CJUS 542 Test 2

CJUS 542 Test 2 Liberty University

CJUS 542 Quiz 2 Analysis and Verication/Volatile and Non- Volatile Data

Covers the Textbook material from Module 3: Week 3 – Module 5: Week 5.

1. What are records in the MFT called?
2. Which certicate provides a mechanism for recovering les encrypted with EFS if there is a problem with the user’s original private key?
3. Typically, a virtual machine consists of just one le.
4. The first MS-DOS tools that analyzed and extracted data from oppy disks and hard disks were used with which type of PC le systems?
5. In Windows 2000 and later, which command shows you the le owner if you have multiple users on the system or network?
6. Hardware manufacturers have designed most computer components to last about 36 months between failures.
7. What macOS system application tracks each block on a volume to determine which blocks are in use and which ones are available to receive data?
8. Where are directories and les stored on a disk drive?
9. Ext3 is a journaling version of Ext2 that has a built-in le recovery mechanism used after a crash.
10. What kinds of images are based on mathematical instructions that dene lines, curves, text, ovals, and other geometric shapes?
11. How may computer programs be registered under copyright laws?
12. The two major forms of steganography are insertion and substitution.
13. Which data-hiding technique changes data from readable code to data that looks like binary executable code?
14. In addition to search warrants, what defines the scope of civil and criminal cases?
15. Most organizations keep e-mail for longer than 90 days.
16. On which OSI model layers do most packet analyzers operate?
17. Which type of strategy hides the most valuable data at the innermost part of the network?
18. Type 1 hypervisors are usually the ones you find loaded on a suspect machine.
19. Briey describe the differences between brute-force attacks and dictionary attacks to crack passwords.
20. How should you proceed if your network forensic investigation involves other companies?

Set 1

1. Which AccessData feature compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data?
2. Some notable UNIX distributions included Silicon Graphics, (SGI) IRIX, Santa Cruz Operation (SCO) UnixWare, Sun Solaris, IBM AIX, and HP-UX.
3. What technology is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure?
4. When intruders break into a network, they rarely leave a trail
5. Hardware manufacturers have designed most computer components to last about 36 months between
6. Type 2 hypervisors cannot be used on
7. What specifies the Windows XP path installation and contains options for selecting the Windows version?
8. What type of laws should computer investigators be especially aware of when working with image files in order to avoid infringement violations?
9. Briefly explain the NIST general approach for testing computer forensics
10. What should be created in order to begin a digital forensics case?
11. What are some of the steps for conducting a forensic analysis of virtual machines?
12. What term is used for the machines used in a DDoS attack?
13. On which OSI model layers do most packet analyzers operate?
14. In a file’s inode, what are the first 10 pointers called?
15. In the NTFS MFT, all files and folders are stored in separate records of how many bytes each?
16. What term refers to a column of tracks on two or more disk platters?
17. What technique has been used to protect copyrighted material by inserting digital watermarks into a file?
18. What are BitLocker’s current hardware and software requirements?
19. One way to examine a partition’s physical level is to use a disk editor, such as WinHex, or Hex
20. How does the Known File Filter program work?

Set 2

1. Which header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03?
2. Summarize the evolution of FAT versions.
3. Which type of strategy hides the most valuable data at the innermost part of the network?
4. Network logs record traffic in and out of a network.
5. Match each item with a statement below
6. In which type of attack does the attacker keep asking the server to establish a connection?
7. If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.
8. What are BitLocker’s current hardware and software requirements?
9. Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM.
10. What enables the user to run another OS on an existing physical computer (known as the host computer) by emulating a computer’s hardware environment?
11. The HFS and HFS+ file systems have four descriptors for the end of a file (EOF).
12. Which filename refers to a core Win32 subsystem DLL file?
13. When intruders break into a network, they rarely leave a trail behind.
14. Briefly explain NTFS compressed files.
15. Briefly describe image examination methods for macOS.
16. Which filename refers to the device driver that allows the OS to communicate with SCSI or ATA drives that aren’t related to the BIOS?
17. Which data-hiding technique changes data from readable code to data that looks like binary executable code?
18. In macOS, in addition to allocation blocks, what kind of blocks do volumes have?
19. How may computer programs be registered under copyright laws?
20. How can you make sure a subject’s computer boots to a forensic floppy disk or CD?