Scribd
Upload
18 views

BBA Computer Forensics Quiz 3

Uploaded by

MynorGarzona
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
18 views

BBA Computer Forensics Quiz 3

Uploaded by

MynorGarzona
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

Question 1

___________ is some method of modifying data so that it is meaningless and


unreadable in its current form.

Response: Data hiding

Score: Encryption

Question 2
The ability to hide data in another file is called:

Response: Steganography

Score: 1 out of 1 Yes

Question 3
The portion of a disk that contains no stored data, but may contain latent data is
called

Response: Unallocated space

Score: 1 out of 1 Yes

Question 4
When a file is deleted from a from a FAT filesystem:

Response: All of these

Score: 1 out of 1 Yes

Question 5
The smallest addressable unit of data by a HDD generally consists of:

Response: 512 bytes

Score: 1 out of 1 Yes

Question 6
You are a computer forensic examiner investigating a seized computer. You
recovered a document containing potential evidence. You find out that the file
system on the forensic image of the hard drive is File Allocation Table (FAT). What
information about the document file can be found in the FAT on the media? (Choose
all that apply.)

Response: Name of the file

Response: Date and time stamps of the file

Score: Starting cluster of the file


Fragmentation of the file

Question 7
What is the filesystem used by Windows Vista or 7?

Response: NTFS

Score: 1 out of 1 Yes

Question 8
USB drives use _____

Response: Flash memory

Score: 1 out of 1 Yes

Question 9
You are a computer forensic examiner investigating media on a seized computer. You
recovered a document containing potential evidence. You find out that the file
system on the forensic image of the hard drive is New Technology File System
(NTFS). What information about the document file can be found in the NTFS master
file table on the media? (Choose all that apply.)

Response: Name of the file

Response: Date and time stamps of the file

Response: Ownership of the file

Score: Name of the file


Date and time stamps of the file
Starting cluster of the file
Fragmentation of the file
Ownership of the file

Question 10
A file header is which of the following?

Response: A unique set of characters at the beginning of a file that identifies the
file type

Score: 1 out of 1 Yes

Question 11
_________ preserving evidence means that the information contained on the drive
down to the last bit never changes during seizing, analysis and storage.

Response: Logically

Score: 1 out of 1 Yes

Question 12
Metadata include _____, file sizes, MAC times, MD5 hashes, and more.

Response: None of these

Score: Full file names

Question 13
_______ is used to identify relevant files and fragments of relevant files.

Response: String searching

Score: 1 out of 1 Yes

Question 14
What is the main drawback of FAT16?

Response: Restricted disk size


Score: 1 out of 1 Yes

Question 15
Data cannot be recovered from a hard drive after the user has deleted all the
files

Response: False

Score: 1 out of 1 Yes

Question 16
You can make an exact copy of the hard drive by first cleaning the destination
drive by placing _______ in all the blocks

Response: Zeros

Score: 1 out of 1 Yes

Question 17
The Windows OS uses a file name’s ________ to associate files with the proper
applications.

Response: Signature

Score: Extension

Question 18
What is the main advantage of NTFS over FAT?

Response: Drive Speed

Score: Encryption

Question 19
A good way to ignore known files, is to compare the ______ of every file in a
forensic duplication with a known set of hashes and ignore any matches.

Response: Active hashes

Score: Forensic hashes

Question 20
Data can be hidden in the spaces between files

Response: True

Score: 1 out of 1 Yes

Question 21
When trying to recover deleted files, make sure the forensic duplication is ______
so that it is not modified during your analysis.

Response: Write-only

Score: On the correct disk.

Question 22
The reason to place zeros in all of the hard drive blocks is because _______
Response: The ones in the blocks have to cancel with the zeros

Score: Unwanted data might have been left there and this will damage forensic
evidence.

Question 23
What filesystem is used by Linux?

Response: EXT3

Score: 1 out of 1

JyXGMhwC:t-3Lv.

You might also like