Tools Flashcards

Question 1

Q

Autopsy

Answer

A

A digital forensics platform and graphical interface to The Sleuth Kit (TSK) and other digital forensics tools. Law enforcement, military, and corporate examiners use it to investigate activities on a computer. It can even be used to recover photos from a camera’s memory card.

Question 2

Q

The Sleuth Kit (TSK)

Answer

A

A library and collection of command-line tools that assist in the investigation of disk images. The core functionality allows the user to analyze volume and file-system data.

The plug-in framework allows the user to incorporate additional modules to analyze file contents and build automated systems.

Question 3

Q

The Sleuth Kit (TSK): fsstat

Answer

A

Displays the details associated with a file system. The output is specific to the file system. At a minimum, the command displays the range of metadata values (inode numbers) and content units (blocks or clusters). Also displayed are details from the superblock, such as mount times and features. For file systems using groups (FFS and ext2), the tool lists the layout of each group. For a FAT file system, the file allocation table is in a condensed format.

Question 4

Q

The Sleuth Kit (TSK): istat

Answer

A

Displays the uid, gid, mode, size, link number, modified, accessed, changed times, and all the disk units a structure has allocated.

Question 5

Q

The Sleuth Kit (TSK): fls

Answer

A

Lists the files and directory names in the image and can display the filenames of recently deleted files for a directory by using the given inode. If the inode argument is not given, the inode value for the root directory is used.

Question 6

Q

The Sleuth Kit (TSK): img_stat

Answer

A

Displays the details associated with an image file. The output is specific to the image format. At a minimum, the size will be given, and the byte range of each file will be given for split image formats.

Question 7

Q

RAID 0: Disk Striping

Answer

A

Simplest RAID level and does not involve any redundancy. First, it fragments files into an array having a user-defined stripe size. Subsequently, it sends these stripes to every disk in the array. Provides no redundancy. Best overall performance.

Question 8

Q

RAID 1: Disk Mirroring

Answer

A

Generally executes mirroring as it duplicates, or copies drive data on two different drives using a hardware RAID controller or software. If one of the drives fails, the other functions as a single drive until the user replaces the failed drive with a new one.

Question 9

Q

RAID 2

Answer

A

The only level among all the RAID levels that does not implement even one of the standard techniques, namely, parity, mirroring, and striping. It uses a technique similar to striping with parity. It splits data at the bit level and distributes the data to numerous data disks and redundancy disks.

Question 10

Q

RAID 3

Answer

A

Uses byte-level stripping with a dedicated parity disk, which stores checksums. It also supports a special processor for the calculation of parity codes. This RAID level cannot accommodate multiple data requests simultaneously. If a failure occurs, it enables data recovery by an applicable calculation of the parity bytes and the remaining bytes that relate with them.

Question 11

Q

RAID 5

Answer

A

Uses byte-level data striping across multiple drives and distributes the parity information among all member drives. The data writing process is slow. Further, it requires a minimum of three drives to set up. It stripes and distributes the error detection and correction code or data and parity code across three or more drives.

Question 12

Q

RAID 10

Answer

A

Also known as RAID 1+0, it is a combination of RAID 0 (striping of volume data) and RAID 1 (disk mirroring) to protect data. It request at least four drives to implement. It has the same fault tolerance as RAID level 1 and the same overheads as mirroring alone. It allows the mirroring of disks in pairs for redundancy and improved performance, following which it stripes data across multiple disks for maximum performance. The user retrieves data from the RAID if one disk in each mirrored pair is operational; however, if two disks in the same mirrored pair fail, the data becomes unavailable.

Question 13

Q

RAID 6

Answer

A

An upgraded version of RAID 5 in which the dual parity is distributed on each RAID 5 disk to offer high fault and drive-failure tolerance. It can withstand double-disk failure. However, it has two sets of parity data of each write operation, which results in a decrease in write performance and server performance overhead. It requires a minimum of 4 drives and a maximum of 16 drives to be implemented.

Question 14

Q

RAID 1E (Striped Mirroring)

Answer

A

A combination of RAID 1 (data mirroring) and RAID 0 (data striping). Data written in a stripe on one disk are mirrored to a stripe on the next drive in the array. It requires a minimum of 3 drives to be implemented. The main advantage over RAID 1 is that its arrays can be implemented using an odd number of disks and support single-disk failure, instead of multiple-disk failure.

Question 15

Q

RAID 5E

Answer

A

Similar to RAID 5 but includes an extended spare drive, which can be used for input/output operations and provides better performance than RAID 5. The extended spare drive created within it can be used with the same array. It requires a minimum of 4 drives and a maximum of 16 drives in a single array to be implemented.

Question 16

Q

RAID 5EE

Answer

A

Similar to RAID level 5E and includes an additional hot spare drive in the RAID 5 array that can be used for input/output operations. It requires a minimum of 4 drives and a maximum of 16 drives in an array. The spare area is distributed at the end of the disk components in RAID 5E, whereas it is distributed next to parity stripes in this. The additional hot spare drive is empty by default and can be used for copying data from a failed drive.

Question 17

Q

RAID 50 (striping with parity)

Answer

A

A combination of RAID 5 (striping with parity) and RAID 0 (disk striping). Its configuration requires a minimum of 6 drives. It provides a high degree of fault tolerance since one drive in each sub-array may fail without the loss of data.

Question 18

Q

RAID 60

Answer

A

A combination of RAID 6 (distributed parity) and RAID 0 (disk striping). It supports two independent parity blocks per stripe. Its configuration requires a minimum of 6 drives. It provides a high degree of fault tolerance because each of the RAID 60 sets can survive double disk failure without losing any data. It is one of the most complicated RAID implementations, and after a disk failure, it takes a longer time to retrieve parity information than a mirrored solution.

Question 19

Q

Order of Volatility

Answer

A

Registers, processor cache
Routing table, process table, kernel statistics, and memory
Temporary file systems
Disk or other storage media
Remote logging and monitoring data related to the target system
Physical configuration and network topology
Archival media

Question 20

Q

Rules of Thumb for Data Acquisition

Answer

A

Do not work on original digital evidence
Use clean media to store the copies
Produce two or more copies of the original media
Upon creating copies of original media, verify the integrity of copies with the original

Question 21

Q

Data Acquisition Methodology

Answer

A

Determining the data acquisition method
Determining the data acquisition tool
Sanitizing the target media
Acquiring volatile data
Enabling write protection on the evidence media
Acquiring non-volatile data
Planning for contingency
Validating data acquisition

Question 22

Q

R-Studio

Answer

A

The data recovery solution for recovery of files from NTFS, NTFS5, ReFS, FAT12/16/32, exFAT, HFS/HFS+, and APFS (Macintosh), Little and Big Endian variants of UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD/Solaris), and Ext2/Ext3/Ext4 FS (Linux) partitions. It also uses raw file recovery (scan for known file types) for heavily damaged or unknown file systems. It function on local and network disks, even if such partitions are formatted, damaged, or deleted.

Question 23

Q

Recover My Files

Answer

A

A data recovery software that recovers deleted files/data from Windows Recycle Bin and files lost due to formatting or corruption of a hard drive, virus or Trojan injection, and unexpected system shutdown or software failure.

Question 24

Q

EaseUS Data Recovery Wizard

Answer

A

Software is used to perform format recovery and unformat and recover deleted files emptied from Recycle Bin or data lost due to partition loss or damage, software crash, virus infection, unexpected shutdown, or any other unknown reasons under Windows 10, 8, 7, 2000/XP/Vista/2003/2008 R2 SP1/Windows 7 SP1. This software supports hardware RAID and hard drive, USB drive, SD card, memory card, etc.

Question 25

Q

DiskDigger

Answer

A

A program that undeletes and recovers lost files from hard drives, memory cards, and USB flash drives. This tool can be used to recover documents or photos accidentally deleted from the computer or from a reformatted camera memory card or can be used to check the files that are on an old USB drive.

Question 26

Q

Handy Recovery

Answer

A

Data recovery software designed to restore files accidentally deleted from hard disks and memory cards. The program can recover files damaged by virus attacks, power failures, and software faults, or files from deleted and formatted partitions. If a program does not use the Recycle Bin when deleting files, it can restore such files. It can also recover files moved from the Recycle Bin after it has been emptied. It can also restore the full branch of a folder tree containing selected files and folders. It can also recover alternate data streams, which are used on the NTFS file system to store additional information about files.

Question 27

Q

Quick Recovery

Answer

A

Recovers files that have been lost, deleted, corrupted, or even deteriorated. The application searches, scans, and recovers files that are encrypted and password protected and restores them.

Question 28

Q

Stellar Phoenix Windows Data Recovery

Answer

A

Recovers lost, deleted, or inaccessible data from Windows OS HDDs and other storage media. It helps to recover data lost due to hard drive corruption, formatting, and virus attack.

Question 29

Q

Total Recall

Answer

A

Recovers lost data from hard drives, RAID, photos, deleted files, iPods, and even removable disks connected via FireWire or USB.

Question 30

Q

Advanced Disk Recovery

Answer

A

Scans the entire system for deleted files and folders and recovers them. It scans the hard drives, partitions, external devices, and even CDs and DVDs for recoverable files. It provides two types of scans: the Quick Scan that uses MFT and the Deep Scan that uses file signatures. Once the scan is complete, one can either preview the files/folders or recover them to a preferred location.

Question 31

Q

Windows Data Recovery Software

Answer

A

Can recover accidentally deleted files, including files emptied from the Recycle Bin and from Windows Explorer with Shift + Delete. This tool also allows one to recover data from a reformatted partition (to any file system), and from a corrupted, deleted, or missing partition.

Question 32

Q

Orion File Recovery Software

Answer

A

Searches for deleted files on the hard drive, or any external or portable drive connected to the computer. Files that are not overwritten can either be recovered or permanently deleted to prevent future recovery.

Question 33

Q

Data Rescue PC

Answer

A

Recovers files from a crashed or virus-corrupted hard drive. It recovers an external drive or secondary drive. It scans the drive for the files and copies them to the second drive.

Question 34

Q

Recover4all Professional

Answer

A

Recovers (undeletes) files that were accidentally deleted under Windows. It recovers the files that were accidently deleted from the Recycle Bin, or if the drive was formatted, or if the file system was damaged. It does not require installation and can run directly from a USB disk, flash drive, etc.

Question 35

Q

Recuva

Answer

A

Recovers deleted files from one’s Windows computer, recycle bin, digital camera card, or MP3 player.

Question 36

Q

Active@ File Recovery

Answer

A

Contains a CD/DVD ISO image that allows one to burn a bootable CD or DVD with a lightweight version of Windows 7 running in RAM (WinPE 3.0). It can recover data in case the system is not bootable and cannot attach the damaged hard disk drive to another machine.

Question 37

Q

Pandora Recovery

Answer

A

Allows one to find and recover recoverable deleted files from NTFS and FAT-formatted volumes, regardless of their type; it can recover pictures, songs, movies, or documents. It will scan the hard drive and build an index of existing and deleted files and directories (folders) on any logical drive of the computer with supported file format. Once the scanning is complete, the user gets full control over the files to be recovered and the destination to be used for recovery.

Question 38

Q

Ontrack EasyRecovery

Answer

A

File recovery software unites legacy backup catalogs from various systems and mediums into a single inventory. It provides support to multiple workstations and allows users to create catalog on their own. Once the catalogs are received, they are ingested into it, and users can access them through a secured online application. It has recovery tools such as email recovery; hex viewer; self-monitoring, analysis, and reporting technology (SMART); bad block/block usage diagnostics; imaging tools; copy disk; and refresh disk. It offers hard drive monitoring with SMART scan to protect the hard drives and erase functions to free-up storage.

Question 39

Q

Seagate File Recovery Software

Answer

A

Recovers the files and rescue service plans for storage devices. The tool recovers files from desktops, laptops, and external hard drives as well as tablets, and on-chip memory in smartphones.

Question 40

Q

Wise Data Recovery

Answer

A

Data recovery software used to retrieve the lost or formatted data, or data that is lost due to system crash. It can recover lost files from hard drive, external hard drive, USB drive, memory card, digital camera, mobile phone, MP3 player, and other storage media.

Question 41

Q

Glary Undelete

Answer

A

Software that works on FAT and NTFS file systems. This tool recovers the files emptied from the Recycle Bin, in a DOS window, from Windows Explorer with the SHIFT key held down. It recovers files that have been deleted by bugs, crashes, and viruses. It can recover files that the user has compressed or fragmented or even encrypted on NTFS file system.

Question 42

Q

Disk Drill

Answer

A

A data recovery software for Windows PC. It can recover data from internal and external hard drives, USB flash drives, iPods, memory cards. It can recover files from partition loss, hard drive reformatting, failed bootups, accidental deletion, Recycle Bin cleanup, and memory card corruption.

Question 43

Q

PhotoRec

Answer

A

File data recovery software recovers lost files; video, documents, and archives from hard disks; CD-ROMs; and lost pictures from digital camera memory. It can recover media’s file system if it has been severely damaged or reformatted. This tool recovers lost partitions on different file systems and makes non-bootable disks function.

Question 44

Q

DDR Professional Recovery Software

Answer

A

Recovers deleted files in all major data loss situations, whether lost from fixed hard drive partitions or from any USB storage media drive. The advanced data retrieval tool recovers files deleted from memory cards, digital cameras, USB drives, external HDDs, and music players, and it even recovers deleted hard drive partition files in a few mouse clicks.

Question 45

Q

File Scavenger

Answer

A

A file “undelete” and data recovery utility for Windows 10, 8, 7, Vista, Server 2003, 2000, NT, and ME/98/95. It recovers files that have been accidentally deleted (including files removed from the Recycle Bin, in a DOS window, from a network drive, and from Windows Explorer with the SHIFT key held down) provided that recovery is attempted before the files are permanently overwritten by new data. It supports basic and dynamic disks, NTFS compression, alternate data streams, sparse files, Unicode filenames, etc. Except in severe cases, both the file and the folder path leading to the file can be recovered.

Question 46

Q

GetDataBack

Answer

A

Recovers data if the hard drive’s partition table, boot record, FAT/MFT, or root directory are lost or damaged; data was lost due to a virus attack; the drive was formatted; fdisk has been run; a power failure has caused a system crash; files were lost due to a software failure; or files were accidentally deleted. It can even recover your data when the drive is no longer recognized by Windows. This tool can likewise be used even if all directory information - not just the root directory - is missing.

Question 47

Q

UndeletePlus

Answer

A

Scans a computer or storage medium for deleted files and restores them on command. It works with computers, flash drives, cameras, and other forms of data storage. It scans the device, selects the files needed to recover, and restores the information or picture with the click of a button.

Question 48

Q

VirtualLab

Answer

A

A data recovery software that works with all Windows OSs from Windows 98 to Windows 10, 8, 7, FAT 12/16/32, and NTFS file systems. It can restore the deleted files from lost/damaged partitions, formatted disks, deleted emails, hard drives and RAID systems, and photos and flash memory cards.

Question 49

Q

Active@ UNDELETE

Answer

A

A data recovery software that helps to recover deleted files and restore deleted partitions. It restores the deleted volumes/partitions in-place, fixing volume boots sectors and ability to rollback partition changes. It supports Windows 10/8/7/Vista/XP, 2003/2008 Server OSs.

Question 50

Q

WinUndelete

Answer

A

Software can be used to recover deleted files from a hard drive, flash drive, USB external drive, digital camera card, and more. It recovers deleted files after emptying the Recycle Bin or by using other deletion actions that bypass the Recycle Bin.

Question 51

Q

R-Undelete

Answer

A

Recovers files from FAT and NTFS file systems. It recovers files on any local disk recognized by the software. An additional file recovery algorithm increases the file recovery quality. It can be run from disk and folder context menus. Graphics files, videos, and audio files can be previewed with it.

Question 52

Q

DDrescue

Answer

A

A data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors. The basic operation is fully automatic. If you use the mapfile feature of it, the data is rescued very efficiently, (only the blocks needed are read). It may be interrupted and resumed.

Question 53

Q

R-Studio for Linux

Answer

A

A data recovery software. It recovers data from logical disks and partitions as well as disks and partitions that have been re-formatted, damaged or deleted. In addition to disks with common Linux file systems, it recovers files from Windows, FreeBSD/OpenBSD/NetBSD/Solaris, and Macintosh formatted disks. Moreover, raw file recovery (scan for known file types) can be used for heavily damaged or unknown file systems. Recovered files can be saved to disks with any file system supported by the Linux kernel (i.e., ext2, ext3, FAT, NTFS).

Question 54

Q

Data Recovery for Linux

Answer

A

Recovers lost, formatted or deleted data from Linux based volumes. The software that helps you recover lost or inaccessible data from any Ext4, Ext3, Ext2, exFAT, FAT32, FAT16, and FAT12 file system-based LINUX volumes.

Question 55

Q

Kernel for Linux Data Recovery

Answer

A

Recovers lost files and folders on Linux system
Scans and Recovers Linux OS data files
Performs data recovery from corruption and damages
Facility to recover Ext2 and Ext3 file systems in Linux OS

Question 56

Q

Scalpel

Answer

A

A file carving tool that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files. It is file system independent and will carve files from FATx, NTFS, ext2/3, or raw partitions. It is useful for both digital forensics investigations and file recovery.

Question 57

Q

Mondo Rescue

Answer

A

A GPL disaster recovery solution. It supports Linux (i386, x86_64, ia64) and FreeBSD (i386). It’s packaged for multiple distributions (Fedora, RHEL, openSuSE, SLES, Mandriva, Mageia, Devian, Ubuntu, Gentoo). It supports tapes, disks, network and CD/DVD as backup media, multiple filesystems, LVM, software and hardware RAID, BIOS and UEFI.

Question 58

Q

Foremost

Answer

A

A console program to recover files based on their headers, footers, and internal data structures. This process is commonly referred to as data carving. It can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers can be specified by a configuration file or you can use command line switches to specify built-in file types.

Question 59

Q

TestDisk

Answer

A

A powerful free data recovery software. It was primarily designed to help recover lost partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software: certain types of viruses or human error (such as accidentally deleting a Partition Table). Partition table recovery is really easy utilizing this tool.

Question 60

Q

PhotoRec for Linux

Answer

A

File data recovery software that recovers lost files; video, documents, and archives from hard disks; CD-ROMs; and lost pictures from digital camera memory. It can recover media’s file system if it has been severely damaged or reformatted. This tool recovers lost partitions on different file systems and makes non-bootable disks function.

Question 61

Q

AppleXsoft File Recovery for Mac

Answer

A

A file recovery tool for Mac. The tool scans and recovers files from the hard disk and external storage devices. It supports RAID recovery. The tool includes few advanced tools such as RAID Reconstructor, Mail Recovery, Hex Viewer, SMART, Bad Block Diagnostics, Imaging tools, and Disk Copy

Question 62

Q

Disk Doctors Mac Data Recovery

Answer

A

A tool that recovers data from corrupt, deleted, and inaccessible partitions formatted by Mac. The tool recovers files from drives damaged by any virus attack, power failure, system crash, or files lost due to human error.

Question 63

Q

R-Studio for Mac

Answer

A

A Mac data recovery software from R-TT. It is designed for the Mac OS environment. It recovers files from HFS/HFS+ (Macintosh), FAT/NTFS/ReFS (Windows), UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD/Solaris), and Ext2/Ext3/Ext4 FS (Linux) partitions. In addition, raw file can be used for heavily damaged or unknown file systems. The tool can recover data on disks, even if their partitions are formatted, damaged, or deleted.

Question 64

Q

Data Rescue 4

Answer

A

Mac software that recovers files from a crashed or virus-corrupted hard drive. It recovers photos, videos, and documents from crashed, corrupted, or non-mounting hard drives; accidentally reformatted hard drives or reinstalled OS; and previous deletion, damaged, or missing files. It can recover all file types from any HFS/HFS+ formatted drive.

Answer 65

A

It recovers documents, photos, music, or videos lost due to deletion from any HFS, HFS+, FAT, ExFAT, and NTFS format-based file system. It can perform Mac file recovery on iMac, MacBook Pro, Air, Mac Mini, and Mac Pro. It recovers all deleted files with their original file names. This tool can support RAW recovery on lost volumes.

Answer 66

A

Recovers deleted, inaccessible, and lost files from Mac’s hard drive. It can recover files lost due to deletion, formatting of the drive, partition errors, corrupted file system, hard disks, solid state drives (SSDs), memory cards, USB sticks, CD/DVD discs, and various other storage devices.

Answer 67

A

Recovers data lost due to partition errors on external hard drives, file, and documents in the internal hard drive. It recovers and runs through all of its scanning functions and display a list of files that can be potentially recovered. This tool allows previewing the files and lets you choose the ones that can be successfully recovered.

Answer 68

A

Available for Mac Devices, it recovers deleted files. It can recover files from a disk that has been formatted or with a corrupted file system, or files with no file system at all. The tool can make it filesystem independent. The tool can work on hard disks, USB flash sticks, USB hard disks, and SSDs, SD cards, digital cameras, and android phones and tablets that are plugged into Mac.

Answer 69

A

Software that recovers photos, videos, documents, etc. on Mac hard drives and external devices. It can restore files from Mac hard drives, external hard drives, Mac notebooks, desktops, Mac server, USB drives, camcorders, memory cards, SD cards, digital cameras, mobile phones, laptops, and MP3 and MP4 players. The tool restores the lost partition and gets back the data from HFS+, FAT16, FAT32, exFAT, ext2-ext4, and NTFS file systems.

Answer 70

A

Partition recovery software that recovers data from lost, deleted, or damaged partitions by accident. This software aids to recover the data when hard drive has been crashed, MBR corrupted, disk repartitioned (fdisk), partition overwritten, etc.

Answer 71

A

A partition recovery tool used to recover lost or deleted data. This tool explores partition data before performing partitioning operations. It recovers volumes that were accidentally deleted or damaged due to a hardware failure.

Answer 72

A

A partition recovery tool that recovers the volumes and corrupted partitions and formatted and repartitioned hard drives to find lost data. It supports badly damaged, formatted, and repartitioned media, and rebuilds the original data structure.

Answer 73

A

Partition recovery software that recovers deleted and lost partitions. It works by locating and mounting partitions into the system, thereby making the lost partitions available to any generic disk volume. It will also work when any boot record (including the MBR) is missing, damaged, or overwritten.

Answer 74

A

Data recovery software that enables a user to recover deleted, corrupted, lost, or missing data from Windows NTFS partitions. It restores the lost partitions, files and folders.

Answer 75

A

It can recover deleted files and folders; restore lost data even if the partition is formatted or deleted; and restore data from a corrupted hard drive, virus infection, and unexpected system shutdown or software failure. It supports IDE, SATA, SCSI, USB hard disk, memory card, USB flash drive, and iPod. It includes four data recovery modules, namely, Undelete Recovery, Damaged Partition Recovery, Lost Partition Recovery, and Digital Media Recovery. Each data recovery module focuses on a different data loss case.

Answer 76

A

Linux partition recovery software that recovers data from damaged, deleted, or corrupted ext2 and ext3 volumes and even from initialized disks. An exhaustive scan of the drive is performed to locate lost volumes. All found data in the lost partition is then presented in a tree structure so that the file can be copied to a working volume. It is a quick, simple, and easy-to-use data recovery solution that helps in file recovery.

Answer 77

A

Recovers lost, deleted, formatted, or inaccessible data from ext4, ext3, ext2, FAT32, FAT16, and FAT12 file system-based volumes, irrespective of the instance of data loss.

Answer 78

A

A set of tools for analyzing problems with NTFS partitions and files, and Data Recovery in Manual and Automated modes.
Partition Recovery: Scans disks and detects deleted or severely damaged volumes by recovering deleted or damaged NTFS partitions and files.

Answer 79

A

A data recovery software that recovers lost partitions and makes non-booting disks bootable when it is caused by faulty software, certain types of viruses, or human error (such as accidentally deleting a partition table).

Answer 80

A

Data recovery software that performs hard drive recovery; RAID and server recovery; database recovery; email recovery; photo, music, and video recovery; etc. It can recover data from any storage media for data loss caused by hard drive crash, physical or mechanical failure of the hard drive and other storage media, and data loss due to natural calamity, etc.

Answer 81

A

Partition recovery tool used for partition recovery and cloning. The tool recovers deleted or lost partitions from unallocated space due to any personal, hardware or software failure, or virus attack. It can recover deleted or lost partitions after repartitioning the hard drive.

Answer 82

A

It restores data from damaged FAT and NTFS disks, thereby recovering the original file and folder structure. The tool discovers all previously created volumes letting users to search and recover files from the deleted volumes.

Answer 83

A

Partition recovery software for Windows and server users. The tool scans to recover the formatted, damaged, and corrupted RAW files and partitions from external and internal hard disks to recover the partitions.

Answer 84

A

A binary application that makes Mac data recovery easy on both Intel and PowerPC Mac machines. It efficiently recovers files emptied from the Trash or lost due to inaccessible Mac volumes. The extensive volume scanning engine helps in recovering files from Mac volumes that fail to mount or have been accidentally formatted. The software has the capability to recover data even if the Disk Verify and Repair tool fails to retrieve the lost data.

Answer 85

A

Data recovery software recovers lost partitions and makes non-booting disks bootable again if it is caused due to faulty software, certain types of viruses, or human error (such as accidentally deleting a partition table).

Answer 86

A

Repairs the broken partitions and recovers the missing information. It recovers the lost and deleted files. The tool recovers files and folders from damaged, inaccessible, and repartitioned disks. It fixes corrupted disk system structures and rebuilds corrupted and overwritten file systems.

Answer 87

A

Mac data recovery software that recovers data from HFS/HFS+, FAT, NTFS, and other file systems. It undeletes Mac OS files using its two powerful Mac recovery methods: Quick and Deep scanning. Its data recovery for Mac OS X locates and recovers deleted files from any mountable media, including the main hard drive, external hard disk, memory cards, iPods, etc. It can recover photos, music, documents, applications, specific Mac OS X files, and other file formats.

Answer 88

A

Software that recovers lost, deleted, formatted, or inaccessible data from HFS, HFS+, HFS Wrapper, and FAT file system volumes irrespective of the data loss situation.

Answer 89

A

A Windows data recovery program. It uses thorough checks and cross-checks to derive the necessary information.

Answer 90

A

A graphical rainbow tables generator that helps attackers create rainbow tables from which they can crack the hashed password.

Answer 91

A

A password recovery or auditing application. It helps recover lost Microsoft Windows passwords by using dictionary attacks, hybrid attacks, rainbow tables, and brute-force attacks.

Answer 92

A

A Windows password cracker based on rainbow tables. It comes with a GUI and runs on multiple platforms.

Answer 93

A

A password recovery tool for Microsoft OSes. It allows recovery of passwords via network sniffing, cracking encrypted passwords using dictionary, brute-force, and cryptanalysis attacks. It covers some security aspects/weaknesses present in a protocol’s standards, caching mechanisms, and authentication methods. This offers a simplified recovery of passwords and credentials from various sources.

Answer 94

A

A has cracker that uses a time-memory tradeoff algorithm to crack hashes. It pre-computes all possible plaintext-ciphertext pairs in advance and stores them in the “rainbow table” file.

Answer 95

A

An application that dumps the password hashes (OWFs) from NT’s SAM database. It extracts LM and NTLM password hashes of local user accounts from the SAM database. This tool runs by extracting the binary SAM and system file from the file system and then extracts the hashes. One of the powerful features is that it is also capable of dumping protected files. Use of this program requires administrative privileges on the remote system.

Answer 96

A

A utility to reset the password of any user that has a valid local account on the Windows system. It supports Windows from NT3.5 to Win8.1, 64 bit, and also the server versions. It works offline, that is, the user has to shutdown his/her computer and boot off a CD or USB disk to do the password reset.

Answer 97

A

A password-cracking tool that resets or recovers passwords for different file types such as Windows OS, MS SQL Servers, RAR/PDF/Word/Excel/PPT files. The tool supports brute-force and dictionary attack. It can search for encrypted files.

Answer 98

A

A password recovery tool that is capable of retrieving the secure passwords using social engineering. It recovers passwords protecting office documents, ZIP, and RAR archives. Usually secure passwords require lengthy attacks to be recovered. The tool retrieves all instantly recoverable passwords and tries these passwords to unlock secure passwords.

Answer 99

A

A password recovery tool that cracks passwords and supports Unix, Windows, DOS, and OpenVMS. It detects weak Unix passwords, several crypt (3) password has types most commonly found on various Unix systems, Windows LM hashes, etc.

Answer 100

A

A password-cracking tool designed to brute force Web applications. It can be used to find unlinked resources (directories, servlets, scripts, etc.), brute-force GET, and POST parameters for checking different kinds of injections (SQL, XSS, LDAP, etc.), brute-force parameters (user/password), fuzzing, etc.

Answer 101

A

A password recovery tool that has a simple user interface, supports multiple hard disk drives, detects several SAM databases (if multiple OS were installed on one volume), and provides the opportunity to pick the right SAM before starting the password recovery process.

Answer 102

A

An easy-to-use tool that recovers passwords for MS Office files, archives, PDF documents, Windows Administrators, email accounts, and other. It recovers or resets many password types instantly, uses advanced password recovery attacks such as dictionary, Xieve, Brute-force, known password/part, previous passwords, and their combinations.

Answer 103

A

Resets Windows password on Windows 8/7/Vista/XP, and 2008/2003/2000 servers.

Answer 104

A

A small utility that displays a list of all LSA secrets stored in the Registry on a computer.

Answer 105

A

It audits user account passwords and recovers them in Windows NT/2000/XP/2003. It searches for attacks in the OS and fixes and recovers forgotten passwords. It allows .lcs files for password recovery.

Answer 106

A

A tool used to restore forgotten passwords, including Internet Explorer.

Answer 107

A

A tool that recovers the passwords by bypassing the authentication process of Windows-based OSs. It can be used for tech repairs, data recovery, and security audits as well.

Answer 108

A

A password recovery tool used to reset or restore the lost passwords for local and Microsoft accounts.

Answer 109

A

A password recovery tool that recovers the lost password. The tool generates different candidate passwords (keys), hashes them, and compares the computed hashes with the stored hashes. The tool offers different ways to generate candidate passwords.

Answer 110

A

A professional password reset app that helps a user to reset their forgotten passwords quickly.

Answer 111

A

A network security analyzer and Windows password recovery tool. It implements patented password recovery technologies developed in Passcape Software, such as artificial intelligence or pass-phrase attack.

Answer 112

A

Recovers lost or forgotten passwords. This tool recovers or resets passwords for Windows, PDF, ZIP, RAR, Office Word/Excel/PowerPoint documents. It also retrieves passwords for instant messengers, email clients, web browsers, FTP clients, and many other applications.

Answer 113

A

A Windows password recovery tool that helps recover forgotten Windows administrator/user password and domain administrator/user password for Windows OS, which includes Windows 10/8/7/Vista/XP/NT/2000 and Windows server 2000/2003/2008/2011/2012. The tool assists for Windows 8 Microsoft account password reset.

Answer 114

A

A network logon cracker tool that uses dictionary or brute-force attacks to try various passwords and login combinations against a login page. This tool supports Linux, *BSD, Solaris, Mac OS X, and any Unix and Windows (Cygwin) OSs.

Answer 115

A

A login brute-forcer for network services that allows remote authentication also

Answer 116

A

Used to detect stegano-hidden data in PNG and BMP image files. It can detect LSB steganography in PNG & BMP, zlib-compressed data, OpenStego, Camouflage 1.2.1, and LSB with The Eratosthenes set.

Answer 117

A

A python-based steganography tool used to give various information about any particular stego file and prints out any data embedded inside it.

Answer 118

A

Extracts any trailing data after the image’s closing bytes, and any hidden files (or other images) embedded within the image. Short byte combinations such as JPEG’s FFD8 FFE0 might sometimes create false positives.

Answer 119

A

A program detection tool and steganalysis suite. It detects the presence of both steganography and data hiding programs as well as the files in which the data payload may have been hidden (carrier files).

Answer 120

A

An anti-forensic tool to analyze the key steganographic algorithms. This tool implements algorithms that are configurable with a variety of filters. It implements the image analysis algorithms for the detection of hidden information. The software is developed in Java, allowing use in multiple OSes.

Answer 121

A

Application helps in hiding data in digital images, detect its presence, and test its robustness using any number of different adjustable techniques. It provides a framework to use multiple methods at the same time and can perform processing in both batch and parallel form.

Answer 122

A

An applet that displays both the locally logged-on users as well as users logged-on remotely. If you specify a username instead of a computer, PsLoggedOn searches the computers in the network neighborhood and shows whether the user is currently logged-on.

Answer 123

A

Command that is used for managing server computer connections. When used without parameters, it displays information about all logged-in sessions of the local computer.

Answer 124

A

When run without any options, it lists the currently active logged-on sessions. If the -p option is used, it provides information on the processes running in each session.

Answer 125

A

Command that reflects names of all files that are open on the server and the number of file locks on each file, if any. This command can also close individually shared files and remove file locks.

Answer 126

A

A simple tool for Windows that displays the list of all files that have been currently opened by other computers on the network. For every opened file, the following information is displayed: filename, username, computer name, permissions information, locks count, file owner, file size, file attributes, and more.

Answer 127

A

Command helps troubleshoot NetBIOS name resolution problems. When a network is functioning normally, NetBIOS over TCP/IP (NetBT) resolves NetBIOS names to IP addresses.

Answer 128

A

Tool helps in collecting information about network connection operative in a Windows system. This CLI tool provides a simple view of TCP and UDP connections, their state and network traffic statistics.

Answer 129

A

A native utility included in Windows XP Pro and later versions as a replacement for tlist.exe. It displays the list of applications and services along with the PID for all tasks that are running on either a local or a remotely connected computer. It provides options for output formatting, with choices between table, CSV, and list formats. The /svc switch can be used to list the service information for each process.

Answer 130

A

Displays basic information about the already running processes on a system, including the amount of time each process has been running (in both kernel and user modes).

Answer 131

A

A utility that reports the DLLs loaded into processes. You can use it to list all DLLs loaded into all the processes, into a specific process, or to list the processes that have a particular DLL loaded. It can also display full version information for DLLs, including their digital signature, and it can also scan processes for unsigned DLLs.

Answer 132

A

A utility that displays information about the open handles for any process in the system. You can use it to see the programs that have an open file or to see the object types and names of all the handles of a program.

Answer 133

A

Shows information about the handles and DLLs of the processes that have been opened or loaded. It consists of two sub-windows. The top window always shows a list of currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode. If it is in handle mode, handles that are opened by the process selected in the top window are shown. If it is in DLL mode, DLLs and memory-mapped files that the selected process has loaded are shown.

Answer 134

A

A command line utility. Its primary purpose it to monitor applications for CPU spikes and generating crash dumps during a spike to that an administrator or developer can determine The cause of the spike. It also includes hung window monitoring, unhandled exception monitoring, and generating dumps based on the values of system performance counters.

Answer 135

A

Forensically dumps the memory of a running process. It is a command line interface tool that dumps the whole process space, uses meta-information to describe the different mappings and states, and saves the process environment.

Answer 136

A

Checks if the network adapter(s) is running in promiscuous mode, which may be a sign that there is a sniffer running on the computer.

Answer 137

A

Can determine if a Windows system has network interfaces in promiscuous mode. If a system has network interfaces in promiscuous mode, it may indicate the presence of a network sniffer running on the system.

Answer 138

A

C:\Windows\System32\spool\PRINTERS

Answer 139

A

An optimized binary file editor for Windows platform. The tool is useful for viewing, modifying and analyzing hexadecimal data in extra large files and disks. It allows one to use basic functionality such as Type, Cut, Copy, Paste, Fill, Delete, Insert, Import, Export, and also features support for some advanced functionality such as overwrite and insert modes.

Answer 140

A

A program used to view information that is stored in memory when you use copy and cut functions in Windows OS. It displays the current content of the clipboard.

Answer 141

A

Shows the history of the commands typed into that prompt.

Answer 142

A

Provides investigators with details such as Share name(s), Resource Directory, and a Remark pertaining to the type of share. Shared resources ending with a ‘$’ string do not appear when the local computer is accessed remotely.

Answer 143

A

A simple utility that reads and displays the data stored inside ESE database. It displays a list of all tables available in the opened database file, allows one to choose the desired table to view and view all records found in the selected table.

Answer 144

A

A simple utility that allows you to view the list of all drive letter assignments in the system, including local drives, remote network drives, CD/DVD drives, and USB drives - even if they are not currently plugged.

Answer 145

A

A command line tool that displays detailed information about devices on computers running Windows OS. It can be used to enable, disable, install, configure, and remove devices. It also performs device management functions on local computers and remote computers.

Answer 146

A

A hard disk partitioning and data management tool. It can create, delete, erase, format defragment, resize, copy, and move partitions and modify their attributes. It can copy entire hard disks from one to another.

Answer 147

A

It locates and mounts partitions into the system, thus making those lost partitions available. It will also work in case any Boot Record (including the Master Boot Record) is missing, damaged, or overwritten.

Answer 148

A

Allows you to extract thumbnail images from the thumbcache_.db and iconcache_.db database files found on Windows Vista, Windows 8, Windows 8, Windows 8.1, and Windows 10.

Answer 149

A

A program that performs a quick analysis of a crash dump file. It shows summary information about what the dump file contains. If the dump file is corrupt in such a way that it cannot be opened by a debugger, it will reveal the same to the investigator.

Answer 150

A

It can extract text from a file and find plain ASCII text, Unicode (double byte ANSI) text, and resource strings, providing useful information for each item in the optional “advanced” view mode. Its comprehensive filtering helps prevent listing of unwanted text.

Answer 151

A

FireEye’s premier free endpoint security tool, provides host investigative capabilities to find signs of malicious activity through memory and file analysis and the development of a threat assessment profile.

Answer 152

A

A completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offers visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Answer 153

A

A hidden file on Windows OS that is used as virtual memory to expand the physical memory of a system.

Answer 154

A

A set of hexadecimal development tools for Microsoft Windows. It integrates advanced binary editing and data interpretation and visualization with the ease and flexibility of a modern word processor. It can edit, cut, copy, paste, insert, fill and delete binary data. You can also work with data in its native structure and data types using the application’s integrated structure viewer and smart bookmarks.

Brainscape's Knowledge GenomeTM

Tools Flashcards

Brainscape's Knowledge Genome^TM