Chapter 6-13 multiple choice
Quiz yourself by thinking what should be in
each of the black spaces below before clicking
on it to display the answer.
Help!
|
|
||||
|---|---|---|---|---|---|
| show | true
🗑
|
||||
| A ____ is a column of tracks on two or more disk platters. | show 🗑
|
||||
| ____ is how most manufacturers deal with a platter’s inner tracks being shorter than its outer tracks. | show 🗑
|
||||
| ____ is the file structure database that Microsoft originally designed for floppy disks. | show 🗑
|
||||
| show | NTFS
🗑
|
||||
| On an NTFS disk, immediately after the Partition Boot Sector is the ____. | show 🗑
|
||||
| show | metadata
🗑
|
||||
| In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each | show 🗑
|
||||
| The file or folder’s MFT record provides cluster addresses where the file is stored on the drive’s partition. These cluster addresses are referred to as ____. | show 🗑
|
||||
| show | EFS
🗑
|
||||
| The purpose of the ____ is to provide a mechanism for recovering encrypted files under EFS if there’s a problem with the user’s original private key. | show 🗑
|
||||
| show | Registry
🗑
|
||||
| show | NTDetect.com
🗑
|
||||
| ____, located in the root folder of the system partition, is the device driver that allows the OS to communicate with SCSI or ATA drives that aren’t related to the BIOS. | show 🗑
|
||||
| show | Device drivers
🗑
|
||||
| ____ is a hidden text file containing startup options for Windows 9x. | show 🗑
|
||||
| show | Command.com
🗑
|
||||
| ____ is a text file containing commands that typically run only at system startup to enhance the computer’s DOS configuration. | show 🗑
|
||||
| ____ is a batch file containing customized settings for MS-DOS that runs automatically. | show 🗑
|
||||
| A ____ allows you to create a representation of another computer on an existing physical computer. | show 🗑
|
||||
| In software acquisition, there are three types of data-copying methods. | show 🗑
|
||||
| show | true
🗑
|
||||
| show | false
🗑
|
||||
| show | true
🗑
|
||||
| show | 2
🗑
|
||||
| show | image file
🗑
|
||||
| show | ms-dos
🗑
|
||||
| Raw data is a direct copy of a disk drive. An example of a Raw image is output from the UNIX/Linux ____ command. | show 🗑
|
||||
| show | Discrimination
🗑
|
||||
| Many password recovery tools have a feature that allows generating potential lists for a ____ attack. | show 🗑
|
||||
| show | disk-to-disk
🗑
|
||||
| show | report
🗑
|
||||
| show | IBM
🗑
|
||||
| In Windows 2000 and XP, the ____ command shows you the owner of a file if you have multiple users on the system or network. | show 🗑
|
||||
| show | 3
🗑
|
||||
| A forensics workstation consisting of a laptop computer with a built-in LCD monitor and almost as many bays and peripherals as a stationary workstation is also known as a ____. | show 🗑
|
||||
| ____ is a simple drive-imaging station. | show 🗑
|
||||
| ____ can be software or hardware and are used to protect evidence disks by preventing you from writing any data to the evidence disk. | show 🗑
|
||||
| Many vendors have developed write-blocking devices that connect to a computer through FireWire,____ 2.0,and SCSI controllers. | show 🗑
|
||||
| The ____ publishes articles, provides tools, and creates procedures for testing and validating computer forensics software. | show 🗑
|
||||
| The standards document, ____, demands accuracy for all aspects of the testing process, meaning that the results must be repeatable and reproducible. | show 🗑
|
||||
| show | NSRL
🗑
|
||||
| show | SHA-1
🗑
|
||||
| show | disk editor
🗑
|
||||
| show | testing, compressed
🗑
|
||||
| Macintosh OS X is built on a core called ____. | show 🗑
|
||||
| show | resource
🗑
|
||||
| show | 65,535
🗑
|
||||
| show | Master Directory Block (MDB)
🗑
|
||||
| show | Volume Bitmap
🗑
|
||||
| On Mac OSs, File Manager uses the ____ to store any information not in the MDB or Volume Control Block (VCB). | show 🗑
|
||||
| Linux is probably the most consistent UNIX-like OS because the Linux kernel is regulated under the ____ agreement. | show 🗑
|
||||
| The standard Linux file system is ____. | show 🗑
|
||||
| Ext2fs can support disks as large as ____ TB and files as large as 2 GB. | show 🗑
|
||||
| show | inodes
🗑
|
||||
| show | 0
🗑
|
||||
| show | 4
🗑
|
||||
| show | data block
🗑
|
||||
| show | Lilo.conf
🗑
|
||||
| Erich Boleyn created GRUB in ____ to deal with multiboot processes and a variety of OSs. | show 🗑
|
||||
| show | /dev/hda1
🗑
|
||||
| show | 99
🗑
|
||||
| show | Advanced SCSI Programming Interface (ASPI)
🗑
|
||||
| show | 40-pin
🗑
|
||||
| show | 100
🗑
|
||||
| show | GB
🗑
|
||||
| FTK cannot analyze data from image files from other vendors. | show 🗑
|
||||
| A nonsteganographic graphics file has a different size than an identical steganographic graphics file. | show 🗑
|
||||
| show | scope creep
🗑
|
||||
| show | investigation plan
🗑
|
||||
| show | subpoenas
🗑
|
||||
| There are ____ searching options for keywords which FTK offers. | show 🗑
|
||||
| ____ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search. | show 🗑
|
||||
| The ____ search feature allows you to look for words with extensions such as “ing,”“ed,” and so forth. | show 🗑
|
||||
| show | indexed
🗑
|
||||
| FTK and other computer forensics programs use ____ to tag and document digital evidence. | show 🗑
|
||||
| Getting a hash value with a ____ is much faster and easier than with a(n) ____. | show 🗑
|
||||
| show | KFF
🗑
|
||||
| show | hiding
🗑
|
||||
| One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it. | show 🗑
|
||||
| Marking bad clusters data-hiding technique is more common with ____ file systems. | show 🗑
|
||||
| The term ____ comes from the Greek word for“hidden writing.” | show 🗑
|
||||
| show | Steganography
🗑
|
||||
| show | key escrow
🗑
|
||||
| show | BestCrypt
🗑
|
||||
| ____ recovery is a fairly easy task in computer forensic analysis. | show 🗑
|
||||
| show | Brute-force
🗑
|
||||
| show | Remote acquisitions
🗑
|
||||
| ____ is a remote access program for communication between two computers. The connection is established by using the DiskExplorer program (FAT or NTFS) corresponding to the suspect (remote) computer’s file system. | show 🗑
|
||||
| With many computer forensics tools, you can open files with external viewers. | show 🗑
|
||||
| show | false
🗑
|
||||
| ____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes. | show 🗑
|
||||
| You use ____ to create, modify, and save bitmap, vector, and metafile graphics files. | show 🗑
|
||||
| ____ images store graphics information as grids of individual pixels. | show 🗑
|
||||
| show | demosaicing
🗑
|
||||
| The majority of digital cameras use the ____ format to store digital pictures | show 🗑
|
||||
| show | Lossy
🗑
|
||||
| show | carving
🗑
|
||||
| A(n) ____ file has a hexadecimal header value of FF D8 FF E0 00 10. | show 🗑
|
||||
| show | header data
🗑
|
||||
| The uppercase letter ____ has a hexadecimal value of 41. | show 🗑
|
||||
| show | TIFF
🗑
|
||||
| The simplest way to access a file header is to use a(n) ____ editor | show 🗑
|
||||
| The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C01 0000 2065 5874 656E 6465 6420 03. | show 🗑
|
||||
| ____ is the art of hiding information inside image files. | show 🗑
|
||||
| show | Insertion
🗑
|
||||
| ____ steganography replaces bits of the host file with other bits of data. | show 🗑
|
||||
| show | Outguess
🗑
|
||||
| ____ has also been used to protect copyrighted material by inserting digital watermarks into a file. | show 🗑
|
||||
| When working with image files, computer investigators also need to be aware of ____ laws to guard against copyright violations. | show 🗑
|
||||
| Under copyright laws, computer programs may be registered as ____. | show 🗑
|
||||
| Under copyright laws, maps and architectural plans may be registered as ____. | show 🗑
|
||||
| show | metafile
🗑
|
||||
| ____________________ is the process of coding of data from a larger form to a smaller form. | show 🗑
|
||||
| The ____________________ is the best source for learning more about file formats and their associated extensions. | show 🗑
|
||||
| show | TIFF
🗑
|
||||
| show | insertion
🗑
|
||||
| show | Network forensics
🗑
|
||||
| show | Network
🗑
|
||||
| show | Tcpdump
🗑
|
||||
| show | Snort
🗑
|
||||
| ____ is the U.S. DoD computer forensics lab’s version of the dd command that comes with Knoppix-STD. | show 🗑
|
||||
| show | Packet sniffers
🗑
|
||||
| show | 3
🗑
|
||||
| ____ is the text version of Ethereal, a packet sniffer tool. | show 🗑
|
||||
| The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. | show 🗑
|
||||
| show | zombies
🗑
|
||||
| show | client/server architecture
🗑
|
||||
| show | GUI
🗑
|
||||
| When working on a Windows environment you can press ____ to copy the selected text to the clipboard. | show 🗑
|
||||
| To retrieve an Outlook Express e-mail header right-click the message, and then click ____ to open a dialog box showing general information about the message. | show 🗑
|
||||
| show | .pst
🗑
|
||||
| ____ is a comprehensive Web site that has options for searching for a suspect, including by e-mail address, phone numbers, and names. | show 🗑
|
||||
| ____ contains configuration information for Sendmail, allowing the investigator to determine where the log files reside. | show 🗑
|
||||
| show | /var/log
🗑
|
||||
| show | checkpoint
🗑
|
||||
| show | GroupWise
🗑
|
||||
| Developed during WWII, this technology,____, was patented by Qualcomm after the war. | show 🗑
|
||||
| show | TDMA
🗑
|
||||
| show | IS-136
🗑
|
||||
| Typically, phones store system data in ____, which enables service providers to reprogram phones without having to physically access memory chips. | show 🗑
|
||||
| show | SIM
🗑
|
||||
| show | PDAs
🗑
|
||||
| The file system for a SIM card is a ____ structure. | show 🗑
|
||||
| show | MF
🗑
|
||||
| show | Device Seizure
🗑
|
||||
| In a Windows environment, BitPim stores files in ____ by default. | show 🗑
|
Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
To hide a column, click on the column name.
To hide the entire table, click on the "Hide All" button.
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Created by:
ITSec_guy
Popular Computers sets