Computer Forensics Mid - II, November - 2014

1.If a suspect computer is located in an area that might have toxic chemicals, you must do which of the following
  • Coordinate with the HAZMAT
  • Determine a way to obtain the suspect computer
  • Assume the suspect computer is contaminated
  • Do not enter alone
Answer: A
2.What is the space on a drive called when a file formats
  • FAT12
  • FAT16
  • FAT32
  • NTFS
Answer: C
3.What should be your most important consideration while determining the tool to be used in the forensic lab?
  • Finding out which one is the most popular
  • Determining what lab needs
  • Determining which product is cheaper
  • Talking to the vendor
Answer: B
4.Which of the following is a current formatting standard for e-mail?
  • SMTP
  • MIME
  • Outlook
  • Pine
Answer: B
5.The term TDMA refers to which of the following?
  • A Technique of Dividing a radio frequency so that multiple users share the same channel
  • A proprietary protocol developed by Motorola
  • A specific cellular network standard
  • A Technique of spreading the signal across many channels
Answer: A
6.Which of the following group sets standards for recovering, preserving and examining digital evidence
  • Scientific working group on digital evidence
  • International organization on computer vidence
  • Department of justice
  • Both (A) and (B)
Answer: D
7.The digital evidence is stored on
  • CD-Rs
  • Magnetic tapes
  • DVDs
  • All of the above
Answer: D
8.Which of the following hardware forensics tool is a single purpose component?
  • ProDiscover
  • EnCase
  • ILook
  • All the above
Answer: D
9.What should be the most important consideration when determining which tool to use in lab?
  • Determining cheaper product
  • Determining what lab need
  • Finding out most popular product
  • Consulting the vendor
Answer: B
10.Which of the following is a current formatting standard for e-mail?
  • SMTP
  • MIME
  • Outlook
  • Pine
Answer: B
11.In forensic hashes, a collision occurs when ___________ files have same value.
Answer: Two Different
12.Partition disk space not allocated to a file is nothing but ___________ disk space.
Answer: Un-allocated
13.________________ is a hardware device of software program that prevents a computer from writing data to an evidence drive.
Answer: Write Blocker
14.AccessDataFTK uses at search to ___________ and create a B* tree index to data.
Answer: Analyze
15.TPM (Trusted Platforms module) stores encryptions ___________.
Answer: Key data
16.Any information that is stored or transmitted in digital form is called _______________
Answer: Digital Evidence
17.___________ are used in crime labs to extract DNA residue from a keyboard to compare with other DNA samples.
Answer: Special Vacuums
18.Many investigators are comfortable using _____________ platforms.
Answer: MicroSoft
19.Safeback and SnapCopy are ________________ duplicators
Answer: Software
20.________________ is used to navigate work folder
Answer: MyComputer/Windows Explorer