AccessData A30-327 - AccessData Certified Examiner Exam
Page: 1 / 12
Total 60 questions
Question #1 (Topic: )
Which three items are displayed in FTK Imager for an individual file in the Properties
window? (Choose three.)
window? (Choose three.)
A. flags
B. filename
C. hash set
D. timestamps
E. item number
Answer: A,B,D
Question #2 (Topic: )
In FTK, which search broadening option allows you to find grammatical variations of the
word "kill" such as "killer," "killed," and "killing"?
word "kill" such as "killer," "killed," and "killing"?
A. Phonic
B. Synonym
C. Stemming
D. Fuzzy Logic
Answer: C
Question #3 (Topic: )
When using FTK Imager to preview a physical drive, which number is assigned to the first
logical volume of an extended partition?
logical volume of an extended partition?
A. 2
B. 3
C. 4
D. 5
Answer: D
Question #4 (Topic: )
When previewing a physical drive on a local machine with FTK Imager, which statement is
true?
true?
A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
D. FTK Imager should always be used in conjunction with a hardware write protect device to prevent writes to suspect media.
Answer: D
Question #5 (Topic: )
Which type of evidence can be added to FTK Imager?
A. individual files
B. all checked items
C. contents of a folder
D. all currently listed items
Answer: C
