Deciding how to destroy evidentiary materials that is no longer needed falls under the ________ stage of an investigation.
Crime scene management is as critical a responsibility for the digital investigator as it is the lead investigator. What is the first thing you, as an investigator, want to do upon arriving on the scene?
Select each of the items from the following list that belongs in every documentation package.
When transporting a hard disk that was extracted from a computer, what is the appropriate method of protecting the device during transport?
While investigating a person suspected of having child pornography on his machine, you discover that at the time the files first appeared on the system, another user was logged onto the system. This is a powerful piece of ________ evidence.
Case notes that you take during initial response are protected from discovery because they are covered under the "work product" doctrine.
By transporting a cellular telephone in a Faraday bag, the device is protected from hackers getting onto the device and wiping it.
Computer scientists break the movement of information from raw electrical voltage changes to humanly readable information as a series of
abstraction layers. Which of the following is one of these abstraction layers?
Which of the following is one of the tools on the court-approved lists issued by the Federal Judiciary?
Which of the following suites is an open-source set of utilities that is made available to the community at no charge?
Virtually all operating systems come with tools to manage the hard disk. The vast majority of these tools are unable to read metafiles such as the $MFT file in Windows 7. Why is this?
Software tools can be categorized as either "lossy" or "lossless". Which of the following tools are considered lossy?
Which of the following institutions maintains a program for testing digital forensic tools?
The Linux Disk Editor is a tool used in Linux that allows a user to ________.
There are four attributes of a good tool that can be used to calculate its usability as a tool. Which of the following is
not one of those attributes?
As an experienced digital investigator, you have been called in to testify about the reliability of the tool that was used to extract a forensic image. In your testimony you explain that you tested the utility against several ________.
In order to pass the scrutiny of a judge a tool must pass four separate tests that provide a measure of the scientific validity of the results. These tests are part of the ________ process.
Which of the following is an example of a write blocker that can be used to assure a forensically sound copy of a suspect drive?
Which of the following utilities can detect a file that has been configured as an alternate data fork to another file?
Microsoft provides a collection of free utilities for analyzing and troubleshooting problems specific to the Windows operating system. These utilities are part of the ________ suite.
Based on the published specifications that define a usable tool, if any I/O error occurs while reading data, the tool must immediately abort the data capture event.
Brute force cracking of a password using conventional methods takes a very long time. This is primarily a ________ intensive task.
There are three major factors to address when configuring a forensic workstation. Which of the following is actually
not one of those factors?
There are several decisions to be made regarding the construction of a new forensic workstation that will be dictated by the choice of system board. Which of the following are affected by the choice of system board?
The I/O subsystem of a forensic workstation is basically the same as with any other computer. The one difference is that there must be some sort of ________ capability designed into the system.
Which of the following is a way to write protect an I/O path when there is no hardware device available for the task?
Which of the following forensic workstations is designed as a somewhat portable device?
You recently upgraded the memory on your new forensic workstation. It was working fine before the upgrade. Now, durning the boot process, the system encounters a "blue screen of death" and shuts down. You put the memory into another machine and it worked fine. Which of the following is likely to be the problem?
FREDDIE is a forensic workstation available from which of the following companies?
When selecting a suitable enclosure for a forensic workstation there are several factors to consider. Select some appropriate factors from the following list that are essential.
In addition to the speed of the core processor, what is also critical to the performance of a CPU? (Select all that apply.)
A 32-bit operating system is capable of supporting up to ________ megabytes of RAM.
How many memory channels can a quad core processor support?
Your new forensic workstation came with two 10K-rpm SAS drives and two 7,400rpm drives. You should install the OS onto the slower drives and save the faster drives for the data sets.
The fastest and most durable permanent storage mechanism is the solid state drive.
The most commonly seen expansion slot in most current system boards is the PCI-X slot.
Which of the following organizations offers the CCE Boot Camp Training program?
Which organization monitors the licensing of private digital forensic investigators on a national level?
Global Information Assurance Certification offers two different digital forensic certifications. Which of the following do they offer?
In order to pass the written exam for the GCFD certification you must obtain a final score of ________ or higher.
The Certified Digital Forensic Examiner certification is administered by ________.
In their 2004 article, Meyers and Rogers listed three levels of excellence a good forensic certification program should address. Which two of the following are on that list?
The PCFE certification is administered by ________.
In order to pass the written exam for the GCFA certification you must obtain a final score of ________ or higher.
The AccessData Certified Examiner is a proprietary certification that measures the candidate's proficiency in using the ________ suite.
The Digital Forensics Certified Practitioner certification is administered by ________.
The Encase Certified Examiner is a certification offered by ________.
To obtain the ENCE certification a candidate must accomplish which two of the following tasks?
What is the time limit given for completing the GCFA written exam?
There is little or no reciprocity between states in regards to the licensing requirements for digital investigators.