Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 10: Computer Forensics: Terminology and Requirements

Full screen (f)
exit full mode
Question
What are the two types of data extraction?

A) physical and logical
B) manual and automated
C) internal and external
D) accidental and intentional
Use Space or
up arrow
down arrow
to flip the card.
Question
Which lab system is capable of handling larger workloads simultaneously?

A) Better Lab System
B) Dream Lab System
C) Power Lab System
D) Basic Lab System
Question
Computer forensics helps which of the following groups in supporting claims of wrongful termination, sexual harassment, and age discrimination?

A) individuals
B) civil litigators
C) corporations
D) prosecutors
Question
ASCII code for defining characters is based on ________ code.

A) hexadecimal
B) binary
C) RAM
D) sector
Question
In which system are interpretative rules associated with a base of two with integers represented by zeroes and ones?

A) binary system
B) basic input/output system
C) hexadecimal system
D) encrypting file system
Question
What kind of programs should investigators employ to reveal hidden and deleted files, unlock encrypted files, and detect steganography?

A) both internal and external programs
B) only licensed programs
C) both manual and automated programs
D) only contemporary programs
Question
Which of the following programs reads disks a track at a time and calculates an algorithmic signature represented by unique file identifiers?

A) recovery
B) forensic
C) verification
D) imaging
Question
Which of the following is NOT true of computer forensic science?

A) It protects digital evidence from possible alterations.
B) It provides mechanisms for evidence duplication.
C) It encourages allegations of corruption on the part of investigators.
D) It enables the creation of forensically sound images useful for data analysis.
Question
Which of the following is NOT an advantage attributed to the introduction of disk operating systems?

A) It provides for the storage of documents in contiguous sectors.
B) It reduces the data management burden of applications.
C) It allows application-specific disk hierarchies.
D) It maximizes the use of limited space.
Question
Which of the following is NOT a traditional problem in computer investigations?

A) inadequate resources
B) lack of mechanisms for interpreting and relaying highly technical information
C) lack of communication and cooperation among agencies
D) evidence corruption
Question
Which of the following is an example of a disk recovery and extraction tool?

A) Tech Assist's ByteBack
B) Norton Utilities
C) Access Data's Forensic Toolkit
D) Ultimate Toolkit
Question
Which of the following can be attributed to the demand for a centralized disk operating system and the birth of DOS?

A) increased responsibilities among local police agencies
B) increased interest in emerging technology
C) increased consumer choice and market competition
D) increased concern for security of data
Question
Which of the following is NOT a step included in the logical extraction of data?

A) data reduction through comparison
B) extraction of file slack
C) recovery of deleted files
D) evaluation of the partition table
Question
Which of the following refers to the area of a computer that holds data during processing and is erased when power is shut down?

A) static memory
B) primary storage
C) volatile memory
D) secondary storage
Question
Which of the following are the three primary components of a computer?

A) hardware, firmware, operating systems
B) firmware, hardware, software
C) software, hardware, operating systems
D) firmware, software, Maresware
Question
Which of the following factors is most important in determining the type of tool to be used in a computer forensics investigation?

A) type of crime encountered
B) type of information
C) type of concealment
D) type of suspect device
Question
Which of the following is a single circular disk with concentric tracks that are turned by spindles under one or more heads?

A) logical drive
B) sector
C) fixed disk
D) floppy disk
Question
Which of the following is true of a hexadecimal system?

A) Interpretative rules are associated with a base of two with integers represented by zeroes and ones.
B) Interpretative rules are associated with a base of 16 with integers ranging from 0 to 9 and A to F.
C) The range of whole numbers that can be represented by a single byte is 0 to 255.
D) Investigators do not need to evaluate files with a hexadecimal viewer.
Question
A(n) ________FAT is used if a disk requires less than 65,536 but more than 4,096 clusters.

A) 4-bit
B) 16-bit
C) 8-bit
D) 32-bit
Question
The development and regular review of which of the following is essential as technology changes?

A) cyclical redundancy checksum
B) master boot record
C) standard operating procedures
D) cipher combination locks
Question
The BIOS is stored in the Encrypting File System (EFS).
Question
File systems allow end-users to perceive their document as multiple streams of bytes while providing for its storage in contiguous sectors.
Question
Which of the following tools are the most popular and stand-alone imaging utilities employed for forensic investigators?

A) EnCase and FastBloc
B) ByteBack and Safeback
C) DECLASFY and BRANDIT
D) Data Dumper and Grep
Question
Extraction of a file pertinent to an examination may be based on the file name and extension, file header, file content, and location on the drive.
Question
Which of the following programs extends decryption capabilities beyond a single computer by using the distributed power of multiple computers across a network to decrypt files and recover passwords?

A) Password Recovery Toolkit
B) FTK Imager
C) Distributed Network Attack
D) Registry Viewer
Question
Forensic imaging programs must be capable of making a bitstream duplicate or an image of an original disk or partition onto fixed or removable media.
Question
The physical extraction phase identifies and recovers files and data based on the installed operating system, file system, and/or application.
Question
The logical file size refers to the exact size of a file in bytes.
Question
Many agencies do not avail themselves of the free training courses provided by the FBI and the Federal Law Enforcement Training Center as the agencies are unable to afford the loss of personnel.
Question
The cluster size for a particular device is specified in which of the following?

A) master boot record
B) read-only memory
C) BIOS parameter block
D) file allocation table
Question
The statement of compliance or noncompliance with certain specifications or other requirements must be included in a report.
Question
A file system is the combination of a hardware device and computer instructions and data that reside as read-only software on that device.
Question
The smallest forms of data storage are represented by binary digits.
Question
Overt files are not hidden, deleted, or encrypted.
Question
Raw image files increase the costs associated with the maintenance of forensic laboratories and software libraries because they exhibit backward compatibility issues.
Question
Electronic data recovery should be reserved for instances when the instrumentality of computer technology has been demonstrated.
Question
Most contemporary integrated packages have stand-alone imaging programs.
Question
During analysis of digital evidence, which of the following elements is addressed?

A) password crackers
B) truncated entries
C) case number
D) actus reus
Question
A file system is the disk management platform employed by a particular operating system.
Question
Which of the following terms refers to a suspect's guilty mind or intent, as might be demonstrated by the use of data hiding or drive wiping techniques?

A) mens rea
B) harm
C) actus reus
D) ownership
Question
The ________ determines the size of the appropriate FAT based on the number of clusters necessary to represent the entire disk space.
Question
What is the first step in the development of computer forensic capabilities? Describe the minimum hardware requirements for a dream field system.
Question
________ is the fear of new technology.
Question
________ are devices and data at the electronic or machine level.
Question
The familiarity and utilization of ________ may result in a situation where investigators know just enough to make them potentially hazardous to the investigation.
Question
Microsoft's ________ provides more security and is more efficient in terms of utilization of storage space than FAT.
Question
Forensic laboratories should be equipped with ________ so that criminal contraband can be permanently removed from suspect machines.
Question
Evaluation of the ________ and unused space on the physical drive may identify the file systems present and determine if the entire physical size of the hard disk is accounted for.
Question
The use of ________ may force agencies to update software licenses or lose company support.
Question
________ enable investigators to perfectly duplicate a suspect drive onto a form of removable media.
Question
The advent of ________ required a corresponding mechanism to ensure that applications did not interfere with one another's data storage.
Question
________ can be used to identify and eliminate known files through the comparison of calculated hash values to authenticated hash values.
Question
A ________ is the number of bytes that represent about one-half page of text.
Question
Computer forensics helps ________ in pre-search warrant preparations and post-seizure handling of computer equipment.
Question
Explain how over-reliance on automated programs and self-proclaimed experts pose a problem in computer investigations.How can this problem be overcome?
Question
Define firmware.Describe the boot up sequence of a computer with particular reference to the BIOS found in IBM-compatible personal computers.
Question
Traditionally, suspect drivers and disks were copied at the ________ level.
Question
________ allow front-page viewing of multiple files, thus enabling investigators to quickly identify questionable graphics files.
Question
Discuss the development within mobile device forensic tools and suggest issues that need to be addressed to improve them.
Question
Describe the five general categories of data analysis tools.Illustrate with an example how file viewer software is used in child pornography cases.
Question
Match between columns
Premises:
Responses:
En Case Forensic
data recovery/extraction tool
En Case Forensic
guidance software
En Case Forensic
access data
En Case Forensic
imaging and verification software
En Case Forensic
wiping program
Disk edit
data recovery/extraction tool
Disk edit
guidance software
Disk edit
access data
Disk edit
imaging and verification software
Disk edit
wiping program
Byte Back
data recovery/extraction tool
Byte Back
guidance software
Byte Back
access data
Byte Back
imaging and verification software
Byte Back
wiping program
FTK Imager
data recovery/extraction tool
FTK Imager
guidance software
FTK Imager
access data
FTK Imager
imaging and verification software
FTK Imager
wiping program
The Coroner’s Toolkit
data recovery/extraction tool
The Coroner’s Toolkit
guidance software
The Coroner’s Toolkit
access data
The Coroner’s Toolkit
imaging and verification software
The Coroner’s Toolkit
wiping program
Question
Match between columns
Premises:
Responses:
Megabyte
one-half page of text
Megabyte
truck full of paper
Megabyte
a single character
Megabyte
one tenth of the Library of Congress
Megabyte
Small novel
Kilobyte
one-half page of text
Kilobyte
truck full of paper
Kilobyte
a single character
Kilobyte
one tenth of the Library of Congress
Kilobyte
Small novel
Nibble
one-half page of text
Nibble
truck full of paper
Nibble
a single character
Nibble
one tenth of the Library of Congress
Nibble
Small novel
Terabyte
one-half page of text
Terabyte
truck full of paper
Terabyte
a single character
Terabyte
one tenth of the Library of Congress
Terabyte
Small novel
Gigabyte
one-half page of text
Gigabyte
truck full of paper
Gigabyte
a single character
Gigabyte
one tenth of the Library of Congress
Gigabyte
Small novel
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/62
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 10: Computer Forensics: Terminology and Requirements
1
What are the two types of data extraction?

A) physical and logical
B) manual and automated
C) internal and external
D) accidental and intentional
A
2
Which lab system is capable of handling larger workloads simultaneously?

A) Better Lab System
B) Dream Lab System
C) Power Lab System
D) Basic Lab System
C
3
Computer forensics helps which of the following groups in supporting claims of wrongful termination, sexual harassment, and age discrimination?

A) individuals
B) civil litigators
C) corporations
D) prosecutors
A
4
ASCII code for defining characters is based on ________ code.

A) hexadecimal
B) binary
C) RAM
D) sector
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
5
In which system are interpretative rules associated with a base of two with integers represented by zeroes and ones?

A) binary system
B) basic input/output system
C) hexadecimal system
D) encrypting file system
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
6
What kind of programs should investigators employ to reveal hidden and deleted files, unlock encrypted files, and detect steganography?

A) both internal and external programs
B) only licensed programs
C) both manual and automated programs
D) only contemporary programs
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following programs reads disks a track at a time and calculates an algorithmic signature represented by unique file identifiers?

A) recovery
B) forensic
C) verification
D) imaging
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is NOT true of computer forensic science?

A) It protects digital evidence from possible alterations.
B) It provides mechanisms for evidence duplication.
C) It encourages allegations of corruption on the part of investigators.
D) It enables the creation of forensically sound images useful for data analysis.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following is NOT an advantage attributed to the introduction of disk operating systems?

A) It provides for the storage of documents in contiguous sectors.
B) It reduces the data management burden of applications.
C) It allows application-specific disk hierarchies.
D) It maximizes the use of limited space.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is NOT a traditional problem in computer investigations?

A) inadequate resources
B) lack of mechanisms for interpreting and relaying highly technical information
C) lack of communication and cooperation among agencies
D) evidence corruption
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following is an example of a disk recovery and extraction tool?

A) Tech Assist's ByteBack
B) Norton Utilities
C) Access Data's Forensic Toolkit
D) Ultimate Toolkit
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following can be attributed to the demand for a centralized disk operating system and the birth of DOS?

A) increased responsibilities among local police agencies
B) increased interest in emerging technology
C) increased consumer choice and market competition
D) increased concern for security of data
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is NOT a step included in the logical extraction of data?

A) data reduction through comparison
B) extraction of file slack
C) recovery of deleted files
D) evaluation of the partition table
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
14
Which of the following refers to the area of a computer that holds data during processing and is erased when power is shut down?

A) static memory
B) primary storage
C) volatile memory
D) secondary storage
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following are the three primary components of a computer?

A) hardware, firmware, operating systems
B) firmware, hardware, software
C) software, hardware, operating systems
D) firmware, software, Maresware
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following factors is most important in determining the type of tool to be used in a computer forensics investigation?

A) type of crime encountered
B) type of information
C) type of concealment
D) type of suspect device
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is a single circular disk with concentric tracks that are turned by spindles under one or more heads?

A) logical drive
B) sector
C) fixed disk
D) floppy disk
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following is true of a hexadecimal system?

A) Interpretative rules are associated with a base of two with integers represented by zeroes and ones.
B) Interpretative rules are associated with a base of 16 with integers ranging from 0 to 9 and A to F.
C) The range of whole numbers that can be represented by a single byte is 0 to 255.
D) Investigators do not need to evaluate files with a hexadecimal viewer.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
19
A(n) ________FAT is used if a disk requires less than 65,536 but more than 4,096 clusters.

A) 4-bit
B) 16-bit
C) 8-bit
D) 32-bit
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
20
The development and regular review of which of the following is essential as technology changes?

A) cyclical redundancy checksum
B) master boot record
C) standard operating procedures
D) cipher combination locks
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
21
The BIOS is stored in the Encrypting File System (EFS).
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
22
File systems allow end-users to perceive their document as multiple streams of bytes while providing for its storage in contiguous sectors.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
23
Which of the following tools are the most popular and stand-alone imaging utilities employed for forensic investigators?

A) EnCase and FastBloc
B) ByteBack and Safeback
C) DECLASFY and BRANDIT
D) Data Dumper and Grep
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
24
Extraction of a file pertinent to an examination may be based on the file name and extension, file header, file content, and location on the drive.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
25
Which of the following programs extends decryption capabilities beyond a single computer by using the distributed power of multiple computers across a network to decrypt files and recover passwords?

A) Password Recovery Toolkit
B) FTK Imager
C) Distributed Network Attack
D) Registry Viewer
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
26
Forensic imaging programs must be capable of making a bitstream duplicate or an image of an original disk or partition onto fixed or removable media.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
27
The physical extraction phase identifies and recovers files and data based on the installed operating system, file system, and/or application.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
28
The logical file size refers to the exact size of a file in bytes.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
29
Many agencies do not avail themselves of the free training courses provided by the FBI and the Federal Law Enforcement Training Center as the agencies are unable to afford the loss of personnel.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
30
The cluster size for a particular device is specified in which of the following?

A) master boot record
B) read-only memory
C) BIOS parameter block
D) file allocation table
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
31
The statement of compliance or noncompliance with certain specifications or other requirements must be included in a report.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
32
A file system is the combination of a hardware device and computer instructions and data that reside as read-only software on that device.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
33
The smallest forms of data storage are represented by binary digits.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
34
Overt files are not hidden, deleted, or encrypted.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
35
Raw image files increase the costs associated with the maintenance of forensic laboratories and software libraries because they exhibit backward compatibility issues.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
36
Electronic data recovery should be reserved for instances when the instrumentality of computer technology has been demonstrated.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
37
Most contemporary integrated packages have stand-alone imaging programs.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
38
During analysis of digital evidence, which of the following elements is addressed?

A) password crackers
B) truncated entries
C) case number
D) actus reus
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
39
A file system is the disk management platform employed by a particular operating system.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
40
Which of the following terms refers to a suspect's guilty mind or intent, as might be demonstrated by the use of data hiding or drive wiping techniques?

A) mens rea
B) harm
C) actus reus
D) ownership
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
41
The ________ determines the size of the appropriate FAT based on the number of clusters necessary to represent the entire disk space.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
42
What is the first step in the development of computer forensic capabilities? Describe the minimum hardware requirements for a dream field system.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
43
________ is the fear of new technology.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
44
________ are devices and data at the electronic or machine level.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
45
The familiarity and utilization of ________ may result in a situation where investigators know just enough to make them potentially hazardous to the investigation.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
46
Microsoft's ________ provides more security and is more efficient in terms of utilization of storage space than FAT.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
47
Forensic laboratories should be equipped with ________ so that criminal contraband can be permanently removed from suspect machines.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
48
Evaluation of the ________ and unused space on the physical drive may identify the file systems present and determine if the entire physical size of the hard disk is accounted for.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
49
The use of ________ may force agencies to update software licenses or lose company support.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
50
________ enable investigators to perfectly duplicate a suspect drive onto a form of removable media.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
51
The advent of ________ required a corresponding mechanism to ensure that applications did not interfere with one another's data storage.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
52
________ can be used to identify and eliminate known files through the comparison of calculated hash values to authenticated hash values.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
53
A ________ is the number of bytes that represent about one-half page of text.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
54
Computer forensics helps ________ in pre-search warrant preparations and post-seizure handling of computer equipment.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
55
Explain how over-reliance on automated programs and self-proclaimed experts pose a problem in computer investigations.How can this problem be overcome?
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
56
Define firmware.Describe the boot up sequence of a computer with particular reference to the BIOS found in IBM-compatible personal computers.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
57
Traditionally, suspect drivers and disks were copied at the ________ level.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
58
________ allow front-page viewing of multiple files, thus enabling investigators to quickly identify questionable graphics files.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
59
Discuss the development within mobile device forensic tools and suggest issues that need to be addressed to improve them.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
60
Describe the five general categories of data analysis tools.Illustrate with an example how file viewer software is used in child pornography cases.
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
61
Match between columns
Premises:
Responses:
En Case Forensic
data recovery/extraction tool
En Case Forensic
guidance software
En Case Forensic
access data
En Case Forensic
imaging and verification software
En Case Forensic
wiping program
Disk edit
data recovery/extraction tool
Disk edit
guidance software
Disk edit
access data
Disk edit
imaging and verification software
Disk edit
wiping program
Byte Back
data recovery/extraction tool
Byte Back
guidance software
Byte Back
access data
Byte Back
imaging and verification software
Byte Back
wiping program
FTK Imager
data recovery/extraction tool
FTK Imager
guidance software
FTK Imager
access data
FTK Imager
imaging and verification software
FTK Imager
wiping program
The Coroner’s Toolkit
data recovery/extraction tool
The Coroner’s Toolkit
guidance software
The Coroner’s Toolkit
access data
The Coroner’s Toolkit
imaging and verification software
The Coroner’s Toolkit
wiping program
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
62
Match between columns
Premises:
Responses:
Megabyte
one-half page of text
Megabyte
truck full of paper
Megabyte
a single character
Megabyte
one tenth of the Library of Congress
Megabyte
Small novel
Kilobyte
one-half page of text
Kilobyte
truck full of paper
Kilobyte
a single character
Kilobyte
one tenth of the Library of Congress
Kilobyte
Small novel
Nibble
one-half page of text
Nibble
truck full of paper
Nibble
a single character
Nibble
one tenth of the Library of Congress
Nibble
Small novel
Terabyte
one-half page of text
Terabyte
truck full of paper
Terabyte
a single character
Terabyte
one tenth of the Library of Congress
Terabyte
Small novel
Gigabyte
one-half page of text
Gigabyte
truck full of paper
Gigabyte
a single character
Gigabyte
one tenth of the Library of Congress
Gigabyte
Small novel
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 62 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree