WGU C702 Final Exam Questions With 100% Correct Answers | Graded A+ | Latest 2023/2024 (VERIFIED)

Computer Forensic Tool Testing Project (CFTT) - ANSWER ==NIST, establishes a methodology for testing computer forensic software tools by development of general tool specifications, test procedures, test criteria, test sets, and test hardware. Image Integrity Tools - ANSWER ==HashCalc, MDF Calculator, HashMyFiles HashCalc - ANSWER ==Create MD5 has for files, text and hex string (13 different algorithms) MDF Calculator - ANSWER ==View MD5 hash to compare to provided hash value HashMyFiles - ANSWER ==Calculate MD5 hash on one or more files File Fingerprinting Recover My Files - ANSWER ==recover deleted files emptied from the windows recycle bin and files lost due to the format or corruption of a hard drive, virus, or trojan infection, and unexpected system shutdown or software failure Advanced Disk Recovery - ANSWER ==Quick or deep scan for lost or deleted files UndeletePlus - ANSWER ==Quick or deep scan for lost or deleted files. same as Advanced Disk Recovery Data Analysis Tools - ANSWER ==FTK Imager, EnCase Forensic, The Sleuth Kit (TSK) FTK Imager - ANSWER ==imaging tools that enables analysis of files and folders on local hard drives, CDs/DVDs, network drives and examination of the content of forensic images or memory dumps EnCase Forensic - ANSWER ==Generates and evidence report, acquire large amounts of evidence, as fast as possible from laptops and desktop computers to mobile devices The Sleuth Kit (TSK) - ANSWER ==Library and collection of command-line tools allowing investigation of volume and file system data fsstat istat fls img_stat Forensic Investigation Team - ANSWER ==Attorney, Photographer, Incident Responder, Decision Maker, Incident Analyzer, Evidence, Examiner/Investigator, Evidence Documenter, Evidence Manager, Expert Witness 18 USC 1029 - ANSWER ==Fraud and related activity in connection with access devices 18 USC 1030 - ANSWER ==Fraud and related activity in connection with computers 18 USC 1361-2 - ANSWER ==Prohibit malicious mischief 18 USC 2252A - ANSWER ==Child pornography 18 USC 2252B - ANSWER ==Misleading domains on Internet 18 USC 2702 - ANSWER ==Voluntary disclosure of customer communications or records 42 USC 2000AA - ANSWER ==Privacy Protection Act Rule 402 - ANSWER ==Relevant Evidence Rule 502 - ANSWER ==Attorney-Client Privilege and Work Product; Limitations on Waiver Rule 608 - ANSWER ==Evidence of character and conduct of witness Rule 609 - ANSWER ==Impeachment by evidence Rule 614 - ANSWER ==Interrogation of Witnesses Rule 701 - ANSWER ==Opinion testimony Rule 705 - ANSWER ==Disclosure of facts Platters - ANSWER ==Circular metal disks mounted into a drive enclosure Tracks - ANSWER ==Concentric rings on the platters that store data Track Numbering - ANSWER ==Starts at 0 and goes to 1023 Sectors - ANSWER ==Smallest physical storage unites located on a hard disk platter (512 bytes long) Clusters - ANSWER ==Smallest accessible/logical storage unit on the hard disk Slack Space - ANSWER ==Wasted are of the disk cluster lying between end of the file and end of the cluster Bad Sectors - ANSWER ==Portions of a disk that are unusable due to some flaws (Don't support read and write) Sparse File - ANSWER ==File that attempts to use file system space efficiently when allocated blocks are mostly empty. Cylinders, Head, and Sectors (CHS) - ANSWER ==Determine the sector addressing for individual sectors on a disk Logical Block Addressing (LBA) - ANSWER ==Address data by allotting a sequential number to each sector Globally Unique Identifier (GUID) - ANSWER ==128-bit unique number generated by windows used to identify COM DLLs File Carving - ANSWER ==The process of reassembling computer files from fragments in the absence of file system metadata. JPEG - ANSWER ==Joint Photographic Experts Group File type for images, can achieve 90% compression Hex value FF D8 FF BMP - ANSWER ==Device independent bitmap (DIB), standard graphics image file format for Windows GIF - ANSWER ==Contains 8 bits per pixel and displays 256 colors per frame fsstat (TSK) - ANSWER ==display details associated with the file system istat (TSK) - ANSWER ==Display details of meta-data structure (INODE) fls (TSK) - ANSWER ==List file and directory names in a disk image img_stat (TSK) - ANSWER ==Displays details of an image file Master Boot Record (MBR) - ANSWER ==The first sector on a hard drive, which contains the partition table and a program the BIOS uses to boot an OS from the drive. 512 bytes long Contains four 16-byte master partition records Starts at sector 0 Signature 0x55AA Master Boot Code - ANSWER ==Loads into BIOS and initiated system boot process American Standard Code for Information Interchange (ASCII) - ANSWER ==128 specified characters coded into 7-bit integers Source code of a program, batch files, macros, scripts, HTML and XML documents ASCII Table - ANSWER ==Non-printable Coded between 0 and 31 Lower ASCII codes between 32 and 127 Higher ASCII codes between 128 and 255 Universal Coded Character Set (USC) - ANSWER ==Standard for encoding, representation, and management of texts More than characters XML, Java, and Microsoft.NET Back Up the MBR - ANSWER ==dd if=/dev/xxx of=p bs=512 count=1 Restore the MBR - ANSWER ==dd if=p of=/dev/xxx bs=512 count=1 GUID Partition Table (GPT) - ANSWER ==Allows disks larger than 2TB Can have 128 Windows partitions CRC for data integrity CRC32 checksum for header and partition table Disk File System - ANSWER ==Store data on disks Network File System - ANSWER ==Access files on other computers/server Database File System - ANSWER ==Store and manage files stored on a computer/server Flash File System - ANSWER ==Stores files or data in flash memory devices Tape File System - ANSWER ==Stores data/files on tape in self-describing form; very slow Shared Disk File System - ANSWER ==External disk array or SAN accessed by servers or workstations Windows File Systems - ANSWER ==FAT/FAT32 Filing System File Allocation Table (on discs= slow/simple) NTFS (NT File System)- uses binary tree for faster access times