100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
3-Guide to Computer Forensics and Investigations $10.49   Add to cart

Other

3-Guide to Computer Forensics and Investigations

 1 view  0 purchase
  • Course
  • Computer Forensics and Investigations
  • Institution
  • Computer Forensics And Investigations

If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not available. (T/F) - answer-False The most common and time-consuming technique for preserving evidence is creating a duplicate copy of your disk-to-image file. (T/F) - answer-True Some acquis...

[Show more]

Preview 2 out of 6  pages

  • October 1, 2024
  • 6
  • 2024/2025
  • Other
  • Unknown
  • Computer Forensics and Investigations
  • Computer Forensics and Investigations
avatar-seller
TOPDOCTOR
3-Guide to Computer Forensics and Investigations
If the computer has an encrypted drive, a live acquisition is done if the password or passphrase is not
available. (T/F) - answer-False

The most common and time-consuming technique for preserving evidence is creating a duplicate copy
of your disk-to-image file. (T/F) - answer-True

Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive. (T/F) - answer-
True

FTK Imager requires that you use a device such as a USB dongle for licensing. (T/F) - answer-True

Unlike RAID 0, RAID 3 stripes tracks across all disks that make up one volume. (T/F) - answer-False

One major disadvantage of _________ format acquisitions is the inability to share an image between
different vendors' computer forensics analysis tools. - answer-proprietary

Typically, a(n) __________ acquisition is done on a computer seized during a police raid, for example. -
answer-static

If the computer has an encrypted drive, a ________ acquisition is done if he password or passphrase is
available. - answer-live

The most common and flexible data-acquisition method is _________. - answer-disk-to-image file

Older Microsoft disk compression tools, such as doublespace or ______________, eliminate only slack
disk space between files. - answer-drivespace

If your time is limited, consider using a logical acquisition or ______________ acquisition data copy
method. - answer-Sparse

Image files can be reduced by as much as __________ % of the original when using lossless
compression. - answer-50%

Microsoft has added ____________ with bitlocker to its newer operating systems, which makes
performing static acquisitions more difficult. - answer-whole disk encryption

Linux ISO images that can be burned to a CD or DVD are referred to as __________. - answer-Linux Live
cds

The ___________ command displays pages from the online help manual for information on Linux
commands and their options. - answer-man

The _________ command creates a raw format file that most computer forensics analysis tools can
read, which makes it useful for data acquisitions. - answer-dd

, The _________ command, works similiarly to the dd command but has many featured designed for
computer forensics acquisitions. - answer-dcfldd

Current distributions of Linux include two hashing algorithm utilities: md5sum and ________. - answer-
sha1sum

You use the ________ option with the dcfldd command to designate a hashing algorithm of md5, sha1,
sha256, sha384, or sha512. - answer-hash

Autopsy uses ___________ to validate an image. - answer-MD5

In Autopsy and many other forensics tools raw format image files don't contain metadata. (T/F) -
answer-True

Similar to Linux, Windows also has built-in hashing algorithm tools for digital forensics. (T/F) - answer-
False

A separate manual validation is recommended for all raw acquisitions at the time of analysis. (T/F) -
answer-True

Acquisitions of RAID drives can be challenging and frustrating for digital forensics examiners because of
how RAID systems are designed, configured, and sized. (T/F) - answer-True

For Windows XP, 2000, and NT servers and workstations, RAID 0 or ___________ is available. - answer-
RAID 1

In _______________, two or more disk drives become one large volume, so the computer views the
disks as a single disk. - answer-RAID 0

_______________, or mirrored striping, is a combination of RAID 1 and RAID 0. - answer-RAID 10

____________, or mirrored striping with parity, is a combination of RAID 1 and RAID 5. - answer-RAID 15

There's no simple method for getting an image of a RAID server's disks. (T/F) - answer-True

Most remote acquisitions have to be done as _______ acquisitions. - answer-live

What's the main goal of a static acquisition? - answer-Preservation of digital evidence

Name the three formats for digital forensics data acquisitions. - answer-Raw format
Proprietary formats
Advanced Forensic Format (AFF)

What are two advantages and disadvantages of the raw format? - answer-Advantages:
Faster data transfer speeds, ignores minor data errors, and most forensics analysis tools can read it.

Disadvantages:

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller TOPDOCTOR. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $10.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

75632 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$10.49
  • (0)
  Add to cart