C help computer forensics investigators locate potential digital evidence




Yüklə 6.32 Kb.
tarix27.02.2016
ölçüsü6.32 Kb.
Eric Gibson Jr.

Forensics



Labs 1 and 2
1.1

  1. C – Help computer forensics investigators locate potential digital evidence.

  2. C – All of the above

  3. A – Hexadecimal value mathematically obtained from a file.

  4. B – The KFF stores file signatures and hashes of popular software products

  5. A – Allows investigators to concentrate on files changed by the suspect.

1.2

  1. D – Encrypted files

  2. A – Hard disk images that can be analyzed by forensic software.

  3. C – The image file can be examined without damaging the original evidence.

  4. B – FTK maintains the “chain of custody.”

  5. C – Duplicating original data on storage devices for forensic analysis.

1.3

  1. B – HFS+

  2. C – The camera manufacturer

  3. B – RAID disk data

  4. C – ProDiscover can create images that will run in VMware virtual machine

  5. A – Running a guest operating system within another host operating system

1.4

  1. C – Booting the computer into the Windows environment

  2. A – Account user names and passwords

  3. D – A history of Internet sites visited

  4. C – The registry does not contain password information

  5. C – 5

2

  1. D – The MFT is not updated until all the file remnants have been overwritten with new data.

  2. A – Recovering files that have been deleted but not overwritten.

  3. D – 7

  4. B – The MFT is updated to indicate free space when files are deleted.

  5. B – Writing 0s and 1s to the file remnant locations.

2.2

  1. D - .mft

  2. B – Maintaining the original storage device integrity by preventing any changes to the evidence.

  3. A – The ProDiscover image does not copy the MFT because it is not needed during analysis.

  4. A – It is used to prevent any data or changes to be written to the original storage device violating the “chain of custody.”

  5. C

2.3

  1. A - .dd

  2. C – CD or DVD

  3. C - .eve images to ISO

  4. D - .dd

  5. C

2.4

  1. D - .eve

  2. B – Is not optimized to search large volumes of data

  3. A – Be small enough to fit on a floppy disk as a portable imaging tool

  4. A – MD5

  5. B

2.5

  1. B – 7

  2. 3

  3. C – Qtr 1 Emp

  4. B - Online

  5. B – 2


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azrefs.org 2016
rəhbərliyinə müraciət

    Ana səhifə