IS4670 Chapter 5 System Forensics Technologies

Question 1

1. The ________ is the department of the U.S. federal government that coordinates and super- vises agencies and functions of the government related to national security and the U.S. armed forces.

Answer 1

Department of Defense (DoD)

Question 2

2. What is the name of the organization that is involved with DoD investigations that require computer forensics support to detect, enhance, or recover digital media?
A. U.S. Army 
B. U.S. law enforcement 
C. DoD Digital Media Center (DDMC) 
D. DoD Cyber Crime Center (DC3)

Answer 2

DoD Cyber Crime Center (DC3)

Question 3

3. Law enforcement agencies do not have to be as careful as corporations about preserving evidence.
   A. True
   B. False

Answer 3

FALSE

Question 4

4. It is almost impossible to use forensic technologies to find evidence on flash memory media.
   A. True
   B. False

Answer 4

FALSE

Question 5

5. Which of the following is the process of encoding information using fewer bits than the unencoded information would use?
A. Compression 
B. Encryption 
C. Decryption 
D. Jailbreaking

Answer 5

Compression

Question 6

6. A ________ is a tool used to identify unknown strings of text by searching for values between “completely true” and “completely false.”

Answer 6

Fuzzy logic tool

Question 7

7. Which of the following is the name for the process of making data unreadable to anyone except those who have the correct key?
A. Compression 
B. Encryption 
C. Decryption 
D. Jailbreaking

Answer 7

Encryption

Question 8

8. Port numbers are divided into three ranges. Which of the following is not one of the ranges?
A. Well-known ports 
B. Open ports 
C. Registered ports 
D. Dynamic ports

Answer 8

Open ports

Question 9

9. Which of the following is a good forensic analysis tool for those who are just starting to learn about forensics or do not have the time to invest in many different expensive tools?
A. EnCase 
B. FTK 
C. AnaDisk 
D. TextSearch Plus 
E. Filter_G

Answer 9

FTK

Question 10

10. ________ is a commercial software package that has the ability to make bit-level images and then mount them for analysis.

Answer 10

EnCase

Question 11

11. Which of the following commonly used system forensics tools is utilized primarily to scan for anomalies that identify odd formats, extra tracks, and extra sectors?
A. EnCase 
B. FTK 
C. AnaDisk 
D. CopyQM Plus 
E. Filter_G

Answer 11

AnaDisk

Question 12

12. Which of the following commonly used system forensics tools can quickly search hard disk drives, zip disks, and CDs for keywords or specific patterns of text?
A. AnaDisk 
B. CopyQM Plus 
C. TextSearch Plus 
D. Filter_G

Answer 12

TextSearch Plus

Question 13

13. Which of the following commonly used system forensics tools is a fuzzy logic tool employed for data sampling?
A. AnaDisk 
B. CopyQM Plus 
C. TextSearch Plus 
D. Filter_G

Answer 13

Filter_G

Question 14

14. Which of the following forensic tools is a stand- alone device capable of acquiring data from mobile devices?
A. UFED 
B. Device Seizure 
C. The Zdziarski technique 
D. EnCase

Answer 14

UFED

Question 15

15. Unlike jailbreaking, which of the following does not install any additional software or modify the user data partition in any way?
A. UFED 
B. Device Seizure 
C. The Zdziarski technique 
D. EnCase

Answer 15

The Zdziarski technique