ENCE Study Guide Exam Questions With 100% Correct Answers
0 view 0 purchase
Course
ENCE
Institution
ENCE
ENCE Study Guide Exam Questions With
100% Correct Answers
Encase Evidence File - answerbit stream image of evidence written to a file
Encase Evidence File - answercontains case data that cannot be changed after evidence file is
created, contains case number, examiner name, evidence number, uniq...
ENCE Study Guide Exam Questions With
100% Correct Answers
Encase Evidence File - answer✔bit stream image of evidence written to a file
Encase Evidence File - answer✔contains case data that cannot be changed after evidence file is
created, contains case number, examiner name, evidence number, unique descriptions, date/time
of computer system clock, acquisition notes, serial number of physical hard drive
Cyclical Redundancy Check - answer✔32 bit CRC for 64 sectors of data only if no compression
is used
CRC - answer✔calculated when evidence file is added to a case and rechecked every time the
data block is accessed
Verification Hash - answer✔digital signature of all data in evidence file
MD5 - answer✔128-bit/32 characters hash
SHA1 - answer✔160-bit hash
Standard Error Granularity - answer✔size of data blocks when a read error on the media occurs
Exhaustive Error Granularity - answer✔sector by sector when a read error on the media occurs
compression algorithm - answer✔when compression is used, this is used to verify data blocks
MD5,SHA1,CRC - answer✔These three must match for the evidence file to be verified
.case - answer✔case file extension
case file - answer✔compound file containing booksmarks, investigators notes, results of file
signature and hash analysis, pointers to the locations of evidence files on forensic workstations
configuration .ini files - answer✔contains global options used for all cases
filetypes.ini - answer✔organizes files into groups by entension, determines which viewer to use,
file signature table
local.ini - answer✔global configuration settings
viewers.ini - answer✔installed viewers associated to Encase
Wipe harddrive - answer✔do this to eliminate any claims or arguments of cross contamination
give unique label - answer✔do this prior to acquisitons to differentiate your drives from that of
the suspect
separate folders - answer✔are recommended for each separate case
Export,Temp,EvidenceCache - answer✔each case requires these three folders
evidencecache - answer✔sotring cache files and containers for processed evidence
export - answer✔default folder for exporting evidence
temp - answer✔default temporary folder for file viewing
Encase Evidence Processor - answer✔first task you undertake once the data is validated and
browsable
recover folders - answer✔recovers files that have been deleted or corrupted on FAT and NTFS
volumes
hash analysis - answer✔generate MD5 and SHA1 hash values for files and compare against your
case hash library
expand compound files - answer✔expands compound and compressed files such as ZIP, RAR,
and GZ
find email - answer✔extracts individual messages from email archive files
PST - answer✔microsoft outlook files
NSF - answer✔Lotus notes files
DBX - answer✔microsoft outlook express files
EDB - answer✔microsoft exchance files
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller sirjoel. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.
