Midterm Prep

Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings.

Which amendment to the U.S. Constitution protects everyone's right to be secure in their person, residence, and property from search and seizure?

Which Microsoft OS below is the least intrusive to disks in terms of changing data?​

_______ is not recommended for a digital forensics workstation.

​Within a computing investigation, the ability to perform a series of steps again and again to produce the same results is known as _______.

If a police officer or investigator has sufficient cause to support a search warrant, the prosecuting attorney might direct him or her to submit a(n) _______.​

_______ describes an accusation of fact that a crime has been committed.

_______ is not one of the functions of the investigations triad.

In what year was the Computer Fraud and Abuse Act passed?​

​The _______ is not one of the three stages of a typical criminal case.

​After a judge approves and signs a search warrant, the _______ is responsible for the collection of evidence as defined by the warrant.

The _______ is responsible for analyzing data and determining when another specialist should be called in to assist with analysis.

The sale of sensitive or confidential company information to a competitor is known as _______.

Which option below is not a standard systems analysis step?​

A chain-of-evidence form, which is used to document what has and has not been done with the original evidence and forensic copies of the evidence, is also known as a(n) _______.

​An evidence custody form does not usually contain _______.

What tool, currently maintained by the IRS Criminal Investigation Division and limited to use by law enforcement, can analyze and read special files that are copies of a disk?​

The term _______ describes a database containing informational records about crimes that have been committed previously by a criminal.

_______ must be included in an affidavit to support an allegation in order to justify a warrant.

After the evidence has been presented in a trial by jury, the jury must deliver a(n) _______.

Candidates who complete the IACIS test successfully are designated as a _______.

​What certification program, sponsored by ISC2, requires knowledge of digital forensics, malware analysis, incident response, e-discovery, and other disciplines related to cyber investigations?

How long are computing components designed to last in a normal business environment?​

Which of the following scenarios should be covered in a disaster recovery plan?​

Which operating system listed below is not a distribution of the Linux OS?

_______ describes the characteristics of a safe storage container.

​In order to qualify for the Certified Computer Forensic Technician, Basic Level certification, how many hours of computer forensics training are required?

Which file system below is utilized by the Xbox gaming system?​

Which ISO standard below is followed by the ASCLD?

_______ is responsible for creating and monitoring lab policies for staff, and provides a safe and secure workplace for staff and evidence.​

​What percentage of consumers utilize Intel and AMD PCs?

_______ can be used to restore backup files directly to a workstation.

​How often should hardware be replaced within a forensics lab?

​A TEMPEST facility is designed to accomplish which of the following goals?

​In order to qualify for the Advanced Certified Computer Forensic Technician certification, a candidate must have _______ years of hands-on experience in computer forensics investigations.

In order to qualify for the Certified Computer Crime Investigator, Basic Level certification, candidates must provide documentation of at least _______ cases in which they participated.​

Which tool below is not recommended for use in a forensics lab?​

​Which option below is not a recommendation for securing storage containers?

Which option below is not one of the recommended practices for maintaining a keyed padlock?

_______ is a specialized viewer software program.

​Which option below is not a hashing function used for validation checks?

The Linux command _____ can be used to write bit-stream data to files.​

Which option below is not a Linux Live CD meant for use as a digital forensics tool?​

The _______ command was developed by Nicholas Harbour of the Defense Computer Forensics Laboratory.

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​

Within the fdisk interactive menu, what character should be entered to view existing partitions?​

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​

​Which RAID type provides increased speed and data storage capability, but lacks redundancy?

Which RAID type utilizes a parity bit and ​allows for the failure of one drive without losing data?

_______ creates a virtual volume of a RAID image file, and then makes repairs on the virtual volume, which can then be restored to the original RAID.

_______ is the utility used by the ProDiscover program for remote access.

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

Which open-source acquisition format is capable of producing compressed or uncompressed image files, and uses the .afd extension for segmented image files?

​What is the name of the Microsoft solution for whole disk encryption?

​Which technology below is not a hot-swappable technology?

_______ would not be found in an initial-response field kit.

_______ is a common cause for lost or corrupted evidence.

​What does FRE stand for?

If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.

_______ is the term for a statement that is made by someone other than an actual witness to the event while testifying at a hearing.

You must abide by the _______ while collecting evidence.

Which of the following is not done when preparing for a case?​

A _______ is not ​a private sector organization.

In cases that involve dangerous settings, what kind of team should be used to recover evidence from the scene?​

_______ are a special category of private sector businesses, due to their ability to investigate computer abuse committed by employees only, but not customers.

The ability to obtain a search warrant from a judge that authorizes a search and seizure of specific evidence requires sufficient _______.​

Which court case established that it is not necessary for computer programmers to testify in order to authenticate computer-generated records?​

What should you do while copying data on a suspect's computer that is still live?​

The term _______ describes rooms filled with extremely large disk systems that are typically used by large business data centers.

_______ does not recover data in free or slack space.

When seizing digital evidence in criminal investigations, whose standards should be followed?​

The term _______ is used to describe someone who might be a suspect or someone with additional knowledge that can provide enough evidence of probable cause for a search warrant or arrest.

What type of media has a 30-year lifespan?​

​As a general rule, what should be done by forensics experts when a suspect computer is seized in a powered-on state?

Which system below can be used to quickly and accurately match fingerprints in a database?​

​A typical disk drive stores how many bytes in a single sector?

​Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks?

What hexadecimal code below identifies an NTFS file system in the partition table?​

When using the File Allocation Table (FAT), where is the FAT database typically written to?​

Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital eXtended capacity (SDCX), and memory sticks:​

What term is used to describe a disk's logical structure of platters, tracks, and sectors?

A Master Boot Record (MBR) partition table marks the first partition starting at what offset?​

The ___________ command inserts a HEX E5 (0xE5) in a filename's first letter position in the associated directory entry.​

What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume?​

What command below can be used to decrypt EFS files?​

Which of the following commands ​creates an alternate data stream?

​What term below describes a column of tracks on two or more disk platters?

Which of the following is not a valid configuration of Unicode?​

What does the MFT header field at offset 0x00 contain?

​The ReFS storage engine uses a __________ sort method for fast access to large data sets.

​What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive?

The _________ branches in HKEY_LOCAL_MACHINE\Software consist of SAM, Security, Components, and System.

​What registry file contains user account management and security settings?

What registry file contains installed programs' settings and associated usernames and passwords?​

Addresses that allow the MFT to link to nonresident files are known as _______________.​

What tool below was written for MS-DOS and was commonly used for manual digital investigations?​

In general, what would a lightweight forensics workstation consist of?​

In what mode do most software write-blockers run?​

Reconstructing fragments of files that have been deleted from a suspect drive, is known as ____________ in North America.

​The ProDiscover utility makes use of the proprietary _______________ file format.

​What is the purpose of the reconstruction function in a forensics investigation?

Which of the following options is not a subfunction of extraction?​

In what temporary location below might passwords be stored? ​

The __________ Linux Live CD includes tools such as Autopsy and Sleuth Kit, ophcrack, ​dcfldd, MemFetch, and MBoxGrep, and utilizes a KDE interface.​

What option below is an example of a platform specific encryption tool?

What hex value is the standard indicator for jpeg graphics files?​

Passwords are typically stored as one-way _____________ rather than in plaintext.​

What program serves as the GUI front end for accessing Sleuth Kit's tools?​

Which of the following is stated within the ISO 27037 standard?​

The physical data copy subfunction exists under the ______________ function.​

A keyword search is part of the ​analysis process within what forensic function?

​What algorithm is used to decompress Windows files?

What is the goal of the NSRL project, created by NIST?​

​When performing disk acquisition, the raw data format is typically created with the UNIX/Linux _____________ command.

_______________ proves that two sets of data are identical by calculating hash values or using another similar method.​