Digital Forensics Examinations

Published on March 2021 | Categories: Documents | Downloads: 0 | Comments: 0 | Views: 53
of x
Download PDF   Embed   Report

Comments

Content

 

Digital Forensics Examinations Intermediate Question

Your Answer   LinuxDD

1

The following tool(s) are considered forensic analysis tools:

EnCase FTK  DC3DD LinuxDD

2

The following tool(s) can be used to create a hash value for digital media:

DC3DD MD5SUM EnCase ipconfig

3

In Linux, this command is used to view/ modify the internet connection attributes?

snort ifconfig devdump MAC OS 3

4

System restore is a component of which of the following?

Windows XP Fedora Windows 7 $FILE_NAME

5

Which of the following attributes does the $MFT file not contain?

$BITMAP $METADATA $DATA lsat

6

In Linux, this command is used to show the status of the print queue or queus?

lpstat statp  prntq

7 The foll followi owing ng tool( tool(s) s) can can be used used to to create create a  bit for bit image:

EnCase COFEE

 

FTK  Autopsy Identify specific file types 8

A hash set is typically used to (more than one may apply):

Where do browsers store email messages by 9 default?

Eliminate known good files Identify specific files of interest Identify files that are common to different file systems or groups of files Internet Cache System Cache WebStore Cache fd0

Which of the following could represent a USB 10 external storage device attached to a Linux system?

hda sdb sdb1 Store information about metadata  Nothing, it’s an unused attribute of  the MFT file

11 What What does does the the $bitma $bitmap p do?

Store information about allocated clusters Store information about allocated sectors Volatility

Which tool would assist in recovering volatile 12 memory data?

iLook  DataCarver  Gnome3

In the Master File Table (MFT) of NTFS, one 13 attribute is used to store the file's name and the file's content.

TRUE FALSE 1024

In NTFS, the size of each MFT entry is 14 defined by the boot sector and Microsoft uses a size of 

2048 512 4096

15 Which statements statements are true true about about RAID RAID volumes?

All RAID levels provide for data

 

redundancy and fault tolerance Only one disk from a RAID volume is normally required to recover  the data RAID 0 offers no redundancy or  fault tolerance A minimum of three disks are required for a RAID 5 volume They easily get angry

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close