January 17, 2020
LAB 1.1
1. Why is Autopsy an important forensics tool?
a. It can be used to help digital forensics investigators find potential evidence.
2. Autopsy can search for which of the following types of files? (Choose all that apply.)
b. E-mail
c. Graphics
d. Deleted files
e. Registry files
3. What’s a file hash? REVIEW
f. A hexadecimal value obtained mathematically from a file
4. Which of the following statements is true? REVIEW
g. File hashes can verify that the chain of custody has been maintained.
5. Autopsy can’t recover deleted or corrupted files and display their contents. True or False?
LAB 1.2
6. FTK Imager can be used to search all the following except what?
h. Encrypted files
7. FTK Imager is used primarily to produce which of the following?
i. Hard disk images that can be analyzed by forensics software
8. Why do forensics investigators work with bit-stream images?
j. An image file can be examined without damaging the original evidence.
9. FTK Imager can detect and view encrypted files. True or False?
10. Bit-stream imaging is the process of ___________.
k. Duplicating data on storage devices for forensic analysis
LAB 1.3
11. The evaluation version of WinHex can be used to search all the following file systems except
which one?
l. HFS+
12. The evaluation version of WinHex can write up to how many bytes of data?
m. 200 KB
13. The licensed version of WinHex includes a RAM editor. True or False?
14. WinHex can’t produce file hash values. True or False?
15. Which of the following statements is correct? (Choose all that apply.)
n. WinHex includes hashing algorithms.
LAB 1.4
16. The Result Viewer pane in Autopsy displays which of the following?
o. Folder names, filenames, and dates
17. What type of information is displayed under the Data Sources item in the Tree Viewer?
p. Filenames and directory paths
18. Which file extension is used for Autopsy case files?
This study source was downloaded by 100000900412927 from CourseHero.com on 01-05-2026 01:26:28 GMT -06:00
https://www.coursehero.com/file/54173789/Lab-Assignment-Ch-1-docx/
LAB 1.1
1. Why is Autopsy an important forensics tool?
a. It can be used to help digital forensics investigators find potential evidence.
2. Autopsy can search for which of the following types of files? (Choose all that apply.)
b. E-mail
c. Graphics
d. Deleted files
e. Registry files
3. What’s a file hash? REVIEW
f. A hexadecimal value obtained mathematically from a file
4. Which of the following statements is true? REVIEW
g. File hashes can verify that the chain of custody has been maintained.
5. Autopsy can’t recover deleted or corrupted files and display their contents. True or False?
LAB 1.2
6. FTK Imager can be used to search all the following except what?
h. Encrypted files
7. FTK Imager is used primarily to produce which of the following?
i. Hard disk images that can be analyzed by forensics software
8. Why do forensics investigators work with bit-stream images?
j. An image file can be examined without damaging the original evidence.
9. FTK Imager can detect and view encrypted files. True or False?
10. Bit-stream imaging is the process of ___________.
k. Duplicating data on storage devices for forensic analysis
LAB 1.3
11. The evaluation version of WinHex can be used to search all the following file systems except
which one?
l. HFS+
12. The evaluation version of WinHex can write up to how many bytes of data?
m. 200 KB
13. The licensed version of WinHex includes a RAM editor. True or False?
14. WinHex can’t produce file hash values. True or False?
15. Which of the following statements is correct? (Choose all that apply.)
n. WinHex includes hashing algorithms.
LAB 1.4
16. The Result Viewer pane in Autopsy displays which of the following?
o. Folder names, filenames, and dates
17. What type of information is displayed under the Data Sources item in the Tree Viewer?
p. Filenames and directory paths
18. Which file extension is used for Autopsy case files?
This study source was downloaded by 100000900412927 from CourseHero.com on 01-05-2026 01:26:28 GMT -06:00
https://www.coursehero.com/file/54173789/Lab-Assignment-Ch-1-docx/
