EXAM COMPLETE QUESTIONS AND
CORRECT DETAILED ANSWERS
(VERIFIED ANSWERS) |ALREADY
GRADED A+||BRAND NEW!!
Evidence is a determination made by: - Answer- The trier of fact
MAC times refer to - Answer- Modified, accessed and created times that are records
created by the filesystem as files are created, edited, or accessed.
The report conclusion should be: - Answer- The final part of the narrative.
Proper digital forensic investigations include (choose all that apply): - Answer- Using
proper methodologies.
Following proper processes.
Using proper procedures.
Sworn law enforcement officers: - Answer- Generally take an oath to uphold the law,
have the power of arrest, and carry a firearm.
Plaso's image_export command (choose all that apply): - Answer- Is a command-line
interface (CLI) tool.
Exports file content from a device, media image, or forensic image.
FTK Imager is (choose all that apply): - Answer- Able to provide MD5 and SHA-1 hash
values.
A freely available forensic software.
Capable of dd and E01 outputs.
File signature analysis can: - Answer- Identify file extension mismatches.
SSD devices differ from traditional hard drives in that: - Answer- They have a garbage
collection function.
Illicit images are (choose all that apply): - Answer- Sometimes shared through email.
Sometimes shared on Newsgroups/USENET.
Images that are considered contraband in a specific jurisdiction.
The goal of NTFS and FAT file systems is (choose all that apply): - Answer- Record file
metadata.