Save
Upgrade to remove ads
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Digital F Mod 3&4

QuestionAnswer
What is an inode in Linux file systems? A structure that stores metadata about files
What is a "superblock" in the context of Linux file systems? Metadata containing information about the entire file system
Which file system feature allows efficient recovery after a crash? Journaling
What does the term "tracks" refer to in the context of hard disk drives? Concentric circles on the disk surface used for storing data
Which of the following is an essential feature of solid-state drives (SSDs)? Low latency and faster read/write speeds
What does the BIOS Parameter Block (BPB) do? Contains essential file system information
What is the primary role of the Master Boot Record (MBR)? To manage boot-up information and partition details
In a hard disk drive, what is the purpose of the read/write head? To read and write data to/from the disk surface
What is the main purpose of sectors on a hard drive? To define physical divisions on the disk for data storage
Which Linux file system introduced journaling? ext3
What does metadata in acquired data provide? Details about the file’s creation, modification, and access times
What does the term "logical acquisition" refer to? Copying only specific files or folders
Which of the following is NOT a type of data acquisition? Metadata-only acquisition
Which of the following is an example of live data acquisition? Capturing data from a network in real time
Why is documentation critical during the data acquisition process? To track all steps and tools used for evidence collection
Which file format is NOT commonly used for data acquisition? NTFS
Why is hashing performed before and after acquisition? To detect tampering during the transfer process
What does the AFF (Advanced Forensics Format) provide? A standardized format for digital evidence storage
Which of the following is a challenge in data acquisition? Maintaining the integrity of volatile data
Which hashing algorithm is commonly used to verify data integrity? MD5
What is the primary focus of metadata analysis in anti-forensics countermeasures? To identify inconsistencies in file properties
What is the purpose of the tool "Timestomp"? To manipulate file metadata such as creation and modification dates
What does steganalysis aim to achieve? Detecting and extracting hidden data from files
What is the purpose of log wiping in anti-forensics? To erase traces of user activity from log files
How can forensic investigators counter log wiping? By recovering deleted logs from slack space
Which of the following techniques can recover evidence after artifact wiping? Slack space analysis
Which anti-forensics technique specifically targets forensic investigators' reliance on logs? Log wiping
Which anti-forensics technique is aimed at hiding the true content of files? Encryption
What is the main goal of anti-forensics? To prevent forensic investigators from accessing or analyzing evidence
What is the main objective of anti-forensics countermeasures? To detect, recover, and analyze tampered or hidden evidence
What feature distinguishes ext3 from ext2? File journaling support
What happens during the booting process of an operating system? The system kernel is loaded into memory
What is the main purpose of the FAT32 file system? To support older operating systems with a simpler structure
Which operating system uses NTFS as its primary file system? Windows
Which partition style supports disks larger than 2TB? GPT
Which of the following tools can analyze file systems? The Sleuth Kit
What is the role of a write blocker during data acquisition? Preventing modifications to the original evidence
Which acquisition tool can capture data at the sector level? dd
What is a key advantage of using AFF for data acquisition? It compresses data for efficient storage
What is a disadvantage of live data acquisition? It may alter the original data
What does a forensic investigator prioritize during the acquisition process? Ensuring evidence is admissible in court
Which of the following is an example of artifact wiping? Overwriting files with random data to prevent recovery
Which tool is commonly used to detect timestamp manipulation? ExifTool
Which countermeasure is used to detect manipulated timestamps? Metadata verification
How does anti-forensics impact forensic readiness? It complicates the process of collecting, preserving, and analyzing evidence
Which file system is specific to macOS? HFS+
What is the purpose of the GUID Partition Table (GPT)? To organize and manage large-capacity disks
What is a common disk interface used in modern hard drives? Both SATA and NVMe
What is the primary function of a file system? To organize and manage data on storage devices
What is the primary concern when capturing data from encrypted devices? Acquiring data without damaging encryption keys
Which data acquisition method is most suitable for large storage devices? Logical acquisition
What does a "bit-stream image" include? A complete copy of all sectors, including deleted and hidden data
Which tool is commonly used for disk imaging in forensic investigations? dd
Which of the following is an example of static acquisition? Imaging a powered-off laptop hard drive
Which of the following tools can be used to detect and counter steganography? ExifTool
What does slack space contain? Unused space in a storage cluster that may hold remnants of previous data
Why is recovering overwritten files particularly challenging? Overwritten data cannot be recovered without specialized tools
What is an effective countermeasure for artifact wiping? Metadata analysis
What does data obfuscation aim to achieve? Making data harder to understand by altering its structure or format
What is the role of secure file deletion software? To overwrite data to ensure it cannot be recovered
Which of the following is an effective countermeasure against data obfuscation? Structure analysis and pattern recognition
What is a critical consideration when dealing with encrypted files in forensics? Identifying the encryption key or password
Created by: jxxnixx
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards