Please enter something
Home Page Computer Forensics Computer forensics - quiz 5 - Flashcards

Computer forensics – quiz 5 – Flashcards

Jonathan Walsh
8 July 2022
27 test answers

Unlock all answers in this set

Unlock answers 27
question
A computer stores system configuration and date and time information in the BIOS when power to the system is off t/f
answer
false
question
When data is deleted on a hard drive, only references to it are removed, which leaves the original data on unallocated disk space t/f
answer
true
question
Someone who wants to hide data can create hidden partitions or void-large unused gaps between partitions on a disk drive. Data that is hidden in partition gaps cannot be retrieved by forensics utilities t/f
answer
false
question
FAT32 is used on older Microsoft OSs, such as ms-dos 3.0 through 6.22, windows 95 (first release), and windows NT 3.3 and 4.0 t/f
answer
false
question
Each MFT record starts with a header identifying it as a resident or nonresident attribute t/f
answer
false
Unlock the answer
question
A typical disk drive stores how many bytes in a single sector? a. 8 b. 512 c. 1024 d. 4096
answer
b
Unlock the answer
question
Most manufacturers use what technique in order to deal with the fact that a platter's inner tracks have a smaller circumference than the outer tracks? a. disk track recording (DTR) b. zone based areal density (ZBAD) c. zone bit recording (ZBR) d. cylindrical head calculation (CHC)
answer
c
Unlock the answer
question
What hexadecimal code below identifies an NTFS file system in the partition table? a. 05 b. 07 c. 1B d. A5
answer
b
Unlock the answer
question
When using the file allocation table (FAT), where is the FAT database typically written to? a. the innermost track b. the outermost track c. the first sector d. the first partition
answer
b
Unlock the answer
question
Select below the file system that was developed for mobile personal storage devices, such as flash memory devices, secure digital extended capacity (SDCX), and memory sticks: a. FAT12 b. FAT32 c. exFAT d. VFAT
answer
c
Unlock the answer
question
What term is used to describe a disk's logical structure of platters, tracks, and sectors? a. cylinder b. trigonometry c. geometry d. mapping
answer
c
Unlock the answer
question
a master boot record (MBR) partition table marks the first partition starting at what offset? a. 0x1CE b. 0x1BE c. 0x1AE d. 0x1DE
answer
b
Unlock the answer
question
The ??? command insets a HEX E5 (0xE5) in a filename's first letter position in the associated directory entry a. delete b. edit c. update d. clear
answer
a
Unlock the answer
question
What metadata record in the MFT keeps track of previous transactions to assist in recovery after a system failure in an NTFS volume? a. $MgyMirr b. $TransAct c. $LogFile d. $Backup
answer
c
Unlock the answer
question
What command below can be used to decrypt EFS files? a. cipher b. copy c. efsrecvr d. decrypt
answer
c
Unlock the answer
question
Which of the following commands creates an alternate data stream? a. echo text ; myfile. txt:syream_name b. ads create myfile.txt(stream_name) "text" c. cat text myfile.txt=stream_name d. echo text
answer
a
Unlock the answer
question
What term below describes a column of tracks on two or more disk platters? a. sector b. cluster c. cylinder d. header
answer
c
Unlock the answer
question
Which of the following is not a valid configuration of Unicode? a. UTF-8 b. UTF-16 c. UTF-32 d. UTF-64
answer
d
Unlock the answer
question
What does the MTF header field at offset 0x00 contain? a. the MFT record identifier FILE b. the size of the MFT record c. the length of the header d. the update sequence array
answer
a
Unlock the answer
question
The ReFs storage engine uses a ??? sort method for fast access to large data sets. a. A+-tree b. B+-tree c. reverse d. numerical
answer
b
Unlock the answer
question
What third party encryption tool creates a virtual encrypted volume, which is a file mounted as though it were a disk drive? a. PP full disk encryption b. voltage SecureFile c. BestCrypt d. TrueCrypt
answer
d
Unlock the answer
question
the ??? branches in HKEY_LOCAL_MACHINE/software consist of SAM, security, components, and system a. registry b. storage c. hive d. tree
answer
c
Unlock the answer
question
What registry file contains user account management and security settings? a. default.dat b. software.dat c. SAM.dat d Ntuser.dat
answer
c
Unlock the answer
question
What registry file contains installed programs' settings and associated usernames and passwords? a. default.dat b. software.dat c. sam.dat d. ntuser.dat
answer
c
Unlock the answer
question
Addresses that allow the MFT to link to nonresident files are known as ??? a. virtual cluster numbers b. logical cluster numbers c. sequential cluster numbers d. polarity cluster numbers
answer
b
Unlock the answer
question
Addresses that allow the MFT to link to nonresident files are known as ??? a. virtual cluster numbers b. logical cluster numbers c. sequential cluster numbers d. polarity cluster numbers
answer
b
Unlock the answer
question
Addresses that allow the MFT to link to nonresident files are known as ??? a. virtual cluster numbers b. logical cluster numbers c. sequential cluster numbers d. polarity cluster numbers
answer
b
Unlock the answer
Get an explanation on any task
Get unstuck with the help of our AI assistant in seconds
New
Get unstuck with AI assistant right now
  • Enter your topic/question
  • Receive an explanation
Pro tips to get quality response
  • Ask one question at a time
  • Enter a specific assignment topic
  • Aim at least 500 characters
Question
What is the right structure for an essay
Answer
A paragraph is a related group of sentences that develops one main idea. Each paragraph in the body of the essay should contain:
  • a topic sentence that states the main or controlling idea
  • supporting sentences to explain and develop the point you’re making
  • evidence from your reading or an example from the subject area that supports your point
  • analysis of the implication/significance/impact of the evidence finished off with a critical conclusion you have drawn from the evidence.