Page: 1
/ 21
Total 313 questions
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
- A. Fill the disk with zeros
- B. Low-level format
- C. Fill the disk with 4096 zeros
- D. Copy files from the master disk to the slave disk on the secondary IDE controller
Answer : A
What technique is used by JPEGs for compression?
- A. ZIP
- B. TCD
- C. DCT
- D. TIFF-8
Answer : C
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
- A. The registry
- B. The swapfile
- C. The recycle bin
- D. The metadata
Answer : B
The following is a log file screenshot from a default installation of IIS 6.0.
What time standard is used by IIS as seen in the screenshot?
- A. UTC
- B. GMT
- C. TAI
- D. UT
Answer : A
An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.
- A. Magnetic
- B. Optical
- C. Anti-Magnetic
- D. Logical
Answer : B
When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?
- A. Proxify.net
- B. Dnsstuff.com
- C. Samspade.org
- D. Archive.org
Answer : D
What type of equipment would a forensics investigator store in a StrongHold bag?
- A. PDAPDA?
- B. Backup tapes
- C. Hard drives
- D. Wireless cards
Answer : D
What method of copying should always be performed first before carrying out an investigation?
- A. Parity-bit copy
- B. Bit-stream copy
- C. MS-DOS disc copy
- D. System level copy
Answer : B
With regard to using an antivirus scanner during a computer forensics investigation, you should:
- A. Scan the suspect hard drive before beginning an investigation
- B. Never run a scan on your forensics workstation because it could change your system configurationNever run a scan on your forensics workstation because it could change your system? configuration
- C. Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
- D. Scan your forensics workstation before beginning an investigation
Answer : D
If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?
- A. Keep the device powered on
- B. Turn off the device immediately
- C. Remove the battery immediately
- D. Remove any memory cards immediately
Answer : A
Davidson Trucking is a small transportation company that has three local offices in Detroit
Michigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not upholding company policy?
- A. IT personnel
- B. Employees themselves
- C. Supervisors
- D. Administrative assistant in charge of writing policies
Answer : C
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
- A. On the individual computer ARP cacheOn the individual computer? ARP cache
- B. In the Web Server log files
- C. In the DHCP Server log files
- D. There is no way to determine the specific IP address
Answer : C
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
- A. Write-blocker
- B. Protocol analyzer
- C. Firewall
- D. Disk editor
Answer : A
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should
John write in the guidelines to be used when destroying documents?
- A. Strip-cut shredder
- B. Cross-cut shredder
- C. Cross-hatch shredder
- D. Cris-cross shredder
Answer : B
An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as ow level? How long will the team have to respond to the incident?the investigation, the CEO informs them that the incident will be classified as ?ow level? How long will the team have to respond to the incident?
A. One working day -
B. Two working days -
C. Immediately -
D. Four hours -
Answer : A Topic 2, Volume B
30 days access 