Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exc65

examout.co

A FAT directory has as a logical size of:

A.

0 bytes

B.

One cluster

C.

128 bytes

D.

64 bytes

EnCase can build a hash set of a selected group of files.

A.

True

B.

False

4 bits allows what number of possibilities?

A.

16

B.

4

C.

2

D.

8

A standard Windows 98 boot disk is acceptable for booting a suspect drive.

A.

True

B.

False

Pressing the power button on a computer that is running could have which of the following results?

A.

The computer will instantly shut off.

B.

The computer will go into stand-by mode.

C.

Nothing will happen.

D.

All of the above could happen.

E.

The operating system will shut down normally.

When undeleting a file in the FAT file system, EnCase will check the _____________ to see if it has already been overwritten.

A.

data on the hard drive

B.

deletion table

C.

directory entry

D.

FAT

The case file should be archived with the evidence files at the termination of a case.

A.

True

B.

False

The EnCase evidence file is best described as:

A.

A clone of the source hard drive.

B.

A sector-by-sector copy of the source hard drive written to the corresponding sectors of the target hard drive.

C.

A bit stream image of the source hard drive written to a file, or several file segments.

D.

A bit stream image of the source hard drive written to the corresponding sectors of the target hard drive.

The Unicode system can address ____ characters?

A.

65,536

B.

16,384

C.

256

D.

1024

How does EnCase verify that the case information (Case Number, Evidence Number, Investigator Name, etc) in an evidence file has not been damaged or changed, after the evidence file has been written?

A.

a search of the physical disk in unallocated clusters and other unused disk areas

B.

a search of the logical files

C.

both a and b

D.

None of the above