Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Digital Forensics (2022) > Module 3 Quiz > Flashcards

Module 3 Quiz Flashcards

1
Q

Which forensics tools can connect to a suspect’s remote computer and run surreptitiously?

ddfldd and ProDiscover Incident Response

EnCase Enterprise and ProDiscover Incident Response

dd and ddfldd

dd and EnCase Enterprise

A

EnCase Enterprise and ProDiscover Incident Response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does a sparse acquisition collect for an investigation?

Only specific files of interest to the case

Fragments of unallocated data in addition to the logical allocated data

Only the logical allocated data

Only fragments of unallocated data

A

Fragments of unallocated data in addition to the logical allocated data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is it a good practice to make two images of a suspect drive in a critical investigation?

To speed up the process

To have one compressed and one uncompressed copy

To ensure at least one good copy of the forensically collected data in case of any failures

None of the above

A

To ensure at least one good copy of the forensically collected data in case of any failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Slower data transfer speeds and dealing with minor data errors are two disadvantages of the raw format

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Linux, the fdisk -l command lists the suspect drive as /dev/hda1. So, the following dcfldd is command correct. dcfldd if=image_file.img of=/dev/hda1

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s the maximum file size when writing data to a FAT32 drive?

2 GB

3 GB

4 GB

6 GB

A

2 GB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are two concerns when acquiring data from a RAID server?

Data transfer speeds and type of RAID

Type of RAID and antivirus software

Amount of data storage needed and type of RAID

Split RAID and Redundant RAID

A

Amount of data storage needed and type of RAID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

With remote acquisitions, what problems should you be aware of?

Data transfer speeds

Access permissions over the network

Antivirus, antispyware, and firewall programs

The password of the remote computer’s user

A

Antivirus, antispyware, and firewall programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s the most critical aspect of digital evidence?

Compression

Redundancy

Contingency

Validation

A

Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A logical acquisition collects only specific files of interest to the case.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

FTK Imager requires that you use a device such as a USB dongle for licensing.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

With newer Linux kernel distributions, USB devices are automatically mounted, which can alter data on it.

True

False

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Name two commercial tools that can make a forensic sector-by-sector copy of a drive to a larger drive.

dd and Expert Witness

dd and EnCase

X-Ways Forensics and dd

EnCase and X-Ways Forensics

A

EnCase and X-Ways Forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FTK Imager can acquire data in a drive’s host protected area.

True

False

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Of all the proprietary formats, which one is the unofficial standard?

Expert Witness

AFF

Uncompress dd

Segmented dd

A

Expert Witness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When determining which data acquisition method to use you should not consider how long the acquisition will take.

True

False

A

False

17
Q

A hashing algorithm is a program designed to create a binary or hexadecimal number that represents the uniqueness of a data set, file, or entire disk.

True

False

A

True

18
Q

Name the three formats for digital forensics data acquisitions.

Raw, AICIS, and AFF

EnCase format, Raw, and dd

Raw format, proprietary formats, and AFF

dd, Raw, and AFF

A

Raw format, proprietary formats, and AFF

19
Q

Commonly, proprietary format acquisition files can compress the acquisition data and segment acquisition output files into smaller volumes.

True

False

A

True

20
Q

The main goal of a static acquisition is the preservation of digital evidence.

True

False

A

True

21
Q

In the Linux dcfldd command, which three options are used for validating data?

hash, hashlog, and vf

h, hl, and vf

hash, log, and hashlog

vf, of, and vv

A

hash, hashlog, and vf

Digital Forensics (2022) (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions