Question 1: In digital forensic analysis, we use MAC times to create a timeline of activities. Timeline analysis is considered an important element in most digital forensics investigations because:
(I) It gives a holistic view of the succession of events that have happened to the system.
(II) It allows investigators to save their investigation time by reducing the volume of data that needs to be investigated to a specific timeframe.
(III) It helps investigators reconstruct data to identify when activities occurred on a computer and in what sequence.
(IV) It helps the investigators to re-create the events of the crime and trace back the steps of the suspect/victim.
A. (I), (II), (III) and (IV)
B. (I), (II) and (III) only
C. (I), (III) and (IV) only
D. (I), (II) and (IV) only
Solution: (I), (II), (III) and (IV)
Question 2: In Windows 8 and later versions, user account information for users and groups on the system are stored in the registry hive:
A. SECURITY
B. SAM
C. SOFTWARE
D. SYSTEM
Solution: SAM
Question 3: In Windows 8 and later versions, a USB’s last insertion and removal timestamps are stored in the registry hive:
A. SYSTEM
B. SAM
C. SECURITY
D. SOFTWARE
Solution: SYSTEM
Question 4: It refers to a cluster (or a portion of a cluster) that is not being used by the current data. It may contain no data at all or data from a previously deleted file. The above statements refer to:
A. slack space
B. portion space
C. allocated space
D. deleted space
Solution: slack space
Question 5: When a document is printed, which of these files are created during the spooling process?
(I) A shadow file (.SHD) that contains information about the print job.
(II) A spool file (.SPL) that contains the document’s contents.
(III) A temp file (.TMP) for temporally storing the information about the print job.
A. (I) and (III) only
B. (I) and (II) only
C. (II) and (III) only
D. (I), (II) and (III)
Solution: (I) and (II) only
Question 6: In Windows Vista or a later OS, when a file is sent to the $Recycle.Bin, metadata information such as the file’s original filename/path information, size, and data/time moved to the $Recycle.Bin, is created and stored in:
A. An INFO2 file
B. A $R file
C. A $I file
D. An INFO file
Solution: A $I file
Question 7: A ________ is a pointer that allows accessing the same file by different filenames.
A. half link
B. hard link
C. soft link
D. full link
Solution: hard link
Question 8: ________ can point to items on other drives or other parts of the network.
A. Half links
B. Full links
C. Hard links
D. Soft links
Solution: Soft links
Question 9:____________ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.
A. Vector images
B. Metafile images
C. Forensic images
D. Raster images
Solution: Vector images
Question 10: ____________ are collections of dots, or pixels, in a grid format that form a graphic.
Select one:
A. Raster images
B. Forensic images
C. Metafile images
D. Vector images
Solution: Raster images
Question 11: You use ______________ to create, modify, and save raster, vector, and metafile graphics.
A. clone editors
B. image viewers
C. graphics editors
D. write blockers
Solution: graphics editors
No comments:
Post a Comment