CEDS -Canada Exam Preparation
Manual - Ch 2 Questions with
Complete Solutions.
What are shared resources in a network environment? - Answer Shared resources include
file servers or network storage that can be accessed by multiple users within an organization.
What is a file server? - Answer A file server is a computer that stores and manages files,
providing access to documents and resources across a network.
What are common tasks a file server may handle in a business? - Answer File servers can
store user data, run applications, manage printing, route Internet traffic, and handle email
stores.
What is a Document Management System (DMS)? - Answer A DMS (e.g., iManage,
SharePoint) organizes and manages documents on a file server, storing metadata such as
document numbers and user access information.
What is a virtual file server? - Answer A virtual file server functions like a physical file server
but is a partition within a larger operating system, allowing multiple servers to share the same
hardware.
What is the advantage of using virtual file servers? - Answer Virtual file servers are more
cost-effective, share resources efficiently, and are easier to maintain compared to physical
servers.
What are the two ways to collect data from a file server? - Answer 1) Forensic collection 2)
Targeted collection
What is forensic collection? - Answer Forensic collection creates a bit-by-bit copy of a storage
device, preserving all data and metadata, including deleted files, for investigation purposes.
What is targeted collection? - Answer Targeted collection focuses on gathering specific active
files, such as user-created documents, limited by file type, date range, or custodian.
Regardless of which collection method used, what is the most important aspect to a collection?
- Answer ensuring that steps are taken to prevent altering the file and the system and
application metadata during the collection.
, Why is it important to verify hash values during data collection? - Answer Hash values
uniquely identify files, ensuring that no files have been altered during the collection process.
What happens when a file is deleted from a file server? - Answer The file name may be
removed, but the file could remain in unallocated space until overwritten, meaning the file is
not necessarily permanently deleted.
How do solid-state drives (SSDs) handle file deletion compared to traditional hard drives? -
Answer SSDs delete files immediately and permanently, unlike traditional hard drives, which
may leave deleted files in unallocated space.
What must practitioners understand about file shares in a server environment? - Answer
Practitioners must understand how file shares are mapped, who has access, and what
potentially relevant evidence can be derived from them.
What are file shares in a server environment? - Answer File shares are storage locations or
partitions on a server that are accessible to authorized users for storing and accessing files.
How do email clients interact with email servers? - Answer Email clients serve as the user
interface, allowing users to access email messages stored on the server or on their local
workstation.
What is important for email preservation and collection efforts? - Answer Knowing if
messages remain on the server after delivery, if they are logged by number, date, time,
sender/recipient, and whether they include attachments.
How do cloud-based email systems store email? - Answer Cloud-based email systems, like
Office 365, store messages in the cloud, while users access them through client workstations,
laptops, or mobile devices.
What is journaling in email systems? - Answer Journaling records all email communications
in an organization to satisfy regulatory and compliance requirements, often used in highly
regulated industries like investment banking.
What is data archiving? - Answer Data archiving involves backing up and removing data from
its native environment to store it elsewhere, reducing strain on active data storage.
How are email messages stored in email systems like Microsoft Exchange? - Answer Email
messages are stored in a database, such as the Exchange Database (EDB file), which includes
email messages, calendar appointments, tasks, and contacts.
Manual - Ch 2 Questions with
Complete Solutions.
What are shared resources in a network environment? - Answer Shared resources include
file servers or network storage that can be accessed by multiple users within an organization.
What is a file server? - Answer A file server is a computer that stores and manages files,
providing access to documents and resources across a network.
What are common tasks a file server may handle in a business? - Answer File servers can
store user data, run applications, manage printing, route Internet traffic, and handle email
stores.
What is a Document Management System (DMS)? - Answer A DMS (e.g., iManage,
SharePoint) organizes and manages documents on a file server, storing metadata such as
document numbers and user access information.
What is a virtual file server? - Answer A virtual file server functions like a physical file server
but is a partition within a larger operating system, allowing multiple servers to share the same
hardware.
What is the advantage of using virtual file servers? - Answer Virtual file servers are more
cost-effective, share resources efficiently, and are easier to maintain compared to physical
servers.
What are the two ways to collect data from a file server? - Answer 1) Forensic collection 2)
Targeted collection
What is forensic collection? - Answer Forensic collection creates a bit-by-bit copy of a storage
device, preserving all data and metadata, including deleted files, for investigation purposes.
What is targeted collection? - Answer Targeted collection focuses on gathering specific active
files, such as user-created documents, limited by file type, date range, or custodian.
Regardless of which collection method used, what is the most important aspect to a collection?
- Answer ensuring that steps are taken to prevent altering the file and the system and
application metadata during the collection.
, Why is it important to verify hash values during data collection? - Answer Hash values
uniquely identify files, ensuring that no files have been altered during the collection process.
What happens when a file is deleted from a file server? - Answer The file name may be
removed, but the file could remain in unallocated space until overwritten, meaning the file is
not necessarily permanently deleted.
How do solid-state drives (SSDs) handle file deletion compared to traditional hard drives? -
Answer SSDs delete files immediately and permanently, unlike traditional hard drives, which
may leave deleted files in unallocated space.
What must practitioners understand about file shares in a server environment? - Answer
Practitioners must understand how file shares are mapped, who has access, and what
potentially relevant evidence can be derived from them.
What are file shares in a server environment? - Answer File shares are storage locations or
partitions on a server that are accessible to authorized users for storing and accessing files.
How do email clients interact with email servers? - Answer Email clients serve as the user
interface, allowing users to access email messages stored on the server or on their local
workstation.
What is important for email preservation and collection efforts? - Answer Knowing if
messages remain on the server after delivery, if they are logged by number, date, time,
sender/recipient, and whether they include attachments.
How do cloud-based email systems store email? - Answer Cloud-based email systems, like
Office 365, store messages in the cloud, while users access them through client workstations,
laptops, or mobile devices.
What is journaling in email systems? - Answer Journaling records all email communications
in an organization to satisfy regulatory and compliance requirements, often used in highly
regulated industries like investment banking.
What is data archiving? - Answer Data archiving involves backing up and removing data from
its native environment to store it elsewhere, reducing strain on active data storage.
How are email messages stored in email systems like Microsoft Exchange? - Answer Email
messages are stored in a database, such as the Exchange Database (EDB file), which includes
email messages, calendar appointments, tasks, and contacts.
