Question

1.Which of the following is used to store information about disk partitions?

a.ReFS b.EFS c. MFT d.MBR

2.What feature of NTFS systems can be used to obscure information that might be used as evidence in an investigation?

a.ADS b.MBR c.MFT d.EFS

3. NTFS data encryption is achieved with which of the following technologies?

a.WDE b.ReFS c.EFS d.ADS

4. Which of the following keeps a record of attached hardware, user preferences, network connections, and installed software?

a.System.dat file b.Master Boot Record c.Master File Table d.Registry

5. Which of the following is NOT an example of a Microsoft filesystem?

a.NTFS b.FAT28 c.FAT16 d.FAT32

6. Which of the following are NOT functions necessary for digital forensics tools?

a.Extraction b.Obfuscation c.Acquisition d.Reporting

7.Which of the following organisations have a standard for verifying digital forensics tools?

a. ISACA b.FBI c.NIST d.CIA

8. Which of the following prevents contamination of evidence?

a.Encryption b.Read-blockers c.Disk wipers d.Write-blockers

9. A typical forensics lab should include all of the following EXCEPT?

a.Autopsy b.Old computers c.Older versions of forensics tools d.Old operating systems

10. Which of the following digital forensics tools require the MOST expertise?

a.Autopsy b.Linux ‘dd' command line tool c.OSForensics d.Encase

Answer 1

1. Correct Answer: d. MBR

Explanation: Master Boot Record (MBR) tells the system how the hard drive is partitioned and how the operating system is to be loaded. It has all the information about the disk partitioning.

2. Correct Answer: a. ADS

Explanation: Alternate data stream (ADS) is the feature of NTFS that has the ability to fork file data into existing files without affecting their functionalities. It contains metadata related to the files.

3. Correct Answer: c. EFS

Explanation: Encrypting File System (EFS) provides file-level encryption. It allows files to be encrypted transparently to protect confidential data from attackers that have access to the physical system.

4. Correct Answer: d. registry

Explanation: A registry stores the configuration information about the user, software and hardware on a Windows system. It can prove to be a stockpile of evidence of what, where, when and how something happened on the system.

5. Correct Answer: b. FAT 28

Explanation: FAT is a simple and robust file system, which was originally designed for small disk structures. It has three major versions: FAT 32, FAT 16 and FAT 12. (FAT 28 does not exist)

NTFS file system is secure and supports large files and hard drives.

6. Correct Answer: b. Obfuscation

Explanation: The necessary functions of digital forensics tools are acquisition, validation and discrimination, and extraction.

Obfuscation is a technique used to divert forensics examination tools

7. Correct Answer: c. NIST

Explanation: National Institute of Standards and Technology (NIST) promotes and maintains measurement standards, and also encourages in the development and usage of these standards.

8. Correct Answer: d. Write-blockers

Explanation: Write-blocker allows access to the evidences, without compromising its integrity.

9. Correct Answer: b. Old computers

Explanation: A typical forensics lab should include autopsy, operating system, and older versions of the forensics tools.

10. Correct Answer: b. Linux dd command line tool

Explanation: This tool is generally used to obtain the entire disk image of the hard drive, SD card, and other such devices.