This involves recovering information that could have been deleted by mistake or lost during a power outage for example.
What is data recovery
100
This is a sworn statement of support of facts about or evidence of a crime is submitted to a judge with the request for a search warrant before seizing evidence.
What is an affidavit
100
This is a bit-by-bit copy (also known as a sector copy) of the original drive or storage medium and is an exact duplicate.
What is a bit-stream copy
100
The process of recording all updates made on a lab’s workstations is called __________ management.
What is configuration/change management.
100
________ is an out-of-court statement that is offered to prove the truth of the matter asserted in the statement.
What is hearsay.
200
This is the process of obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases.
What is computer forensics
200
Police officers may have different _____ of expertise or certifications.
What are levels
200
The target disk that is used to copy evidence data should be at least _______ the size of the evidence disk.
What is one and a half times
200
This storage format is a universal format that is fast and is able to ignore minor data read errors on a source drive.
What is raw format
200
To establish authorship of digital evidence in some cases, attorneys can use __________ evidence, which requires finding other clues associated with the suspect’s computer or location.
What is circumstantial evidence.
300
This kind of investigation usually involves criminal cases and government agencies.
What are public investigations
300
Your professional ______ as a computer investigation and forensics analyst is critical because it determines your credibility. Professional _____ includes ethics, morals, and standards of behavior. Note: it’s the same word twice.
What is conduct
300
This is the acronym of the name of Windows 8’s file-system.
What is ReFS
300
One can validate digital evidence using a ________ algorithm such as MD5 or SHA-1.
What is hashing.
300
________ cause refers to the standard specifying whether a police officer has the right to make an arrest, conduct a personal or property search, or obtain a warrant for arrest.
What is probable cause.
400
This refers to the chronological documentation or paper trail, showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence.
What is the chain of custody
400
Part of the evidence gathering process involves keeping a form called an ___________ form.
What is evidence
400
At minimum, a forensics lab should have a __________ log listing people who have accessed the lab.
What is a visitor’s log
400
This RAID level is made up of two disks and if one drive fails, the OS switches to the other disk. The contents on the two disks is identical.
What is RAID-1
400
This is the file system that was commonly used in Windows 2000, XP, Vista, Windows 7+. Disks could be as large as 2TB.
What is NTFS
500
The witness or victim is often referred to as this. He or she makes an allegation to the police (an accusation or supposition of fact that a crime has been committed).
What is a complainant
500
To secure and catalog the evidence contained in large computer components, you can use large ______ bags, tape, tags, labels, and other products available from police supply.
What are evidence bags
500
A _______ ______ plan ensures that you can restore your forensic lab’s workstations and file servers to their original condition if a catastrophic failure occurs.
What is disaster recovery
500
Only ______ person (how many?) should collect and catalog digital evidence at a crime scene or lab.
What is one person.
500
When Microsoft introduced Windows 2000, it added built-in encryption to NTFS called this.