Deck 15: Computer Basics for Digital Investigators

A) Trying every possible encryption key
B) Obtaining the passphrase used to protect the encryption key
C) Recovering plaintext versions of data from unallocated and slack space
D) All of the above

A) 8
B) 100
C) 1000
D) 1024

A) 8.4 Gbytes
B) 7.8 Gbytes
C) 8 Gbytes
D) 9 Gbytes

A) RSA
B) ROT13
C) DES
D) DSA

A) Hexadecimal
B) Little-endian
C) Octal
D) Big-endian

A) File name and date-time stamps that were associated with the file are not salvaged.
B) The size of the original file may not be known, making it necessary to guess how much data to carve out.
C) Simple carving assumes all portions of the file were stored contiguously, and not fragmented.
D) All of the above.

A) Boot sector
B) Master boot record
C) Volume
D) Partition

A) Boot sector
B) Master boot record
C) Root Directory
D) Partition

A) 78 FB 23 7A
B) 7A 23 FB 78
C) 23 7A 78 FB
D) FB 7A 78 23

A) Use a UNIX tool like hdparm
B) Use a Windows tools like EnCase
C) Check the drive manufacturer's website for the specific drive
D) All of the above

A) CMOS
B) System.conf
C) MBR
D) Boot record

A) Setting the Read/Only attribute on the folder you want to protect
B) Storing data in a hidden partition
C) Using alternate data streams
D) None of the above

A) The space between the end of a volume and the end of a partition
B) The sectors in a cluster that are not occupied by the file in that cluster
C) The space on a disk that is not allocated to files
D) The space left on a disk after a file is deleted