In a forensic examination of hard drives for digital evidence, what type of user is most likely to have the most file slack to analyze?

• A.one who uses dynamic swap file capability
• B.one who has NTFS 4 or 5 partitions
• C.one who has lots of allocation units per block or cluster
• D.one who uses hard disk writes on IRQ 13 and 21

Comment: *

Name: *

Email: *

Verification: *

An investigator seized a notebook device installed with a Microsoft Windows OS. Which type of files would support an investigation of the data size and structure in the device?

• A.Ext2 and Ext4
• B.NTFSandFAT
• C.HFS and GNUC
• D.APFSandHFS

Comment: *

Name: *

Email: *

Verification: *

What is the location of the binary files required for the functioning of the OS in a Linux system?

• A./bin
• B./root
• C./run
• D./sbin

Comment: *

Name: *

Email: *

Verification: *

What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired?

• A.Every byte of the file(s) is verified using 32-bit CRC
• B.Every byte of the file(s) is given an MD5 hash to match against a master file
• C.Every byte of the file(s) is copied to three different hard drives
• D.Every byte of the file(s) is encrypted using three different methods

Comment: *

Name: *

Email: *

Verification: *

A breach resulted from a malware attack that evaded detection and compromised the machine memory without installing any software or accessing the hard drive. What technique did the adversaries use to deliver the attack?

• A.Spyware
• B.Trojan
• C.JavaScript
• D.Fileless

Comment: *

Name: *

Email: *

Verification: *