with Verified Answers
Evidence is a determination made by: - ✔✔The trier of fact
MAC times refer to - ✔✔Modified, accessed and created times that are records created by the
filesystem as files are created, edited, or accessed.
The report conclusion should be: - ✔✔The final part of the narrative.
Proper digital forensic investigations include (choose all that apply): - ✔✔Using proper
methodologies.
Following proper processes.
Using proper procedures.
Sworn law enforcement officers: - ✔✔Generally take an oath to uphold the law, have the
power of arrest, and carry a firearm.
Plaso's image_export command (choose all that apply): - ✔✔Is a command-line interface (CLI)
tool.
Exports file content from a device, media image, or forensic image.
FTK Imager is (choose all that apply): - ✔✔Able to provide MD5 and SHA-1 hash values.
A freely available forensic software.
Capable of dd and E01 outputs.
File signature analysis can: - ✔✔Identify file extension mismatches.
, SSD devices differ from traditional hard drives in that: - ✔✔They have a garbage collection
function.
Illicit images are (choose all that apply): - ✔✔Sometimes shared through email.
Sometimes shared on Newsgroups/USENET.
Images that are considered contraband in a specific jurisdiction.
The goal of NTFS and FAT file systems is (choose all that apply): - ✔✔Record file metadata.
To mark occupied clusters.
To record which clusters are allocated and non-allocated.
Proper evidence handling includes (choose all that apply): - ✔✔Every time someone checks the
evidence.
The security of the evidence.
Transportation to the lab.
Collection in the field.
Source and destination media: - ✔✔Are seldom of the exact same make, model and capacity.
When a file is deleted in a FAT filesystem (choose all that apply): - ✔✔The first character of the
directory entry is changed.
The file allocation table entries are reset to zero.
The data itself is unchanged.
The best working copy for a digital forensic exam is: - ✔✔A forensic image.
BIOS stands for: - ✔✔Basic Input/Output System.