Demo Questions

Question 1

The EnCase default export folder is:

  • A: A case-specific setting that cannot be changed.
  • B: A case-specific setting that can be changed.
  • C: A global setting that can be changed.
  • D: A global setting that cannot be changed.
Question 2

Hash libraries are commonly used to:

  • A: Compare a file header to a file extension.
  • B: Identify files that are already known to the user.
  • C: Compare one hash set with another hash set.
  • D: Verify the evidence file.
Question 3

Which is the proper formula for determining the size in bytes of a hard drive that uses cylinders (C), heads (H), and sectors (S) geometry?

  • A: C X H + S
  • B: C X H X S + 512
  • C: C X H X S X 512
  • D: C X H X S
Question 4

Within EnCase, clicking on Save on the toolbar affects what file(s)?

  • A: The evidence files
  • B: The open case file
  • C: The configuration .ini files
  • D: All of the above
Question 5

EnCase uses the _________________ to conduct a signature analysis.

  • A: file signature table
  • B: hash library
  • C: file Viewers
  • D: Both a and b
Question 6

EnCase is able to read and examine which of the following file systems?

  • A: NTFS
  • B: EXT3
  • C: FAT
  • D: HFS
Question 7

ROM is an acronym for:

  • A: Read Open Memory
  • B: Random Open Memory
  • C: Read Only Memory
  • D: Relative Open Memory
Question 8

If a floppy diskette is in the drive, the computer will always boot to that drive before any other device.

  • A: False
  • B: True
Question 9

A standard Windows 98 boot disk is acceptable for booting a suspect drive.

  • A: True
  • B: False
Question 10

Search terms are case sensitive by default.

  • A: False
  • B: True