Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
IT0203 - FA2
Modules 3-4
| Question | Answer |
|---|---|
| What is the primary role of the Master Boot Record (MBR)? Group of answer choices To store temporary files for active processes To encrypt files for data protection To manage boot-up information and partition details To load applications into memory | To manage boot-up information and partition details |
| What is a common disk interface used in modern hard drives? Group of answer choices SATA Both SATA and NVMe IDE NVMe | Both SATA and NVMe |
| What type of data structure is used in NTFS to store file metadata? Group of answer choices Logical Block Superblock Inode Master File Table (MFT) | Master File Table (MFT) |
| What is the purpose of the GUID Partition Table (GPT)? Group of answer choices To delete unnecessary file partitions To store the operating system's kernel To encrypt files for data security To organize and manage large-capacity disks | To organize and manage large-capacity disks |
| What is an inode in Linux file systems? Group of answer choices A structure that stores metadata about files A type of directory A temporary data storage unit A process used to encrypt file names | A structure that stores metadata about files |
| Which of the following tools can analyze file systems? Group of answer choices Wireshark The Sleuth Kit Maltego Volatility | The Sleuth Kit |
| What is a "boot sector"? Group of answer choices The portion of a file system dedicated to journaling The main storage location for deleted files A reserved area of disk for operating system files A partition dedicated to backups | A reserved area of disk for operating system files |
| How does a journaling file system improve reliability? Group of answer choices By creating backups in real time By organizing files into folders By tracking changes to files and storing them in a log By encrypting deleted files | By tracking changes to files and storing them in a log |
| What is the main purpose of sectors on a hard drive? Group of answer choices To divide data into compressed files To define physical divisions on the disk for data storage To encrypt critical system information To store the operating system kernel | To define physical divisions on the disk for data storage |
| Which file system feature allows efficient recovery after a crash? Group of answer choices Journaling Logical Block Addressing Metadata File compression | Journaling |
| Why is documentation critical during the data acquisition process? Group of answer choices To generate reports for end users To reduce the size of collected evidence To encrypt collected evidence for security To track all steps and tools used for evi | To track all steps and tools used for evidence collection |
| What is the primary concern when capturing data from encrypted devices? Group of answer choices Creating an incremental backup Ensuring compatibility with file systems Acquiring data without damaging encryption keys Encrypting volatile data | Acquiring data without damaging encryption keys |
| Which acquisition tool can capture data at the sector level? Group of answer choices FTK Imager dd EnCase Sleuth Kit | dd |
| Which of the following is an example of static acquisition? Group of answer choices Capturing RAM data from a live system Recording real-time network traffic Imaging a powered-off laptop hard drive Collecting data from open processes | Imaging a powered-off laptop hard drive |
| Which of the following is an example of live data acquisition? Group of answer choices Imaging a hard drive of a powered-off system Capturing data from a network in real time Copying deleted files from a USB drive Creating backups of archived data | Capturing data from a network in real time |
| What does a "bit-stream image" include? Group of answer choices A complete copy of all sectors, including deleted and hidden data Metadata of the analyzed file system A compressed copy of user data Only the active files on a disk | A complete copy of all sectors, including deleted and hidden data |
| What is the primary objective of data acquisition in digital forensics? Group of answer choices Encrypting evidence for security Analyzing the original evidence directly Preserving the integrity of evidence during collection Formatting the storage de | Preserving the integrity of evidence during collection |
| Which of the following is a challenge in data acquisition? Group of answer choices Ensuring compatibility with all file systems Analyzing archived data Maintaining the integrity of volatile data Encrypting acquired evidence | Maintaining the integrity of volatile data |
| Why is hashing performed before and after acquisition? Group of answer choices To analyze metadata To compress acquired evidence To encrypt data for security To detect tampering during the transfer process | To detect tampering during the transfer process |
| What is the role of a write blocker during data acquisition? Group of answer choices Encrypting data on the original device Blocking unauthorized network access Allowing data to be modified securely Preventing modifications to the original evidence | Preventing modifications to the original evidence |
| Why is recovering overwritten files particularly challenging? Group of answer choices Overwritten data is encrypted Overwritten data cannot be recovered without specialized tools Overwriting increases system performance The original data is compresse | Overwritten data cannot be recovered without specialized tools |
| What does steganography involve? Group of answer choices Deleting unnecessary system logs Compressing large files for transmission Encrypting files for secure storage Hiding information within other files, such as images or videos | Hiding information within other files, such as images or videos |
| What is the purpose of anti-forensics countermeasures? Group of answer choices To compress files for faster transmission To assist forensic investigators in detecting and analyzing evidence tampering To encrypt system logs for security To hide user a | To assist forensic investigators in detecting and analyzing evidence tampering |
| What does the term "hash collision" refer to? Group of answer choices Two different pieces of data producing the same hash value A failure to generate a valid hash value A corrupted metadata entry A mismatch between original and duplicate files | Two different pieces of data producing the same hash value |
| Which countermeasure is used to detect manipulated timestamps? Group of answer choices Steganalysis Hash comparison Metadata verification Log correlation | Metadata verification |
| Which of the following techniques can recover evidence after artifact wiping? Group of answer choices Log correlation Metadata extraction Steganalysis Slack space analysis | Slack space analysis |
| What is a critical consideration when dealing with encrypted files in forensics? Group of answer choices Identifying the encryption key or password Deleting unused keys Creating a backup of the encrypted file Compressing the encrypted file for analys | Identifying the encryption key or password |
| How can forensic investigators counter log wiping? Group of answer choices By recovering deleted logs from slack space By encrypting system logs for security By using specialized log recovery tools By compressing recovered logs | By recovering deleted logs from slack space |
| Which anti-forensics technique is used to bypass file recovery tools? Group of answer choices Metadata modification Slack space wiping File encryption Log file compression | Slack space wiping |
| What is the role of secure file deletion software? Group of answer choices To encrypt files for storage To overwrite data to ensure it cannot be recovered To create backups of important files To compress large files for transmission | To overwrite data to ensure it cannot be recovered |
| What does "journaling" in a file system ensure? Group of answer choices Faster execution of user applications Recovery of data in case of system crashes File compression for efficient storage Permanent deletion of unused files | Recovery of data in case of system crashes |
| What does "slack space" refer to on a storage device? Group of answer choices Unused space in a storage cluster after data is written Unused sectors that cannot be formatted Temporary cache files created by applications Space between partitions on a | Unused space in a storage cluster after data is written |
| Which Linux file system introduced journaling? Group of answer choices NTFS ext4 FAT32 ext3 | ext3 |
| What happens during the booting process of an operating system? Group of answer choices The system kernel is loaded into memory User applications are directly executed Data is moved from RAM to disk All device drivers are deleted | The system kernel is loaded into memory |
| Which operating system uses NTFS as its primary file system? Group of answer choices UNIX Windows Linux macOS | Windows |
| Which of the following is NOT a type of data acquisition? Group of answer choices Live acquisition Incremental acquisition Metadata-only acquisition Logical acquisition | Metadata-only acquisition |
| What is a disadvantage of live data acquisition? Group of answer choices It is incompatible with encrypted file systems It cannot capture network activity It captures only specific files It may alter the original data | It may alter the original data |
| What is the purpose of volatile data collection? Group of answer choices To create backups of archived logs To encrypt user credentials To capture live system data that may be lost upon shutdown To recover deleted files | To capture live system data that may be lost upon shutdown |
| Which data acquisition method is most suitable for large storage devices? Group of answer choices Selective acquisition Logical acquisition Incremental acquisition Physical acquisition | Physical acquisition |
| Which tool is commonly used for disk imaging in forensic investigations? Group of answer choices Maltego dd HashCalc Wireshark | dd |
| Which tool is commonly used to detect timestamp manipulation? Group of answer choices FTK Imager Wireshark ExifTool Timestomp | ExifTool |
| Which anti-forensics technique can prevent hash-based file analysis? Group of answer choices File deletion Hash collision generation Data encryption Metadata modification | Hash collision generation |
| Which of the following is an example of artifact wiping? Group of answer choices Encrypting log files Creating backups of sensitive files Overwriting files with random data to prevent recovery Data compression | Overwriting files with random data to prevent recovery |
| What is the main goal of anti-forensics? Group of answer choices To recover lost data from storage devices To prevent forensic investigators from accessing or analyzing evidence To enhance data security To encrypt sensitive files | To prevent forensic investigators from accessing or analyzing evidence |
| How does anti-forensics impact forensic readiness? Group of answer choices It improves evidence integrity It simplifies evidence collection It enhances file system security It complicates the process of collecting, preserving, and analyzing evidence | It complicates the process of collecting, preserving, and analyzing evidence |
| What is the purpose of the tool "Timestomp"? Group of answer choices To recover deleted timestamps from log files To compress timestamps for storage To analyze the timeline of system activity To manipulate file metadata such as creation and modificat | To manipulate file metadata such as creation and modification dates |
| What feature distinguishes ext3 from ext2? Group of answer choices Faster booting times File journaling support Higher compression rates Compatibility with older hardware | File journaling support |
| Which file system is commonly used by Linux operating systems? Group of answer choices HFS+ NTFS FAT32 ext4 | ext4 |
| What is a "superblock" in the context of Linux file systems? Group of answer choices A security feature that encrypts system logs Metadata containing information about the entire file system A reserved area for storing deleted files A temporary file | Metadata containing information about the entire file system |
| In a hard disk drive, what is the purpose of the read/write head? Group of answer choices To transfer data between different partitions To process data stored in RAM To manage network traffic To read and write data to/from the disk surface | To read and write data to/from the disk surface |
| Which partition style supports disks larger than 2TB? Group of answer choices MBR GPT FAT32 NTFS | GPT |
| How does the dd tool assist in data acquisition? Group of answer choices By capturing live network traffic By analyzing metadata of captured files By creating a bit-by-bit copy of storage media By hashing collected evidence | By creating a bit-by-bit copy of storage media |
| Which file format is NOT commonly used for data acquisition? Group of answer choices E01 RAW NTFS AFF | NTFS |
| What does the AFF (Advanced Forensics Format) provide? Group of answer choices A standardized format for digital evidence storage A way to compress acquired evidence for storage A real-time encryption method for sensitive files A tool for analyzing n | A standardized format for digital evidence storage |
| What does metadata in acquired data provide? Group of answer choices Real-time logs of system activity Information about system uptime Details about the file’s creation, modification, and access times Encryption keys for secure data transfer | Details about the file’s creation, modification, and access times |
| What does a forensic investigator prioritize during the acquisition process? Group of answer choices Ensuring evidence is admissible in court Analysis of metadata Encrypting all user data Performing live system backups | Ensuring evidence is admissible in court |
| What type of data acquisition is performed on a system that is turned off? Group of answer choices Static acquisition Live acquisition Volatile acquisition Network acquisition | Static acquisition |
| Which of the following is an effective countermeasure against data obfuscation? Group of answer choices File carving Metadata encryption Structure analysis and pattern recognition File compression | Structure analysis and pattern recognition |
| What does data obfuscation aim to achieve? Group of answer choices Increasing system performance through data compression Creating backups of sensitive files Preventing access to user data by encryption Making data harder to understand by altering it | Making data harder to understand by altering its structure or format |
| What is the main objective of anti-forensics countermeasures? Group of answer choices To assist in system performance optimization To simplify forensic investigations To detect, recover, and analyze tampered or hidden evidence To encrypt sensitive da | To detect, recover, and analyze tampered or hidden evidence |
| Which anti-forensics technique specifically targets forensic investigators' reliance on logs? Group of answer choices Log wiping File carving Metadata alteration Encryption | Log wiping |
| Which of the following is an essential feature of solid-state drives (SSDs)? Group of answer choices Use of tape-based storage mechanisms Dependence on moving parts Low latency and faster read/write speeds Rotating magnetic disks for data storage | Low latency and faster read/write speeds |
| What is the significance of "logical block addressing (LBA)"? Group of answer choices It compresses files for storage efficiency It determines the encryption key of a hard drive It simplifies the storage addressing system It describes physical hardwa | It simplifies the storage addressing system |
| What is the primary function of a file system? Group of answer choices To organize and manage data on storage devices To analyze network activity To secure files using encryption To create backups of critical system files | To organize and manage data on storage devices |
| What is the main advantage of SSDs over HDDs? Group of answer choices Longer lifespan Faster data access speeds Higher data storage capacity Lower cost | Faster data access speeds |
| What does the term "tracks" refer to in the context of hard disk drives? Group of answer choices The pathways inside RAM modules Software logs created during file transfers Concentric circles on the disk surface used for storing data Pathways that da | Concentric circles on the disk surface used for storing data |
| What is a key advantage of using AFF for data acquisition? Group of answer choices It supports real-time analysis of volatile data It encrypts acquired data by default It compresses data for efficient storage It allows direct access to deleted files | It compresses data for efficient storage |
| How does encryption act as an anti-forensics tool? Group of answer choices It compresses files for efficient storage It protects data by making it unreadable without the encryption key It creates multiple versions of the same file It deletes unused d | It protects data by making it unreadable without the encryption key |
| What is the primary focus of metadata analysis in anti-forensics countermeasures? Group of answer choices To encrypt sensitive data To delete unused logs To compress large datasets for analysis To identify inconsistencies in file properties | To identify inconsistencies in file properties |
| What is the purpose of log wiping in anti-forensics? Group of answer choices To create backups of system logs To improve system performance by removing old logs To erase traces of user activity from log files To encrypt system log files for security | To erase traces of user activity from log files |
| What is the main purpose of the FAT32 file system? Group of answer choices To compress files for efficient storage To support older operating systems with a simpler structure To manage large disks with greater reliability To encrypt files for securit | To support older operating systems with a simpler structure |
| Which step comes first in the data acquisition process? Group of answer choices Securing the scene Hashing the collected data Creating a forensic image Analyzing evidence | Securing the scene |
| What is the purpose of an acquisition report? Group of answer choices To create backups of volatile data To store acquired data in a compressed format To encrypt collected evidence for secure transfer To outline the steps and tools used during data c | To outline the steps and tools used during data collection |
| What does "selective acquisition" focus on? Group of answer choices Analyzing encrypted file systems Hashing volatile system logs Collecting only relevant files or folders Capturing all data on a disk | Collecting only relevant files or folders |
| What does steganalysis aim to achieve? Group of answer choices Detecting and extracting hidden data from files Compressing files for faster transmission Deleting unused files to free up disk space Encrypting hidden data for secure storage | Detecting and extracting hidden data from files |
| How does file system tunneling interfere with forensic investigations? Group of answer choices It compresses files for storage efficiency It creates backups of hidden files It allows files to inherit timestamps from deleted files It hides files in un | It allows files to inherit timestamps from deleted files |
| What is an effective countermeasure for artifact wiping? Group of answer choices Metadata analysis Incremental backups Log wiping File compression | Metadata analysis |
| Which of the following data types is considered volatile? Group of answer choices Archived emails Open network connections System logs Data stored on a USB drive | Open network connections |
| When should a forensic investigator perform a physical acquisition? Group of answer choices When selective data collection is required When only metadata is needed When the entire disk, including deleted data, must be copied When the system is encryp | When the entire disk, including deleted data, must be copied |
| Which anti-forensics technique is aimed at hiding the true content of files? Group of answer choices Log wiping Encryption Metadata alteration File carving | Encryption |
| Which file system is specific to macOS? Group of answer choices FAT32 ext4 HFS+ NTFS | HFS+ |
| What does the BIOS Parameter Block (BPB) do? Group of answer choices Transfers data between partitions Manages encryption keys for the hard drive Contains essential file system information Stores temporary user data | Contains essential file system information |
| How does a solid-state drive (SSD) store data? Group of answer choices Using magnetic spinning platters Using NAND-based flash memory With optical storage discs Using tape-based storage | Using NAND-based flash memory |
| What is the purpose of hashing in the data acquisition process? Group of answer choices To compress the collected evidence To encrypt data for secure storage To verify the integrity of acquired data To create backups of original evidence | To verify the integrity of acquired data |
| What does slack space contain? Group of answer choices Deleted files ready for recovery Unused space in a storage cluster that may hold remnants of previous data Encrypted user credentials System logs from deleted applications | Unused space in a storage cluster that may hold remnants of previous data |
| Which of the following tools can be used to detect and counter steganography? Group of answer choices ExifTool FTK Imager Volatility Timestomp | ExifTool |
| What is the key difference between HFS+ and APFS in macOS? Group of answer choices APFS is incompatible with modern macOS versions HFS+ provides faster data access HFS+ supports file journaling while APFS does not APFS is optimized for SSDs | APFS is optimized for SSDs |
| What does the term "logical acquisition" refer to? Group of answer choices Capturing data from volatile storage Encrypting file systems during acquisition Copying only specific files or folders Creating a complete bit-stream image | Copying only specific files or folders |
Created by:
pangalankoiezrawr