CPSC 4680-5680 Exam Graded A+
Advantages: faster data transfer speeds, ignores minor data errors, and most forensics
analysis tools can read it.
Disadvantages: requires equal or greater target disk space, doesn't contain hash values
in the raw file (metadata), might have to run a separate hash program to validate raw
format data, and might not collect marginal (bad) blocks.
18. Which of the following Windows 8 files contains user-specific information?
a. User.dat
b. Ntuser.dat
c. System.dat
d. SAM.dat - ANSWER-b. Ntuser.dat
An image of a suspect drive can be loaded on a virtual machine. True or False? -
ANSWER-True
Areal density refers to which of the following?
a. number of bits per disk
b. number of bits per partition
c. Number of bits per square inch of a disk platter
d. number of bits per platter - ANSWER-c. Number of bits per square inch of a disk
platter
Chain-of-custody - ANSWER-The process of documenting all and every activity on what
is and not being done
Computer forensics analysis revolves around searching for evidence on a suspect
system. In general, to search for evidence you need to do the following six steps: -
ANSWER-• Examine file and folders (or directory) date and time stamps
• Locate and extract all log files
• Locate and recover any temporary print spool files
• Locate and recover any encrypted or archived files
• Perform a keyword search on all data within the digital evidence
• Examine Windows shortcuts, Internet, Recycle Bins, and registry.
Data acquision - ANSWER-The process of collecting digital evidence from electronic
media
Data recovery - ANSWER-Which involves retrieving information that was deleted by
mistake or lost during a power surge or server crash
Digital forensics - ANSWER-The application of computer science and investigative
procedures for a legal purpose involving the analysis of digital evidence after proper
Advantages: faster data transfer speeds, ignores minor data errors, and most forensics
analysis tools can read it.
Disadvantages: requires equal or greater target disk space, doesn't contain hash values
in the raw file (metadata), might have to run a separate hash program to validate raw
format data, and might not collect marginal (bad) blocks.
18. Which of the following Windows 8 files contains user-specific information?
a. User.dat
b. Ntuser.dat
c. System.dat
d. SAM.dat - ANSWER-b. Ntuser.dat
An image of a suspect drive can be loaded on a virtual machine. True or False? -
ANSWER-True
Areal density refers to which of the following?
a. number of bits per disk
b. number of bits per partition
c. Number of bits per square inch of a disk platter
d. number of bits per platter - ANSWER-c. Number of bits per square inch of a disk
platter
Chain-of-custody - ANSWER-The process of documenting all and every activity on what
is and not being done
Computer forensics analysis revolves around searching for evidence on a suspect
system. In general, to search for evidence you need to do the following six steps: -
ANSWER-• Examine file and folders (or directory) date and time stamps
• Locate and extract all log files
• Locate and recover any temporary print spool files
• Locate and recover any encrypted or archived files
• Perform a keyword search on all data within the digital evidence
• Examine Windows shortcuts, Internet, Recycle Bins, and registry.
Data acquision - ANSWER-The process of collecting digital evidence from electronic
media
Data recovery - ANSWER-Which involves retrieving information that was deleted by
mistake or lost during a power surge or server crash
Digital forensics - ANSWER-The application of computer science and investigative
procedures for a legal purpose involving the analysis of digital evidence after proper
