Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 3: Tools, Environments, Equipment, and Certifications

Full screen (f)
exit full mode
Question
If you need to remove a password from files,you could use a program such as

A)Jack the Cracker
B)WinHex
C)MacQuisition
D)John the Ripper
Use Space or
up arrow
down arrow
to flip the card.
Question
Preserving e-evidence and good ________ of steps taken during the investigation are essential for success in computer crime cases.
Question
Under no circumstances should you attempt to create a forensically clean drive by simply ________ the drive.
Question
A defensible approach is an objective and unbiased approach that

A)Is performed in accordance with forensic science principles
B)Is conducted with verified tools
C)Is documented thoroughly
D)All the above
Question
The current best approach to powering down a suspect PC is to

A)Simply power it down using the operating system
B)Keep it running on an UPS
C)Don't power it down
D)Pull the power plug
Question
Documentation of the evidence can include which of the following?

A)Name of the suspect's supervisor
B)Status of the computer
C)Name of the investigating officer
D)All the above
Question
Which of the following tasks should be performed to maximize search results?

A)Confirm the objective of the investigation.
B)Identify relevant time periods.
C)Identify relevant types of data.
D)All are correct.
Question
Which of the following is the preferred way to make a forensic copy?

A)Create a mirror image.
B)Produce a sector-by-sector copy.
C)Copy residual data only.
D)Make a back-up tape image.
Question
If volatile data must be acquired,you may need to do your analysis in a(n)

A)Trusted environment
B)Postmortem environment
C)Untrusted environment
D)Dead environment
Question
Which of the following does NOT affect the choice of forensic tool(s)for a case?

A)The operating system
B)State of the data
C)Availability of an expert witness
D)Domestic and international laws
Question
To protect original data from any alteration,you

A)Use gloves when working with the hard drive
B)Make a forensic copy of the original data
C)Do your forensic work as quickly as possible
D)Use the operating system to copy all relevant files
Question
Which factor(s)determine the type of tools needed for an analysis?

A)The environment
B)The power sources available where the analysis will be done
C)The make of the equipment to be analyzed
D)None of the above
Question
________ data is data that has been deleted but not erased.
Question
When you forensically wipe a hard drive,you

A)Write over all areas of the disk with a single character
B)Reformat the hard drive using standard disk utilities
C)Delete all active data from the hard drive
D)Use a forensic tool to physically clean the hard drive
Question
When a copy is made,the contents of a hard drive are stored as a series of compressed ________ files.
Question
The first step in analyzing data is to _________ it.
Question
Which of the following tools is designed for use with Linux systems?

A)BlackBag
B)WinHex
C)Autopsy
D)PDA Seizure
Question
A forensics lab should have all of the following applications on hand EXCEPT

A)Microsoft Office versions
B)ClarisWorks
C)Peachtree Accounting
D)Visual Basic
Question
Encase softwarecan be used for all e-mail investigations EXCEPT which of the following?

A)GoogleMail
B)Hotmail
C)Outlook
D)AOL
Question
Data may be hidden by all of the following methods EXCEPT

A)Using special characters in the actual name
B)Renaming to a common name used by the operating system
C)Encrypting the file
D)Password-protecting the file
Question
You may need to do a(n)________ analysis during a hacker attack or other intrusion.
Question
A(n)________ can cause MD5 hashes to be different if different tools are used to acquire a disk image.
Question
________,from Paraben Forensics,is a comprehensive tool for investigating the contents of Palm Pocket PCs that run on Windows CE.
Question
________ is another name for the security key you need to access a system when using EnCase.
Question
A computer forensic specialist may examine the ________ to ascertain the true identity of a file.
Question
A forensics lab is typically considered to be a(n)________ environment.
Question
One ________ can be saved on numerous servers and be forwarded to a person unknown to its author.
Question
A drive image is "fingerprinted" using an encryption technique called ________.
Question
________ data can include spreadsheets,databases,and word processing files.
Question
A dead analysis is also referred to as a(n)________ analysis.
Question
Match between columns
Premises:
Responses:
Active data
A file renamed to look like an operating system file
Active data
Data easily viewed through file manager programs
Active data
Cache files and history files
Active data
File space that is now available for being written to
Question
Match between columns
Premises:
Responses:
Scanner
Software used to destroy system log trails
Scanner
Tools used to mask a person's online identity
Scanner
Used to break encrypted password files
Scanner
Used to identify services running on a network
Scanner
Used to impersonate someone else's identity
Scanner
Keep detailed records and photographs
Scanner
Verify the integrity of the copy to the source
Scanner
Create a copy without altering the original
Scanner
Ensure fairness in the evaluation
Scanner
Perform the technical analysis while retaining its integrity
Spoofer
Software used to destroy system log trails
Spoofer
Tools used to mask a person's online identity
Spoofer
Used to break encrypted password files
Spoofer
Used to identify services running on a network
Spoofer
Used to impersonate someone else's identity
Spoofer
Keep detailed records and photographs
Spoofer
Verify the integrity of the copy to the source
Spoofer
Create a copy without altering the original
Spoofer
Ensure fairness in the evaluation
Spoofer
Perform the technical analysis while retaining its integrity
Presumption of evidence
Software used to destroy system log trails
Presumption of evidence
Tools used to mask a person's online identity
Presumption of evidence
Used to break encrypted password files
Presumption of evidence
Used to identify services running on a network
Presumption of evidence
Used to impersonate someone else's identity
Presumption of evidence
Keep detailed records and photographs
Presumption of evidence
Verify the integrity of the copy to the source
Presumption of evidence
Create a copy without altering the original
Presumption of evidence
Ensure fairness in the evaluation
Presumption of evidence
Perform the technical analysis while retaining its integrity
Document the activities
Software used to destroy system log trails
Document the activities
Tools used to mask a person's online identity
Document the activities
Used to break encrypted password files
Document the activities
Used to identify services running on a network
Document the activities
Used to impersonate someone else's identity
Document the activities
Keep detailed records and photographs
Document the activities
Verify the integrity of the copy to the source
Document the activities
Create a copy without altering the original
Document the activities
Ensure fairness in the evaluation
Document the activities
Perform the technical analysis while retaining its integrity
Password cracker
Software used to destroy system log trails
Password cracker
Tools used to mask a person's online identity
Password cracker
Used to break encrypted password files
Password cracker
Used to identify services running on a network
Password cracker
Used to impersonate someone else's identity
Password cracker
Keep detailed records and photographs
Password cracker
Verify the integrity of the copy to the source
Password cracker
Create a copy without altering the original
Password cracker
Ensure fairness in the evaluation
Password cracker
Perform the technical analysis while retaining its integrity
Anonymous remailer
Software used to destroy system log trails
Anonymous remailer
Tools used to mask a person's online identity
Anonymous remailer
Used to break encrypted password files
Anonymous remailer
Used to identify services running on a network
Anonymous remailer
Used to impersonate someone else's identity
Anonymous remailer
Keep detailed records and photographs
Anonymous remailer
Verify the integrity of the copy to the source
Anonymous remailer
Create a copy without altering the original
Anonymous remailer
Ensure fairness in the evaluation
Anonymous remailer
Perform the technical analysis while retaining its integrity
Nuker
Software used to destroy system log trails
Nuker
Tools used to mask a person's online identity
Nuker
Used to break encrypted password files
Nuker
Used to identify services running on a network
Nuker
Used to impersonate someone else's identity
Nuker
Keep detailed records and photographs
Nuker
Verify the integrity of the copy to the source
Nuker
Create a copy without altering the original
Nuker
Ensure fairness in the evaluation
Nuker
Perform the technical analysis while retaining its integrity
Preponderance of evidence
Software used to destroy system log trails
Preponderance of evidence
Tools used to mask a person's online identity
Preponderance of evidence
Used to break encrypted password files
Preponderance of evidence
Used to identify services running on a network
Preponderance of evidence
Used to impersonate someone else's identity
Preponderance of evidence
Keep detailed records and photographs
Preponderance of evidence
Verify the integrity of the copy to the source
Preponderance of evidence
Create a copy without altering the original
Preponderance of evidence
Ensure fairness in the evaluation
Preponderance of evidence
Perform the technical analysis while retaining its integrity
Proof beyond reasonable doubt
Software used to destroy system log trails
Proof beyond reasonable doubt
Tools used to mask a person's online identity
Proof beyond reasonable doubt
Used to break encrypted password files
Proof beyond reasonable doubt
Used to identify services running on a network
Proof beyond reasonable doubt
Used to impersonate someone else's identity
Proof beyond reasonable doubt
Keep detailed records and photographs
Proof beyond reasonable doubt
Verify the integrity of the copy to the source
Proof beyond reasonable doubt
Create a copy without altering the original
Proof beyond reasonable doubt
Ensure fairness in the evaluation
Proof beyond reasonable doubt
Perform the technical analysis while retaining its integrity
Presumption
Software used to destroy system log trails
Presumption
Tools used to mask a person's online identity
Presumption
Used to break encrypted password files
Presumption
Used to identify services running on a network
Presumption
Used to impersonate someone else's identity
Presumption
Keep detailed records and photographs
Presumption
Verify the integrity of the copy to the source
Presumption
Create a copy without altering the original
Presumption
Ensure fairness in the evaluation
Presumption
Perform the technical analysis while retaining its integrity
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/32
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 3: Tools, Environments, Equipment, and Certifications
1
If you need to remove a password from files,you could use a program such as

A)Jack the Cracker
B)WinHex
C)MacQuisition
D)John the Ripper
D
2
Preserving e-evidence and good ________ of steps taken during the investigation are essential for success in computer crime cases.
documentation
3
Under no circumstances should you attempt to create a forensically clean drive by simply ________ the drive.
formatting
4
A defensible approach is an objective and unbiased approach that

A)Is performed in accordance with forensic science principles
B)Is conducted with verified tools
C)Is documented thoroughly
D)All the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
5
The current best approach to powering down a suspect PC is to

A)Simply power it down using the operating system
B)Keep it running on an UPS
C)Don't power it down
D)Pull the power plug
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
6
Documentation of the evidence can include which of the following?

A)Name of the suspect's supervisor
B)Status of the computer
C)Name of the investigating officer
D)All the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following tasks should be performed to maximize search results?

A)Confirm the objective of the investigation.
B)Identify relevant time periods.
C)Identify relevant types of data.
D)All are correct.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is the preferred way to make a forensic copy?

A)Create a mirror image.
B)Produce a sector-by-sector copy.
C)Copy residual data only.
D)Make a back-up tape image.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
9
If volatile data must be acquired,you may need to do your analysis in a(n)

A)Trusted environment
B)Postmortem environment
C)Untrusted environment
D)Dead environment
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following does NOT affect the choice of forensic tool(s)for a case?

A)The operating system
B)State of the data
C)Availability of an expert witness
D)Domestic and international laws
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
11
To protect original data from any alteration,you

A)Use gloves when working with the hard drive
B)Make a forensic copy of the original data
C)Do your forensic work as quickly as possible
D)Use the operating system to copy all relevant files
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
12
Which factor(s)determine the type of tools needed for an analysis?

A)The environment
B)The power sources available where the analysis will be done
C)The make of the equipment to be analyzed
D)None of the above
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
13
________ data is data that has been deleted but not erased.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
14
When you forensically wipe a hard drive,you

A)Write over all areas of the disk with a single character
B)Reformat the hard drive using standard disk utilities
C)Delete all active data from the hard drive
D)Use a forensic tool to physically clean the hard drive
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
15
When a copy is made,the contents of a hard drive are stored as a series of compressed ________ files.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
16
The first step in analyzing data is to _________ it.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following tools is designed for use with Linux systems?

A)BlackBag
B)WinHex
C)Autopsy
D)PDA Seizure
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
18
A forensics lab should have all of the following applications on hand EXCEPT

A)Microsoft Office versions
B)ClarisWorks
C)Peachtree Accounting
D)Visual Basic
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
19
Encase softwarecan be used for all e-mail investigations EXCEPT which of the following?

A)GoogleMail
B)Hotmail
C)Outlook
D)AOL
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
20
Data may be hidden by all of the following methods EXCEPT

A)Using special characters in the actual name
B)Renaming to a common name used by the operating system
C)Encrypting the file
D)Password-protecting the file
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
21
You may need to do a(n)________ analysis during a hacker attack or other intrusion.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
22
A(n)________ can cause MD5 hashes to be different if different tools are used to acquire a disk image.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
23
________,from Paraben Forensics,is a comprehensive tool for investigating the contents of Palm Pocket PCs that run on Windows CE.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
24
________ is another name for the security key you need to access a system when using EnCase.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
25
A computer forensic specialist may examine the ________ to ascertain the true identity of a file.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
26
A forensics lab is typically considered to be a(n)________ environment.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
27
One ________ can be saved on numerous servers and be forwarded to a person unknown to its author.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
28
A drive image is "fingerprinted" using an encryption technique called ________.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
29
________ data can include spreadsheets,databases,and word processing files.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
30
A dead analysis is also referred to as a(n)________ analysis.
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
31
Match between columns
Premises:
Responses:
Active data
A file renamed to look like an operating system file
Active data
Data easily viewed through file manager programs
Active data
Cache files and history files
Active data
File space that is now available for being written to
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
32
Match between columns
Premises:
Responses:
Scanner
Software used to destroy system log trails
Scanner
Tools used to mask a person's online identity
Scanner
Used to break encrypted password files
Scanner
Used to identify services running on a network
Scanner
Used to impersonate someone else's identity
Scanner
Keep detailed records and photographs
Scanner
Verify the integrity of the copy to the source
Scanner
Create a copy without altering the original
Scanner
Ensure fairness in the evaluation
Scanner
Perform the technical analysis while retaining its integrity
Spoofer
Software used to destroy system log trails
Spoofer
Tools used to mask a person's online identity
Spoofer
Used to break encrypted password files
Spoofer
Used to identify services running on a network
Spoofer
Used to impersonate someone else's identity
Spoofer
Keep detailed records and photographs
Spoofer
Verify the integrity of the copy to the source
Spoofer
Create a copy without altering the original
Spoofer
Ensure fairness in the evaluation
Spoofer
Perform the technical analysis while retaining its integrity
Presumption of evidence
Software used to destroy system log trails
Presumption of evidence
Tools used to mask a person's online identity
Presumption of evidence
Used to break encrypted password files
Presumption of evidence
Used to identify services running on a network
Presumption of evidence
Used to impersonate someone else's identity
Presumption of evidence
Keep detailed records and photographs
Presumption of evidence
Verify the integrity of the copy to the source
Presumption of evidence
Create a copy without altering the original
Presumption of evidence
Ensure fairness in the evaluation
Presumption of evidence
Perform the technical analysis while retaining its integrity
Document the activities
Software used to destroy system log trails
Document the activities
Tools used to mask a person's online identity
Document the activities
Used to break encrypted password files
Document the activities
Used to identify services running on a network
Document the activities
Used to impersonate someone else's identity
Document the activities
Keep detailed records and photographs
Document the activities
Verify the integrity of the copy to the source
Document the activities
Create a copy without altering the original
Document the activities
Ensure fairness in the evaluation
Document the activities
Perform the technical analysis while retaining its integrity
Password cracker
Software used to destroy system log trails
Password cracker
Tools used to mask a person's online identity
Password cracker
Used to break encrypted password files
Password cracker
Used to identify services running on a network
Password cracker
Used to impersonate someone else's identity
Password cracker
Keep detailed records and photographs
Password cracker
Verify the integrity of the copy to the source
Password cracker
Create a copy without altering the original
Password cracker
Ensure fairness in the evaluation
Password cracker
Perform the technical analysis while retaining its integrity
Anonymous remailer
Software used to destroy system log trails
Anonymous remailer
Tools used to mask a person's online identity
Anonymous remailer
Used to break encrypted password files
Anonymous remailer
Used to identify services running on a network
Anonymous remailer
Used to impersonate someone else's identity
Anonymous remailer
Keep detailed records and photographs
Anonymous remailer
Verify the integrity of the copy to the source
Anonymous remailer
Create a copy without altering the original
Anonymous remailer
Ensure fairness in the evaluation
Anonymous remailer
Perform the technical analysis while retaining its integrity
Nuker
Software used to destroy system log trails
Nuker
Tools used to mask a person's online identity
Nuker
Used to break encrypted password files
Nuker
Used to identify services running on a network
Nuker
Used to impersonate someone else's identity
Nuker
Keep detailed records and photographs
Nuker
Verify the integrity of the copy to the source
Nuker
Create a copy without altering the original
Nuker
Ensure fairness in the evaluation
Nuker
Perform the technical analysis while retaining its integrity
Preponderance of evidence
Software used to destroy system log trails
Preponderance of evidence
Tools used to mask a person's online identity
Preponderance of evidence
Used to break encrypted password files
Preponderance of evidence
Used to identify services running on a network
Preponderance of evidence
Used to impersonate someone else's identity
Preponderance of evidence
Keep detailed records and photographs
Preponderance of evidence
Verify the integrity of the copy to the source
Preponderance of evidence
Create a copy without altering the original
Preponderance of evidence
Ensure fairness in the evaluation
Preponderance of evidence
Perform the technical analysis while retaining its integrity
Proof beyond reasonable doubt
Software used to destroy system log trails
Proof beyond reasonable doubt
Tools used to mask a person's online identity
Proof beyond reasonable doubt
Used to break encrypted password files
Proof beyond reasonable doubt
Used to identify services running on a network
Proof beyond reasonable doubt
Used to impersonate someone else's identity
Proof beyond reasonable doubt
Keep detailed records and photographs
Proof beyond reasonable doubt
Verify the integrity of the copy to the source
Proof beyond reasonable doubt
Create a copy without altering the original
Proof beyond reasonable doubt
Ensure fairness in the evaluation
Proof beyond reasonable doubt
Perform the technical analysis while retaining its integrity
Presumption
Software used to destroy system log trails
Presumption
Tools used to mask a person's online identity
Presumption
Used to break encrypted password files
Presumption
Used to identify services running on a network
Presumption
Used to impersonate someone else's identity
Presumption
Keep detailed records and photographs
Presumption
Verify the integrity of the copy to the source
Presumption
Create a copy without altering the original
Presumption
Ensure fairness in the evaluation
Presumption
Perform the technical analysis while retaining its integrity
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 32 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree