1|Page
WGU D431 OBJECTIVE ASSESSMENT EXAM LATEST 2025 ACTUAL
EXAM WITH COMPLETE QUESTIONS AND CORRECT DETAILED
ANSWERS (100% VERIFIED ANSWERS) |ALREADY GRADED A+|
||PROFESSOR VERIFIED|| ||BRANDNEW!!!||
This was designed as an area where computer vendors could
store data that is protected from user activities and operating
system utilities, such as delete and format. To hide data in the
HPA, a person would need to write a program to access the HPA
and write the data - ANSWER-Host protected area (HPA)
This requires only a single sector, leaving 62 empty sectors of
MBR space for hiding data. - ANSWER-Master boot record (MBR)
This is the space that remains on a hard drive if the partitions do
not use all the available space. For example, suppose that two
partitions are filled with data. When you delete one of them, its
data is not actually deleted. Instead, it is hidden - ANSWER-
Volume slack
An operating system can't access any unallocated space in a
partition. That space may contain hidden data. - ANSWER-
Unallocated space
,2|Page
Suppose that someone manipulates the file system metadata to
mark unused blocks as bad. The operating system will no longer
access these blocks. These blocks can then be used to hide data
- ANSWER-Good blocks marked as bad
File slack is the unused space that is created between the end of
file and the end of the last data cluster assigned to a file -
ANSWER-File slack
The advanced forensic file format (abbreviated AFF) was invented
by Basis Technology. It is an open file standard with three
variations: AFF, AFM, and AFD. The AFF variation stores all data
and metadata in a single file. The AFM variation stores the data
and the metadata in separate files, while the AFD variation stores
the data and metadata in multiple small files. The AFF file format
is part of the AFF Library and Toolkit, which is a set of open-
source computer forensics programs. Sleuth Kit and Autopsy both
support this file format. - ANSWER-The Advanced Forensic
Format
, 3|Page
The encase format is a proprietary format that is defined by
Guidance Software for use in its encase tool to store hard drive
images and individual files. It includes a hash of the file to ensure
nothing was changed when it was copied from the source -
ANSWER-encase
Encase from Guidance Software is a very widely used forensic
toolkit. This tool allows the examiner to connect an Ethernet cable
or null modem cable to a suspect machine and to view the data
on that machine. Encase prevents the examiner from making any
accidental changes to the suspect machine. - ANSWER-encase
From accessdata is another widely used forensic analysis tool
that is also very popular with law enforcement. You can get
additional details at the company's website,
http://accessdata.com/product-download/digital-forensics, but this
section reviews some basics of the tool. - ANSWER-The Forensic
Toolkit (FTK)
The Sleuth Kit is a collection of command-line tools that are
available as a free download. You can get them from this site:
http://www.sleuthkit.org/sleuthkit/. This toolset is neither as rich
WGU D431 OBJECTIVE ASSESSMENT EXAM LATEST 2025 ACTUAL
EXAM WITH COMPLETE QUESTIONS AND CORRECT DETAILED
ANSWERS (100% VERIFIED ANSWERS) |ALREADY GRADED A+|
||PROFESSOR VERIFIED|| ||BRANDNEW!!!||
This was designed as an area where computer vendors could
store data that is protected from user activities and operating
system utilities, such as delete and format. To hide data in the
HPA, a person would need to write a program to access the HPA
and write the data - ANSWER-Host protected area (HPA)
This requires only a single sector, leaving 62 empty sectors of
MBR space for hiding data. - ANSWER-Master boot record (MBR)
This is the space that remains on a hard drive if the partitions do
not use all the available space. For example, suppose that two
partitions are filled with data. When you delete one of them, its
data is not actually deleted. Instead, it is hidden - ANSWER-
Volume slack
An operating system can't access any unallocated space in a
partition. That space may contain hidden data. - ANSWER-
Unallocated space
,2|Page
Suppose that someone manipulates the file system metadata to
mark unused blocks as bad. The operating system will no longer
access these blocks. These blocks can then be used to hide data
- ANSWER-Good blocks marked as bad
File slack is the unused space that is created between the end of
file and the end of the last data cluster assigned to a file -
ANSWER-File slack
The advanced forensic file format (abbreviated AFF) was invented
by Basis Technology. It is an open file standard with three
variations: AFF, AFM, and AFD. The AFF variation stores all data
and metadata in a single file. The AFM variation stores the data
and the metadata in separate files, while the AFD variation stores
the data and metadata in multiple small files. The AFF file format
is part of the AFF Library and Toolkit, which is a set of open-
source computer forensics programs. Sleuth Kit and Autopsy both
support this file format. - ANSWER-The Advanced Forensic
Format
, 3|Page
The encase format is a proprietary format that is defined by
Guidance Software for use in its encase tool to store hard drive
images and individual files. It includes a hash of the file to ensure
nothing was changed when it was copied from the source -
ANSWER-encase
Encase from Guidance Software is a very widely used forensic
toolkit. This tool allows the examiner to connect an Ethernet cable
or null modem cable to a suspect machine and to view the data
on that machine. Encase prevents the examiner from making any
accidental changes to the suspect machine. - ANSWER-encase
From accessdata is another widely used forensic analysis tool
that is also very popular with law enforcement. You can get
additional details at the company's website,
http://accessdata.com/product-download/digital-forensics, but this
section reviews some basics of the tool. - ANSWER-The Forensic
Toolkit (FTK)
The Sleuth Kit is a collection of command-line tools that are
available as a free download. You can get them from this site:
http://www.sleuthkit.org/sleuthkit/. This toolset is neither as rich
