Professional Documents
Culture Documents
Computer Forensics Principles and Practices 1st Edition Volonino Test Bank
Computer Forensics Principles and Practices 1st Edition Volonino Test Bank
Multiple Choice:
A. User passwords
B. User profiles
C. Program files
D. Temp files
2. In an NTFS system, by default, which of the following have access to files and folders not uniquely theirs?
3. All of the following are key differences in identifying an operating system EXCEPT
B. My Documents
C. User Root
D. My Computer
5. The user root folder may contain all of the following EXCEPT
A. Internet data
B. Application parameters
C. Wallpaper
D. Registry settings
6. Sources of e-evidence within Windows subfolders can include all of the following EXCEPT
A. Artifact data
B. Metadata
C. Archive data
D. Read-only data
A. System folder
B. Configuration file
C. Autoexec.bat file
D. Registry hives
10. Which of the following is NOT one of the file types available within Linux?
A. Block devices
B. Directories
C. Named pipes
D. Superblock
11. Which of the following is one of the default directories created when installing Linux?
A. /setup
B. /default
C. /bin
D. /swap
A. /etc/sysconfig
B. /etc/shadow/passwd
C. /etc/shadow
D. /etc
Answer: C Reference: Key Linux Files and Directories to Investigate Difficulty: Moderate
14. In steganography, the original file that contains the hidden information is the
A. Steganographic carrier
B. Carrier medium
C. Hiding medium
D. Concealing medium
15. Clues that may indicate stego use include all of the following EXCEPT
16. System data and artifacts are files generated by the ________.
17. Files are first loaded into a(n) ________ before being printed.
Answer: userid Reference: Data and User Authentication Weaknesses of FAT Difficulty: Moderate
Answer: directory tree structure Reference: Identifying the Operating System Difficulty: Moderate
of a Target Hard Drive
20. The ________ folder is used by Internet sites to store information about the user.
21. The ________ subfolder lists the files that the user has accessed over several time periods.
22. The ________ folder generally contains information concerning the programs the user typically works with.
23. One application of metadata used by Windows is an uncommon storage concept called ________.
24. Windows NT and higher changed the registry to a mixture of several files referred to as ________.
25. The ________ tracks those actions deemed as events by the software application.
Answer: swap file (or page file) Reference: Swap File/Page File Difficulty: Moderate
27. The ________ command gives Linux users the ability to perform administrative duties, which require a
separate password for each user.
29. ________ are used to determine where data starts and ends when graphic files are located in unallocated or
slack space.
30. The process of retrieving image data from unallocated or slack space is called ________.
Answer: data carving (or salvaging) Reference: Data Carving Difficulty: Moderate
Matching:
III. Temp files C. Though used only briefly, they are not deleted
I. HKEY_CLASSES_ROOT A. Default
II. /etc B. Contains information on printers, log files, and transient data
36. Match the following GREP tokens with their related functions.
III. [] C. When placed after a character, matches any number of occurrences of that character
I. 00 00 01 00 A. BMP
II. FF D8 FF E1 xx xx 45 78 69 66 00 B. ICO
III. 42 4D C. PNG
IV. 89 50 4E 47 0D 0A 1A 0A D. JPEG