CSCI 511: Midterm Liberty University
How can an investigator validate that he or she made an exact copy of a hard drive?
What is volatile memory analysis and what difficulties does it pose to the forensic investigator?
With the consistency checking file system repair technique, the computer’s file system is rebuilt from scratch using knowledge of an undamaged file system structure.
An individual cannot be compelled by authorities to reveal passwords to
computers or files. By doing so, the individual may incriminate himself or herself
A victim of a criminal act can sue the perpetrator for damages in civil court.
Modern cryptography is separated into two distinct groups: symmetric cryptography and asymmetric cryptography.
The Fourth Amendment applies to searches conducted by private individuals, businesses, and nongovernmental agencies.
When an individual connects to a wireless network, the service set identifier (SSID) is logged as a preferred network connection. This information can be found in the Windows Registry.
The term symmetric cryptography describes those methods where the same key is used to encrypt and decrypt the plaintext.
Real evidence means physical objects that can be touched, held, or directly observed, such as a laptop with a suspect’s fingerprints on it, or a handwritten note.
What is meant by slurred image?
The Windows Registry is organized into five sections. The section stores information about drag-and-drop rules, program shortcuts, the user interface, and related items.
What name is given to a protocol used to send e-mail that works on port 25?
is essentially data about the data. In the case of files, it can include creation time/date, size, last modified date, and even file header information.
The is a federal wiretap law for traditional wired telephony that was expanded to include wireless, voice over packet, and other forms of electronic communications, including signaling traffic and metadata.
Which of the following is the definition of anti-forensics?
Which of the following is the definition of inode?
What term is used to describe statements that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury?
The unused space between the logical end of file and the physical end of file is known as .
What version of RAID are the following descriptors? Striped disks with dedicated parity combine three or more disks in a way that protects data against loss of any one disk. Fault tolerance is achieved by adding an extra disk to the array and dedicating it to storing parity information. The storage capacity of the array is reduced by one disk.
The contains many provisions about recordkeeping and destruction of electronic records relating to the management and operation of publicly held companies.
The field reveals the real IP address of the computer from which the email was originally sent from.
This field is intended for spam filtering.
The Windows Registry is organized into five sections. The section is very critical to forensic investigations. It has profiles for all the users, including their settings.
The is designed to protect children from exposure to indecent material.
is a live-system forensic technique in which you collect a memory dump and perform analysis in an isolated environment.
Under the Fourth Amendment, search warrants must:
There are specific laws in the United States that are applicable to e-mail
is used to prevent anything from being written to the hard drive or other data source:
The establishes a standard of information-handling practices that governs the collection, maintenance, use, and dissemination of information about individuals that is maintained in systems of records by U.S. federal agencies.
RFC 3864 describes message header field names. Information about how the message is to be displayed, usually a Multipurpose Internet Mail Extensions (MIME) type refers to which of the following options?
The field consists of the name of the server and a unique string that the sending e-mail server assigned to the message:
The standard of proof in a civil trial is:
The states that forensic tools, techniques, procedures and evidence are admissible in court only if they have a “general acceptance” within the scientific community.
There are specific laws in the United States that are applicable to e-mail investigations. is about perpetrators who attempt to hide the pornographic nature of their
Which of the following is the definition of the Daubert Standard?
Which of the following common e-mail header fields is commonly used with values “bulk,” “junk,” or “list”; or used to indicate that automated “vacation” or “out of office” responses should not be returned for the mail?
Maintaining is a problem with live system forensics in which data is not acquired at a unified moment.
What is meant by steganalysis?
Digital cameras contain a wealth of metadata in:
sets standards for digital evidence processing, analysis, and diagnostics.
What is Internet Message Access Protocol (IMAP)?
A number of tools and even some Windows utilities are available that can help you to analyze live data on a Windows system. can tell you system uptime (time since last reboot), operating system details, and other general information about the system.
occurs when a seller takes on various digital identities by opening up several email accounts and bids on his or her own items multiple times to prompt genuine bidders to provide a much higher bid for an item than they would have done otherwise.
The file allocation table is really a list of entries that map to each on the disk partition.
What name is given to analysis involving using the native operating system, on the evidence disk or a forensic duplicate, to peruse the data?
What version of RAID are the following descriptors? Striped disks with dual parity combine four or more disks in a way that protects data against loss of any two disks.
The is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court, preferably unaltered.
What was designed as an area where computer vendors could store data that is shielded from user activities and operating system utilities, such as delete and format?
is the concept that any scientific evidence presented in a trial has to have been reviewed and tested by the relevant scientific community.