A computer stores system configuration and date and time information in the BIOS when power to the system is off
When data is deleted on a hard drive, only references to it are removed, which leaves the original data on unallocated disk space
Someone who wants to hide data can create hidden partitions or void-large unused gaps between partitions on a disk drive. Data that is hidden in partition gaps cannot be retrieved by forensics utilities
FAT32 is used on older Microsoft OSs, such as ms-dos 3.0 through 6.22, windows 95 (first release), and windows NT 3.3 and 4.0
Each MFT record starts with a header identifying it as a resident or nonresident attribute
A typical disk drive stores how many bytes in a single sector?
Most manufacturers use what technique in order to deal with the fact that a platter’s inner tracks have a smaller circumference than the outer tracks?
a. disk track recording (DTR)
b. zone based areal density (ZBAD)
c. zone bit recording (ZBR)
d. cylindrical head calculation (CHC)
What hexadecimal code below identifies an NTFS file system in the partition table?
When using the file allocation table (FAT), where is the FAT database typically written to?
a. the innermost track
b. the outermost track
c. the first sector
d. the first partition
Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital extended capacity (SDCX), and memory sticks:
What term is used to describe a disk’s logical structure of platters, tracks, and sectors?
a master boot record (MBR) partition table marks the first partition starting at what offset?
The ??? command insets a HEX E5 (0xE5) in a filename’s first letter position in the associated directory entry
What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?
What command below can be used to decrypt EFS files?
Which of the following commands creates an alternate data stream?
a. echo text > myfile. txt:syream_name
b. ads create myfile.txt(stream_name) “text”
c. cat text myfile.txt=stream_name
d. echo text
What term below describes a column of tracks on two or more disk platters?
Which of the following is not a valid configuration of Unicode?
What does the MTF header field at offset 0x00 contain?
a. the MFT record identifier FILE
b. the size of the MFT record
c. the length of the header
d. the update sequence array
The ReFs storage engine uses a ??? sort method for fast access to large data sets.
What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive?
a. PP full disk encryption
b. voltage SecureFile
the ??? branches in HKEY_LOCAL_MACHINE/software consist of SAM, security, components, and system
What registry file contains user account management and security settings?
What registry file contains installed programs’ settings and associated usernames and passwords?
Addresses that allow the MFT to link to nonresident files are known as ???
a. virtual cluster numbers
b. logical cluster numbers
c. sequential cluster numbers
d. polarity cluster numbers
Need essay sample on "Computer forensics – quiz 5"? We will write a custom essay sample specifically for you for only $ 13.90/page