1. In Windows, this represents the current user's Documents folder and a very important place to look during an investigation.

a. C:\Program Files

b. C:\Windows document and settings

c. C:\users

d. C:\users\username\Documents

2 What tool do you use to view processes and thread statistics on a system?

a. pslist

b. psinfo

c. netstat

d. listdlls

3.This sort of attack involves the attacker sending anunlimittedsynchronize requests to the host system.

a. Syn flood attack

b. Denial of service attack

c. land attack

d. ping of death attack

4 Which Federal Rule states that an expert witness can, in many cases, offer an opinion as to the ultimate issue in case?

a. 704

b. 703

c. 401

d. 705

5 What do you call this boot process where the system checks to see if the drives, keyboard and other key items are present and working?process

a. BIOS

b. POST

c. MBR

d. NTLDR

6 This particular registry lets you know if a given folder was accessed.

a. Shellbag

b. Prefetch

c. UserAssist

d. VSS

7 This describes information that helps explain other evidence.

a. Demonstrative evidence

b. Real evidence

c. Testimonial evidence

d. Documentary evidence

8 This term refers to the functional dimensions of a drive in terms of the number of heads, cylinders, and sectors per track.

a. slack space

b. drive geometry

c. low level format

d. hard drive geometry

9 This describes a physical object that someone can touch, hold, or directly observe.

a. Demonstrative evidence.

b. Real evidence

c. Documentary evidence

d. Testimonial evidence

10 What is information that is used to explain other evidence?

a. Real evidence

b. Documentary evidence

c. Demonstrative evidence

d. Testimonial evidence

11 This term refers to a process where the disaster recovery team contemplates likely disasters and what impact each would have on the organization.

a. Business impact analysis

b. Disaster recovery analysis

c. Recovery plan

d. Fail safe plan

12 This field describes the study of the source and content of email as evidence.

a. Network forensics

b. Email forensics

c. Software forensics

d. Cell-phone forensics

13 This field describes the process of acquiring and analyzing information stored on physical storage media, such as computer hard drives, smartphones, GPS systems, and removable media.

a. Email forensics

b. Disk forensics

c. Software forensics

d. Mobile forensics

14 This describes data stored as written matter, on paper or in electronic files.

a. Testimonial evidence

b. Real evidence

c. Documentary evidence

d. Demonstrative evidence

15 This term refers to the average time it takes to repair an item.

a. MTTR

b. MTBF

c. MTD

d. MFD

16 This malware is designed to harm the system when some logical condition is reached (e.g. a specfic date and time).

a. Trojan horse

b. logic bomb

c. phishing

d. timed bomb

17 Which Federal Rule states that an expert may base an opinion on facts that the expert has been made aware of or personally observed?

a. 703

b. 704

c. 705

d. 706

18 This describes computer software or hardware that can intercept and log traffic passing over a digital network.

a. Snorter

b. Sniffer

c. Router

d. Fraggle

19 This term describes space that can be used to hide data.

a. slack space

b. cluster space

c. unallocated space

d. free space

20 Which Federal Rule states that evidence is relevant if (a) it has any tendency to make a fact more or less probable than it would be without the evidence and (b) the fact is of consequence in determining the action?

a. 703

b. 704

c. 401

d. 705

Digital Forensics Tools & Tech (MSDF-530-40)