Only need Solutions!

$16$

Many vendors have developed write$-$blocking devices that connect to a computer through FireWire, $(?)2\mathrm{.}0$ and $3\mathrm{.}0,$ SATA, PATA, and SCSI controllers.

A$.$ IDE

B$.$ PCMCIA

C$.$ LCD

D$.$ USB

$17$

The standards document, $(?),$ demands accuracy for all aspects of the testing process, meaning that the results must be repeatable and reproducible.

A$.$ ISO $3657$

B$.$ ISO $5321$

C$.$ ISO $5725$

D$.$ ISO $17025$

$18$

An MD$5$ hash taken when a computer drive is acquired is used to check for changes, alterations, or errors.

A$.$ True

B$.$ False

$19$

One technique for extracting evidence from large systems is called $(?).$

A$.$ RAID imaging

B$.$ large evidence file recovery

C$.$ RAID copy

D$.$ sparse acquisition

$20$

What kind of data changes rapidly and may be lost when the machine that holds it is powered down?

A$.$ Non$-$volatile data

B$.$ A hash

C$.$ Persistent data

D$.$ Volatile data

$21$

Before imaging a drive, you must forensically wipe the target drive to ensure no residual data remains.

A$.$ True

B$.$ False

$22$

Computers used several OSs before Windows and MS$-$DOS dominated the market.

A$.$ True

B$.$ False

$23$

Hardware manufacturers have designed most computer components to last about $36$ months between failures.

A$.$ True

B$.$ False

$24$

When an investigator finds a mix of information, judges often issue a limiting phrase to the warrant, which allows the police present all evidence together.

A$.$ True

B$.$ False

$25$

A judge can exclude evidence obtained from a poorly worded warrant.

A$.$ True

B$.$ False

$26$

Digital forensics tools are divided into $(?)$ major categories.

A$.2$

B$.3$

C$.4$

D$.5$

$27$

One way to compare results and verify your a new tool is by using a $(?),$ such as HexWorkshop, or WinHex.

A$.$ write$-$blocker

B$.$ disk editor

C$.$ bit$-$stream copier

D$.$ disk imager

$28$

When recovering evidence from a contaminated crime scene, if the temperature in the contaminated room is higher than $(?)$ degrees, you should take measures to avoid damage to the drive from overheating.

A$.80$

B$.90$

C$.95$

D$.105$

$29$

The first tools that analyzed and extracted data from floppy disks and hard disks were MS$-$DOS tools for $(?)$ PC file systems.

A$.$ Commodore

B$.$ IBM

C$.$ Apple

D$.$ Atari

$30$

Which of the following is NOT true of chain of custody forms?

A$.$ A chain of custody form typically requires a signature.

B$.$ A chain of custody form is a federal form and is therefore universal.

C$.$ You typically need to use a separate chain of custody form for each drive you have removed from a suspect computer.

D$.$ Some forensic examiners use both an evidence form and a separate chain of custody form.