Udemy Test 1

Question 1

The GUID is how many bits?

Answer 1

128 bits

Question 2

This Federal statute covers child pornography.

Answer 2

18 USC 2252A

Question 3

Which Windows version boots in either UEFI-GPT or BIOS-MBR?

Answer 3

Win 10

Question 4

nnnn represents

Answer 4

The Sequential number of exhibits by the investigator

Question 5

Sandra needs to see details about GPT partition tables in Mac OS. Which tool should she use?

Answer 5

Disk Utility

Question 6

This is a network sniffer that can support several hundred network protocols.

Answer 6

Capsa

Question 7

John is a forensic investigator working on a case for a WHC hospital. John finds a USB drive sitting behind an access control door in the server room. The hospital provides John access to retrieve the device. John knows that the USB represents:

Answer 7

Non-Volatile Data

Question 8

Sara is an Assistant U.S. Attorney. She knows that this rule covers the general admissibility of relevant evidence.

Answer 8

Rule 402

Question 9

In UEFI SEC, this is initialized.

Answer 9

Code is initialized

Question 10

A Digital Forensic Investigator investigates this type of crime (choose the best answer).

Answer 10

Digital Crime

Question 11

This is the smallest physical storage unit on the hard disk platter.

Answer 11

Sector

Question 12

The zz in exhibit numbering stands for:

Answer 12

The squence number for parts of the same exhibit

Question 13

Shamika is the VP of Technology at XYZ, Inc. She suspects that her newest employee, David, may be using his work computer to look at child pornography. What type of investigation(s) should be started?

Answer 13

Criminal and Administrative

Question 14

The zz in exhibit numbering stands for:

Answer 14

The sequence number for parts of the same exhibit

Question 15

Sectors are how many bytes long.

Answer 15

512

Question 16

This is the smallest physical storage unit on the hard disk platter.

Answer 16

Sector

Question 17

This is a tool for Mac that can be used to recover files from crashed or virus corrupted hard drives.

Answer 17

File Savage

Question 18

This command can be used to obtain details about partitions.

Answer 18

Get-PartitionTable

Question 19

Sectors are how many bytes long.

Answer 19

512 bytes

Question 20

This is wasted area of the disk cluster, lying between the end of the file and end of the cluster.

Answer 20

Slack Space

Question 21

All of these are a part of the Pre-investigation phase EXCEPT:

Answer 21

Acquiring the Evidence

Question 22

This person provides legal advice about the investigation and any potential legal issues in the forensic investigation process.

Answer 22

Attorny

Question 23

What does ETI stand for?

Answer 23

Enterprise Theory of Investigation

Question 24

UTC stands for:

Answer 24

Coordinated Universal Time

Question 25

A computer forensics lab should have windows all around the perimeter.

Answer 25

False

Question 26

What is the Size of the MBR?

Answer 26

512 bytes

Question 27

What is DiskDigger?

Answer 27

Tool used to recover files and offers a thumbnail preview

Question 28

For a router, the investigator should:

Answer 28

Unplug the network cable from the router

Question 29

Jennifer is studying for her CHFI exam and knows that the MBR is:

Answer 29

512 bytes

Question 30

There are this many bits for storing Logical Block Addresses (LBAs) on the Master Boot Record (MBR).

Answer 30

32 bits

Question 31

The MBR signature is always:

Answer 31

0x55AA

Question 32

An internal investigation, undertaken by an organization, to determine if employees are following rules and/or policies is called.

Answer 32

Administrative

Question 33

Disk Density is calculated with:

Answer 33

Track, Area, and Bit Density

Question 34

This rule governs proceedings in the courts of the United States.

Answer 34

Rule 101

Question 35

Keira is an investigator with the FBI that needs to recover lost files from a USB flash drive. Which tool can help her do this?

Answer 35

Disk Digger

Question 36

The GUID has this number of hexadecimal digits, with groups separated by hyphens.

Answer 36

32

Question 37

Tools involved in Hashing include all of the following EXCEPT:

Answer 37

SuperHasher

Question 38

In exhibit numbering, the aaa is:

Answer 38

The initials of the individual seizing the equipment

Question 39

All investigators keep track of the evidence path by using the:

Answer 39

Chain of Custody Document

Question 40

Circular, metal disks mounted into the drive enclosure are called:

Answer 40

Platters

Question 41

Tasha is looking for the UEFI phase that involves clearing UEFI from memory.

Answer 41

RT

Question 42

The Master Boot Record (MBR) starts at this sector.

Answer 42

Sector 0

Question 43

A warrantless seizure of digital evidence is used when:

Answer 43

The destruction of the evidence is imminent and there is cause to believe that the item being seized constitutes evidence of criminal activity

Question 44

Rule 1003 covers:

Answer 44

admissibility of duplicates

Question 45

What is Recover my Files?

Answer 45

a Tool used for file recovery

Question 46

What is the size of the MBR Partition Table?

Answer 46

64 bytes

Question 47

What is the size of the MBR Partition Table?

Answer 47

64 bytes

Question 48

Rule 1002 Covers?

Answer 48

The Admissibility of original evidence

Question 49

Rule 1001 covers?

Answer 49

Definitions

Question 50

Rule 1004 Covers?

Answer 50

Other evidence admissibility