Question 1

Match the terms with the correct definitions?.
-?An open-source data acquisition format that stores image data and metadata

Accepted Answer

A)  Advanced Forensic Format (AFF) 
B)  Host protected area (HP
A)  
C)  Live acquisitions
D)  Logical acquisitions
E)  Raw formatF) Redundant array of independent disks (RAI
D)  G) Sparse acquisitionH) Static acquisitionsI) Whole disk encryptionJ) .pdg extensionK) D) and H)
L) F) and H)

Question 2

How can lossless compression be tested?​

Accepted Answer

Lossless compression can be tested using...

Question 3

Match the terms with the correct definitions?.
-A data acquisition format that creates simple sequential flat files of a suspect drive or data set

Accepted Answer

A)  Advanced Forensic Format (AFF) 
B)  Host protected area (HP
A)  
C)  Live acquisitions
D)  Logical acquisitions
E)  Raw formatF) Redundant array of independent disks (RAI
D)  G) Sparse acquisitionH) Static acquisitionsI) Whole disk encryptionJ) .pdg extensionK) B) and F)
L) D) and E)

Question 4

​The ImageUSB utility can be used to create a bootable flash drive.

Accepted Answer

A) True 
 B)False  True

Question 5

A RAID 3 array uses distributed data and distributed parity in a manner similar to a RAID 5 array.

Accepted Answer

A) True 
 B)False

Question 6

​________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Accepted Answer

Elcomsoft ...

Question 7

What is lossless compression?

Accepted Answer

Lossless compression uses comp...

Question 8

Match the terms with the correct definitions?.
-?A data acquisition method used when a suspect computer can't be shut down to perform a static acquisition

Accepted Answer

A)  Advanced Forensic Format (AFF) 
B)  Host protected area (HP
A)  
C)  Live acquisitions
D)  Logical acquisitions
E)  Raw formatF) Redundant array of independent disks (RAI
D)  G) Sparse acquisitionH) Static acquisitionsI) Whole disk encryptionJ) .pdg extensionK) A) and H)
L) B) and C)

Question 9

​An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Accepted Answer

A)  ​​/ dev​/ hda
B)  ​​/ dev​/ hda1
C)  ​/ dev​/ sda
D)  ​/ dev​/ sda1E) None of the above
F) B) and D)

Question 10

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​

Accepted Answer

A)  ​512 MB
B)  ​2 GB
C)  1 TB
D)  1 PBE) C) and D)
F) A) and B)

Question 11

​What is the name of the Microsoft solution for whole disk encryption?

Accepted Answer

A)  ​DriveCrypt
B)  ​TrueCrypt
C)  BitLocker
D)  SecureDriveE) A) and C)
F) B) and D)

Question 12

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

Accepted Answer

A)  ​intrusion detection system
B)  ​active defense mechanism
C)  total awareness system
D)  intrusion monitoring systemE) A) and D)
F) None of the above

Question 13

The Linux command _____ can be used to write bit-stream data to files.​

Accepted Answer

A)  ​write
B)  ​dd
C)  cat
D)  dumpE) A) and D)
F) A) and C)

Question 14

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.​

Accepted Answer

A) True 
 B)False

Question 15

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

Accepted Answer

A)  ​-p
B)  ​-s
C)  -b
D)  -SE) All of the above
F) B) and C)

Question 16

​Which RAID type provides increased speed and data storage capability, but lacks redundancy?

Accepted Answer

A)  ​RAID 0
B)  ​RAID 1
C)  RAID 0+1
D)  RAID 5E) All of the above
F) A) and D)

Question 17

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​

Accepted Answer

A)  ​RAID 1
B)  ​RAID 3
C)  RAID 5
D)  RAID 10E) B) and D)
F) C) and D) D

Question 18

​What is a hashing collision?

Accepted Answer

A hashing collision occurs when two files or data streams with different content produce the same digital fingerprint.

Question 19

What two command line utilities are available on Linux for validating files?

Accepted Answer

Both md5sum and sha1...

Question 20

​Describe a RAID 6 configuration.

Accepted Answer

​In RAID 6, distributed data and distrib...

Exam 3: Data Acquisition

Match the terms with the correct definitions?. -?An open-source data acquisition format that stores image data and metadata

Correct AnswerverifiedShow Answer

How can lossless compression be tested?​

Correct AnswerverifiedLossless compression can be tested using...View AnswerShow Answer

Match the terms with the correct definitions?. -A data acquisition format that creates simple sequential flat files of a suspect drive or data set

Correct AnswerverifiedShow Answer

​The ImageUSB utility can be used to create a bootable flash drive.

Correct AnswerverifiedTrue

A RAID 3 array uses distributed data and distributed parity in a manner similar to a RAID 5 array.

Correct AnswerverifiedShow Answer

​________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Correct AnswerverifiedElcomsoft ...View AnswerShow Answer

What is lossless compression?

Correct AnswerverifiedLossless compression uses comp...View AnswerShow Answer

Match the terms with the correct definitions?. -?A data acquisition method used when a suspect computer can't be shut down to perform a static acquisition

Correct AnswerverifiedShow Answer

​An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Correct AnswerverifiedShow Answer

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?​

Correct AnswerverifiedShow Answer

​What is the name of the Microsoft solution for whole disk encryption?

Correct AnswerverifiedShow Answer

The _______ copies evidence of intrusions to an investigation workstation automatically for further analysis over the network.

Correct AnswerverifiedShow Answer

The Linux command _____ can be used to write bit-stream data to files.​

Correct AnswerverifiedShow Answer

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.​

Correct AnswerverifiedShow Answer

The _______ switch can be used with the split command to adjust the size of segmented volumes created by the dd command.

Correct AnswerverifiedShow Answer

​Which RAID type provides increased speed and data storage capability, but lacks redundancy?

Correct AnswerverifiedShow Answer

Which RAID type utilizes mirrored striping, providing fast access and redundancy?​

Correct AnswerverifiedD

​What is a hashing collision?

Correct AnswerverifiedA hashing collision occurs when two files or data streams with different content produce the same digital fingerprint.

What two command line utilities are available on Linux for validating files?

Correct AnswerverifiedBoth md5sum and sha1...View AnswerShow Answer

​Describe a RAID 6 configuration.

Correct Answerverified​In RAID 6, distributed data and distrib...View AnswerShow Answer

Correct Answer
verified

How can lossless compression be tested?

Correct Answer
verified
Lossless compression can be tested using...
View Answer

Correct Answer
verified

The ImageUSB utility can be used to create a bootable flash drive.

Correct Answer
verified
True

Correct Answer
verified

________________ software can sometimes be used to decrypt a drive that is utilizing whole disk encryption.

Correct Answer
verified
Elcomsoft ...
View Answer

Correct Answer
verified
Lossless compression uses comp...
View Answer

Correct Answer
verified

An investigator wants to capture all data on a SATA drive connected to a Linux system. What should the investigator use for the "if=" portion of the dcfldd command?

Correct Answer
verified

When using a target drive that is FAT32 formatted, what is the maximum size limitation for split files?

Correct Answer
verified

What is the name of the Microsoft solution for whole disk encryption?

Correct Answer
verified

Correct Answer
verified

The Linux command _____ can be used to write bit-stream data to files.

Correct Answer
verified

A forensics investigator should verify that acquisition tools can copy data in the HPA of a disk drive.

Correct Answer
verified

Correct Answer
verified

Which RAID type provides increased speed and data storage capability, but lacks redundancy?

Correct Answer
verified

Which RAID type utilizes mirrored striping, providing fast access and redundancy?

Correct Answer
verified
D

What is a hashing collision?

Correct Answer
verified
A hashing collision occurs when two files or data streams with different content produce the same digital fingerprint.

Correct Answer
verified
Both md5sum and sha1...
View Answer

Describe a RAID 6 configuration.

Correct Answer
verified
In RAID 6, distributed data and distrib...
View Answer