Scribd
Upload
35 views2 pages

2.2 Ques

CNET239 review questions

Uploaded by

achyuth2806
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views2 pages

2.2 Ques

CNET239 review questions

Uploaded by

achyuth2806
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

6/10/24, 10:15 PM Print Preview

Chapter 2: The Investigator’s Office and Laboratory Review Questions


Book Title: Guide to Computer Forensics and Investigations: Processing Digital Evidence
Printed By: Achyuth Chilakamari ([email protected])
© 2019 Cengage Learning, Cengage Learning

Review Questions

1. Directory Snoop is designed to work with which of the following file systems?
(Choose all that apply.)

a. HFS+

b. NTFS

c. Ext4

d. FAT

2. Disk images don’t include the MFT. True or False?

3. Which statement about Directory Snoop’s Cluster, Copy to file menu choice is
true?

a. It doesn’t copy the MFT because it isn’t needed during analysis.

b. It copies all cluster data, including the MFT and unallocated free space,
from the original storage device.

c. It can copy all or specific clusters of a disk drive.

d. It copies only data files; it doesn’t include unallocated free space.

4. What’s the purpose of a write-blocker?

a. Preventing any data on the original storage device from being


overwritten, which would violate the chain of custody

b. Preventing any data from being written to the forensic image

c. Creating file hash values

d. Duplicating the MFT

5. What’s the purpose of disk imaging? (Choose all that apply.)

a. Allowing investigators to calculate hash values

https://ng.cengage.com/static/nb/ui/evo/index.html?deploymentId=60442525455045326071983335&eISBN=9781337568975&id=2078508478&snaps… 1/2
6/10/24, 10:15 PM Print Preview

b. Giving investigators a way to analyze data without destroying potential


evidence on the original medium

c. Maintaining the chain of custody

d. Creating extra copies to share with other investigators

Chapter 2: The Investigator’s Office and Laboratory Review Questions


Book Title: Guide to Computer Forensics and Investigations: Processing Digital Evidence
Printed By: Achyuth Chilakamari ([email protected])
© 2019 Cengage Learning, Cengage Learning

© 2024 Cengage Learning Inc. All rights reserved. No part of this work may by reproduced or used in any form or by any means -
graphic, electronic, or mechanical, or in any other manner - without the written permission of the copyright holder.

https://ng.cengage.com/static/nb/ui/evo/index.html?deploymentId=60442525455045326071983335&eISBN=9781337568975&id=2078508478&snaps… 2/2

You might also like