We’ve updated our privacy policy so that we are compliant with changing global privacy regulations and to provide you with insight into the limited ways in which we use your data. Show You can read the details below. By accepting, you agree to the updated privacy policy. Thank you! View updated privacy policy We've encountered a problem, please try again. CHAPTER 6 Review questions and words1. Forensic software tools are grouped into ____________ and _______________applications. Get answer to your question and much more 2. According to ISO standard 27037, which of the following is an important factor indataacquisition? (Choose all that apply.) Get answer to your question and much more 3. One reason to choose a logical acquisition is an encrypted drive. True or False? Get answer to your question and much more 4. Hashing, filtering, and file header analysis make up which function of digitalforensics tools? Get answer to your question and much more 5. Hardware acquisition tools typically have built-in software for data analysis. Trueor False? Get answer to your question and much more 6. The reconstruction function is needed for which of the following purposes?(Choose all that apply.) Get answer to your question and much more 7. List three subfunctions of the extraction function. Get answer to your question and much more What are the five required functions for computer forensics tools? acquisition, validation and discrimination, extraction, reconstruction, and reporting A disk partition can be copied only with a command-line
acquisition tool. True or False?A) True What two data-copying methods are used in software data acquisitions?A) Remote and local During a remote acquisition of a suspect drive, RAM data is lost. True or False?A) True Hashing, filtering, and file header analysis make up which function of computer forensics tools?A) Validation and discrimination A) Validation and discrimination Sleuth Kit is used to access Autopsy’s tools. True or False?A) True When considering new forensics software tools, you should do which of the following? A) Uninstall other forensic software. C) Test and validate the software. Of the six functions of computer forensics tools, what are the subfunctions of the Extraction function? Data viewing, Keyword searching, Decompressing, Carving, Decrypting, and Bookmarking Data can’t be written to the disk with a command-line tool. True or False?A) True Hash values are used for which of the following purposes? (Choose all that apply.)A) Determining
file size B) Filtering known good files from potentially suspicious data What’s the name of the NIST project established to collect all known hash values for commercial software and OS files? National Software Reference Library (NSRL) Many of the newer GUI tools use a lot of system resources. True or False?A) True Building a forensic workstation is more expensive than purchasing one. True or False?A) True A live acquisition is considered an accepted forensics practice. True or False?A) True Which of the following is true of most drive-imaging tools? (Choose all that apply.)A) They perform the same function as a backup. B) They ensure that the original drive doesn’t become corrupt and damage the digital evidence. The standards for testing forensics tools are based on which criteria? A) U.S. Title 18 Which of the following tools can examine files created by WinZip?A) FTK List four subfunctions of reconstructing drives. disk-to-disk copy, image-to-disk copy, partition-to-partition copy, image-to-partition copy When validating the results of a forensic analysis, you should do which of the following?A) Calculate the hash value with two different tools. A) Calculate the hash value with two different tools. NIST testing procedures are valid only for government agencies. True or False?FalseA) True What two data copying methods are used in software data acquisitions?Two types of data-copying methods are used in software acquisitions: Physical copying of the entire drive. Logical copying of a disk partition.
What is the data copying process referred to as?The process of copying data from the memory location is called Fetching.
What is a forensic duplicate image?Digital Forensics
A forensic clone is an exact bit-for-bit copy of a piece of digital evidence. Files, folders, hard drives, and more can be cloned. A forensic clone is also known as a bit-stream image or forensic image.
Which of the following statements about most drive imaging tools is correct?Which of the following is true of most drive-imaging tools? They perform the same function as a backup. They ensure that the original drive doesn't become corrupt and damage the digital evidence.
|