Questions and Answers
Which one of the following might leave behind 'footprints' if the computer is not shut down gracefully?
The appearance of a conflict of interest:
After the conclusion of any criminal trial, if it becomes evident that an appeal is not possible, all contraband must be destroyed.
True
The NTFS file system stores information about the location of files, file names, and so forth in the ______.
Signup and view all the answers
A DoD approved disk wiping utility works by instructing the hard disk controller to apply a strong magnetic field to the disk surface, thereby electronically erasing the information from the disk.
Signup and view all the answers
In the Windows operating systems, deleting a file from the Recycle Bin performs which of the following actions on the data stored on the surface of the medium?
Signup and view all the answers
Which of the following is an example of an individual characteristic of a 4th Generation iPod Classic?
Signup and view all the answers
Which of the following utilities was native to the Linux operating system and can be used to do string searches across multiple directories?
Signup and view all the answers
What type of documents is an attorney trying to protect by filing a motion to have certain documents withheld from the discovery process?
Signup and view all the answers
In the NTFS file system, how many versions of a file name are maintained?
Signup and view all the answers
What is the name for the technique that allows an investigator to dig out certain types of files from unallocated space by identifying the header of that file type and copying all of the information between the head and a valid end of file marker?
Signup and view all the answers
Study Notes
Temporary Files and Their Impact
- Temporary files generated by operating systems may leave behind "footprints" if not shut down properly, including autosave, print spooler, and undo files.
Conflict of Interest
- The presence of a conflict of interest can undermine the perceived integrity of an analyst's testimony in legal cases.
Contraband After Trial
- All contraband must be destroyed once it is determined that no appeal is possible after a criminal trial conclusion.
NTFS File System
- The NTFS file system uses a Master File Table (MFT) to store crucial information about file locations and names.
Disk Wiping Utilities
- DoD approved disk wiping utilities do not erase information by applying a magnetic field to the disk; that method is incorrect.
File Deletion in Windows
- Deleting a file from the Recycle Bin only resets the allocation marker on the data, leaving it intact on the storage medium.
Individual Characteristics in Evidence
- Characteristics that uniquely identify an item include specific details like the number of songs (6,240) and a cracked screen cover of the iPod Classic.
Linux Utility for String Searches
- GREP is the native Linux utility used for performing string searches across multiple directories.
Documents Protected as Work Product
- Work product doctrine protects documents prepared by legal teams in anticipation of litigation from being disclosed during the discovery process.
File Naming in NTFS
- NTFS maintains two versions of a file name: the user-defined name and a compatible MS-DOS version.
Data Recovery Techniques
- Data carving is a technique used to recover specific types of files from unallocated space by identifying file headers and copying data to a valid end-of-file marker.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on key concepts from chapters 6 to 8 with our flashcards. This quiz covers various topics including operating systems and conflict of interest. Review essential definitions and scenarios to enhance your understanding.
