Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

In FTK, which tab provides specific information on the evidence items, file items, file status and file category?

A.

E-mail tab

B.

Explore tab

C.

Overview tab

D.

Graphics tab

What are three types of evidence that can be added to a case in FTK? (Choose three.)

A.

local drive

B.

registry MRU list

C.

contents of a folder

D.

acquired image of a drive

E.

compressed volume files (CVFs)

Which file should be selected to open an existing case in FTK?

A.

ftk.exe

B.

case.ini

C.

case.dat

D.

isobuster.dll

You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry. How do you accomplish this using PRTK?

A.

You drop the SAM file onto the PRTK interface.

B.

You drop the NTUSER.dat file onto the PRTK interface.

C.

You use the PSSP Attack Marshal from Registry Viewer.

D.

This area can not be accessed with PRTK as it is a registry file.

During the execution of a search warrant, you image a suspect drive using FTK Imager and store the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for storage. How do you verify that the information stored on the server is unaltered?

A.

open and view the Summary file

B.

load the image into FTK and it automatically performs file verification

C.

in FTK Imager, use the Verify Drive/Image function to automatically compare a calculated hash with a stored hash

D.

use FTK Imager to create a verification hash and manually compare that value to the value stored in the Summary file

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

A.

E01

B.

Ghost

C.

SMART

D.

SafeBack

In FTK, which search broadening option allows you to find grammatical variations of the word "kill" such as "killer," "killed," and "killing"?

A.

Phonic

B.

Synonym

C.

Stemming

D.

Fuzzy Logic

You are using FTK to process e-mail files. In which two areas can E-mail attachments be

located? (Choose two.)

A.

the E-mail tab

B.

the From E-mail container in the Overview tab

C.

the Evidence Items container in the Overview tab

D.

the E-mail Messages container in the Overview tab