1. The data-hiding technique involving marking bad clusters is more
commonly used with what type of file system?
Select one:
a. NTFS
b. HFS
c. Ext2fs
d. FAT
2. Which tool was designed as an easy-to-use interface for inspecting and
analyzing large tcpdump files?
Select one:
a. Tcpread
m
b. Ethertext
er as
co
c. Etherape
eH w
d. Netdude
o.
rs e
ou urc
3. What contains file and directory metadata and provides a mechanism for
linking data stored in data blocks?
Select one:
o
a. Xnodes
aC s
v i y re
b. Extnodes
c. InfNodes
ed d
d. Inodes
ar stu
4. At a minimum, what do most company policies require that employers
have in order to initiate an investigation?
sh is
Select one:
Th
a. Confirmed suspicion that a law or policy is being violated.
b. Proof that a law or policy is being violated.
c. Court order stating that a law or policy is being violated.
d. Reasonable suspicion that a law or policy is being violated.
5. hat type of evidence do courts consider evidence data in a computer to
be?
Select one:
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 02:44:23 GMT -05:00
https://www.coursehero.com/file/66044309/ict-378-exam-answerdocx/
, a. Physical
b. Invalid
c. Virtual
d. Logical
6. Unused space in a cluster between the end of an active file's content and the
end of the cluster is called?
Drive slack
7. Community cloud is a way to bring people together for a specific purpose, for example, to access to
common files.
m
er as
co
8. Affidavit is a sworn statement of support of facts about or evidence of a crime that
eH w
is submitted to a judge to request a search warrant before seizing evidence
o.
9. Hearsay is a statement made while testifying at a hearing by someone
rs e
other than an actual witness to the event
ou urc
10. Court Order requires that the government offer specific and articulable facts
o
showing that there are reasonable grounds to believe that the contents of a wire or electronic
aC s
communication, or the records or other information sought, are relevant and material to an
v i y re
ongoing criminal investigation.
11. The validation function is the most challenging of all tasks for computer
ed d
investigators to master.
ar stu
Select one:
a. True
sh is
b. False
Th
12. Alternate data streams can obscure valuable evidentiary data,
intentionally or by coincidence.
Select one:
a. True
b. False
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 02:44:23 GMT -05:00
https://www.coursehero.com/file/66044309/ict-378-exam-answerdocx/
commonly used with what type of file system?
Select one:
a. NTFS
b. HFS
c. Ext2fs
d. FAT
2. Which tool was designed as an easy-to-use interface for inspecting and
analyzing large tcpdump files?
Select one:
a. Tcpread
m
b. Ethertext
er as
co
c. Etherape
eH w
d. Netdude
o.
rs e
ou urc
3. What contains file and directory metadata and provides a mechanism for
linking data stored in data blocks?
Select one:
o
a. Xnodes
aC s
v i y re
b. Extnodes
c. InfNodes
ed d
d. Inodes
ar stu
4. At a minimum, what do most company policies require that employers
have in order to initiate an investigation?
sh is
Select one:
Th
a. Confirmed suspicion that a law or policy is being violated.
b. Proof that a law or policy is being violated.
c. Court order stating that a law or policy is being violated.
d. Reasonable suspicion that a law or policy is being violated.
5. hat type of evidence do courts consider evidence data in a computer to
be?
Select one:
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 02:44:23 GMT -05:00
https://www.coursehero.com/file/66044309/ict-378-exam-answerdocx/
, a. Physical
b. Invalid
c. Virtual
d. Logical
6. Unused space in a cluster between the end of an active file's content and the
end of the cluster is called?
Drive slack
7. Community cloud is a way to bring people together for a specific purpose, for example, to access to
common files.
m
er as
co
8. Affidavit is a sworn statement of support of facts about or evidence of a crime that
eH w
is submitted to a judge to request a search warrant before seizing evidence
o.
9. Hearsay is a statement made while testifying at a hearing by someone
rs e
other than an actual witness to the event
ou urc
10. Court Order requires that the government offer specific and articulable facts
o
showing that there are reasonable grounds to believe that the contents of a wire or electronic
aC s
communication, or the records or other information sought, are relevant and material to an
v i y re
ongoing criminal investigation.
11. The validation function is the most challenging of all tasks for computer
ed d
investigators to master.
ar stu
Select one:
a. True
sh is
b. False
Th
12. Alternate data streams can obscure valuable evidentiary data,
intentionally or by coincidence.
Select one:
a. True
b. False
This study source was downloaded by 100000793680026 from CourseHero.com on 06-16-2021 02:44:23 GMT -05:00
https://www.coursehero.com/file/66044309/ict-378-exam-answerdocx/
