0x1DE
The ??? command insets a HEX E5 (0xE5) in a filename’s first letter position in the associated directory entry
a. delete
b. edit
c. update
d. clear
What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?
a. $MgyMirr
b. $TransAct
c. $LogFile
d. $Backup
What command below can be used to decrypt EFS files?
a. cipher
b. copy
c. efsrecvr
d. decrypt
Which of the following commands creates an alternate data stream?
a. echo text > myfile. txt:syream_name
b. ads create myfile.txt(stream_name) “text”
c. cat text myfile.txt=stream_name
d. echo text
What term below describes a column of tracks on two or more disk platters?
a. sector
b. cluster
c. cylinder
d. header
Which of the following is not a valid configuration of Unicode?
a. UTF-8
b. UTF-16
c. UTF-32
d. UTF-64
What does the MTF header field at offset 0x00 contain?
a. the MFT record identifier FILE
b. the size of the MFT record
c. the length of the header
d. the update sequence array
The ReFs storage engine uses a ??? sort method for fast access to large data sets.
a. A+-tree
b. B+-tree
c. reverse
d. numerical
What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive?
a. PP full disk encryption
b. voltage SecureFile
c. BestCrypt
d. TrueCrypt
the ??? branches in HKEY_LOCAL_MACHINE/software consist of SAM, security, components, and system
a. registry
b. storage
c. hive
d. tree
What registry file contains user account management and security settings?
a. default.dat
b. software.dat
c. SAM.dat
d Ntuser.dat
What registry file contains installed programs’ settings and associated usernames and passwords?
a. default.dat
b. software.dat
c. sam.dat
d. ntuser.dat
Addresses that allow the MFT to link to nonresident files are known as ???
a. virtual cluster numbers
b. logical cluster numbers
c. sequential cluster numbers
d. polarity cluster numbers

Need essay sample on "Computer forensics – quiz 5"? We will write a custom essay sample specifically for you for only $ 13.90/page

Can’t wait to take that assignment burden offyour shoulders?

Let us know what it is and we will show you how it can be done!
Sorry, but copying text is forbidden on this website. If you need this or any other sample, please register

Already on Businessays? Login here

No, thanks. I prefer suffering on my own
Sorry, but copying text is forbidden on this website. If you need this or any other sample register now and get a free access to all papers, carefully proofread and edited by our experts.
Sign in / Sign up
No, thanks. I prefer suffering on my own
Not quite the topic you need?
We would be happy to write it
Join and witness the magic
Service Open At All Times
Complete Buyer Protection
Plagiarism-Free Writing

Emily from Businessays

Hi there, would you like to get such a paper? How about receiving a customized one? Check it out https://goo.gl/chNgQy