1
2
3
4
5
100
Before opening a recovered file, it should be checked for
What is a virus
100
38. When formatting a hard drive, the type of ___________________________ must be selected.
What is file system
100
43. For most law-enforcement-related computer investigations, the examiner is limited to working with data Defined in the _____________________.
What is search warrant
100
48. Data that is stored as little-endian has the ____________________ in the lowest (smallest) memory address.
What is LSB
100
53. An information exchange sequence refers to the data’s _____________________.
What is endianness or byte order
200
34. Forensics tools such as ___________________ can retrieve deleted files for use as evidences.
What is ProDiscover Basic
200
39. When searching evidence media, keywords relevant to the case should be obtained from the _____________.
What is evidence media & chief investigator
200
44. In EnCase, ______________________ are used to select items to include in a report.
What is Bookmarks
200
49. When using EnCase, a case must be ___________________ before it can be previewed.
What is created
200
54. The common compression JPEG compression format are: ______________________.
What is JFIF and Exif
300
35. The _____________________ DOS command will display hidden files and folders.
What is DIR/a
300
40. To complete a forensic disk analysis and examination, an examiner must create a ___________________.
What is a report
300
45. ______________________ are used in desktop computers to add peripheral devices.
What is Adapter cards
300
50. The first 32 ASCII characters are ______________________ characters.
What is Non-printable
300
55. The _________________ of a CPU plays a significant role in a computer’s specifications.
What is Speed
400
36. For Header/Maximum file Size Carving, the _____________________ must be identified
What is start of file marker & maximum file size
400
41. Notebook computers use _______________________ hard drives.
What is 2.5” and 1.8”
400
46. A _______________________ must be used to acquire a forensic image of a Small Computer System Interface
What is SCIS cable
400
51. The two views available in ProDiscover are: _______________________.
What is Cluster and Content
400
56. The analysis of digital evidence follows the ___________________ process.
What is all the above
500
37. A __________________ attack uses every possible letter, number, and character found on a keyboard when cracking a password.
What is Brute-force
500
42. The step(s) required to preview a device in EnCase are. ____________________.
What is add device, then preview device
500
47. After an image is acquired in EnCase, the image is displayed in the ____________________ Pane.
What is Tree
500
52. Transistor memory storage media includes _______________________.
What is ROM, EPROM, EEPROM, flash memory
500
57. The EnCase Timeline feature displays a user’s _________________________.
What is Internet browser activity
M
e
n
u