Question 1

In a forensics context,hidden information about files and folders is called&#10;A)Artifact data&#10;B)Metadata&#10;C)Archive data&#10;D)Read-only data

Accepted Answer

The hidden information about files and folders in forensics is referred to as metadata. This data provides details about the creation, modification, and last access times of files, as well as file size, owner, and other attributes. It may also include information about the file's location, format, and content. This information can be useful in determining the origin and history of the file, and can be analyzed to reveal patterns or unusual behavior. Artifact data, archive data, and read-only data are not typically used to refer to hidden information in a forensics context.

Question 2

In an NTFS system,by default,which of the following have access to files and folders not uniquely theirs?&#10;A)Each user in the Group folder&#10;B)Only those users in the Users folder&#10;C)Each user who successfully logs in&#10;D)Only the user assigned to those resources

Accepted Answer

By default, only the user who has been assigned permissions to the files and folders will have access to them. Other users or groups will need to be explicitly granted permission to access those resources.

Question 3

?Which of the following is considered an excellent source to obtain information on when passwords were last changed within a Linux system?&#10;A)/etc/sysconfig&#10;B)/etc/shadow/passwd&#10;C)/etc/shadow&#10;D)/etc

Accepted Answer

The file /etc/shadow stores password information for Linux users, including the date when the password was last changed. Therefore, it is considered an excellent source for obtaining information on when passwords were last changed within a Linux system.

Question 4

A(n)________ is created by the computer for each user.

Accepted Answer

The answer of A(n)________ is created by the computer for...

Question 5

Sources of e-evidence within Windows subfolders can include all of the following EXCEPT&#10;A)Pointers to Office files&#10;B)Listing of programs on the Quick Launch bar&#10;C)Pointers to Internet Favorites&#10;D)The user's address book

Accepted Answer

The answer of Sources of e-evidence within Windows subfolders can...

Question 6

The user root folder may contain all of the following EXCEPT&#10;A)Internet data&#10;B)Application parameters&#10;C)Wallpaper&#10;D)Registry settings

Accepted Answer

Registry settings are not stored in the user's root folder; they are part of the Windows Registry, a hierarchical database that stores low-level settings for the operating system and for applications that opt to use the Registry.

Question 7

If you change a file extension by renaming the file,&#10;A)You also change the data in the file&#10;B)You will not be able to open the file&#10;C)Windows will change the icon that represents the file&#10;D)You also change the data header

Accepted Answer

Changing the file extension will only change the way the file is identified by the operating system and associated programs. Windows will update the file icon to match the new extension, but the actual data in the file will remain the same. However, some programs may not be able to open the file if it requires a specific extension to recognize the file format. Changing the extension can also affect how the file is processed by the operating system or other applications.

Question 8

A(n)________ is designed as a hierarchical listing of folders and files.

Accepted Answer

The answer of A(n)________ is designed as a hierarchical listing...

Question 9

Files are first loaded into a(n)________ before being printed.

Accepted Answer

The answer of Files are first loaded into a(n)________ before...

Question 10

All of the following are key differences in identifying an operating system EXCEPT&#10;A)The Recycle Bin folder&#10;B)Operating system folder names&#10;C)User root folder construction&#10;D)Folders containing group userids

Accepted Answer

The answer of All of the following are key differences...

Question 11

Which of the following is the primary default folder in Windows 2000 and XP?&#10;A)Documents and Settings&#10;B)My Documents&#10;C)User Root&#10;D)My Computer

Accepted Answer

The answer of Which of the following is the primary...

Question 12

Which of the following is NOT one of the file types available within Linux?&#10;A)Block devices&#10;B)Directories&#10;C)Named pipes&#10;D)Superblock

Accepted Answer

The answer of Which of the following is NOT one...

Question 13

System data and artifacts are files generated by the ________.

Accepted Answer

The answer of System data and artifacts are files generated...

Question 14

When you send a job to the printer,Windows creates a(n)&#10;A)Enhanced metafile (EMF)&#10;B)Enhanced image file (IMF)&#10;C)Temporary print file (TPF)&#10;D)Tagged image format file (TIFF)

Accepted Answer

The answer of When you send a job to the...

Question 15

Which of the following is one of the default directories created when installing Linux?&#10;A)/setup&#10;B)/default&#10;C)/bin&#10;D)/swap

Accepted Answer

The answer of Which of the following is one of...

Question 16

The ________ folder is used by Internet sites to store information about the user.

Accepted Answer

The answer of The ________ folder is used by Internet...

Question 17

Clues that may indicate stego use include all of the following EXCEPT&#10;A)The sophistication of the computer's owner&#10;B)Software clues on the computer&#10;C)Type of crime being investigated&#10;D)Large number of files in the Recycle Bin

Accepted Answer

The answer of Clues that may indicate stego use include...

Question 18

Examples of user data include all of the following EXCEPT&#10;A)User passwords&#10;B)User profiles&#10;C)Program files&#10;D)Temp files

Accepted Answer

The answer of Examples of user data include all of...

Question 19

In steganography,the original file that contains the hidden information is the&#10;A)Steganographic carrier&#10;B)Carrier medium&#10;C)Hiding medium&#10;D)Concealing medium

Accepted Answer

The answer of In steganography,the original file that contains the...

Question 20

All configuration information needed by the operating may be located in which of the following?&#10;A)System folder&#10;B)Configuration file&#10;C)AutoexeC.bat file&#10;D)Registry hives

Accepted Answer

The answer of All configuration information needed by the operating...

Question 21

One application of metadata used by Windows is an uncommon storage concept called ________.

Accepted Answer

The answer of One application of metadata used by Windows...

Question 22

The ________ tracks those actions deemed as events by the software application.

Accepted Answer

The answer of The ________ tracks those actions deemed as...

Question 23

The ________ command gives Linux users the ability to perform administrative duties,which require a separate password for each user.

Accepted Answer

The answer of The ________ command gives Linux users the...

Question 24

By default,the ________ is used as virtual memory.

Accepted Answer

The answer of By default,the ________ is used as virtual...

Question 25

Windows NT and higher changed the registry to a mixture of several files referred to as ________.

Accepted Answer

The answer of Windows NT and higher changed the registry...

Question 26

The ________ folder generally contains information concerning the programs the user typically works with.

Accepted Answer

The answer of The ________ folder generally contains information concerning...

Question 27

The process of retrieving image data from unallocated or slack space is called ________.

Accepted Answer

The answer of The process of retrieving image data from...

Question 28

In Linux,everything-including all devices,partitions,and folders-is seen as a unified ________.

Accepted Answer

The answer of In Linux,everything-including all devices,partitions,and folders-is seen as...

Question 29

________ are used to determine where data starts and ends when graphic files are located in unallocated or slack space.

Accepted Answer

The answer of ________ are used to determine where data...

Question 30

The ________ subfolder lists the files that the user has accessed over several time periods.

Accepted Answer

The answer of The ________ subfolder lists the files that...

Question 31

Match between columns&#10;                        Premises: Sockets&#10;Sockets&#10;Sockets&#10;Sockets

Accepted Answer

The Answer of Unbuffered files used to exchange data and is...

Question 32

Match between columns&#10;                        Premises: User profiles&#10;User profiles&#10;User profiles&#10;User profiles

Accepted Answer

The Answer of Internet history files and Installed applications and is...

Deck 7: Investigating Windows, linux, and Graphic Files