FTK Imager can read a Norton Ghost Compressed Image file - ANSWER False
FTK Imager can image individual files - ANSWER False
FTK Imager can read a Norton Ghost Uncompressed File - ANSWER True
FTK Imager is a wri
...
FTK Imager can read a Norton Ghost Compressed Image file - ANSWER False
FTK Imager can image individual files - ANSWER False
FTK Imager can read a Norton Ghost Uncompressed File - ANSWER True
FTK Imager is a write blocking device/software - ANSWER False. (It will not directly write to a suspect device but windows may)
Using FTK Imager, if you convert and EO1 to Raw (or vis versa), the Hashes would match. - ANSWER True
Name 3 image file types that allow compression. - ANSWER E01, S01, AD01
Why would FTK imager indicate drive numbers, 1,2,3, and 5? - ANSWER 5 and above indicates an extended partition. 1-4 indicates Primary partitions.
When exporting a file from Imager, the time and date stamps of the exported file will not match those of the file in the original image. - ANSWER False. Imager will use the original times and dates for the file it exports.
When you export a file hashlist from Imager, the files go out into a plain text file. - ANSWER False. They go into a CSV (comma separated values) file.
What function would you use in FTK Imager to automatically grab commonly used files from the registry? - ANSWER Obtain Protected Files
FTK Imager can hash or image files that are in use by the operating system. - ANSWER True.
In PRTK which type of attack uses word lists? - ANSWER Dictionary Attack
Name three attack types in PRTK - ANSWER Decryption, Keyspace, Password Reset.
Where can a user determine what type of attacks can be run on a file. - ANSWER Help -> Recovery Module
What is the most successful method for password recovery. - ANSWER AD Decryption. (Instant)
What 3 parts comprise an attack profile? - ANSWER Languages, Dictionaries, Levels.
What happens to a file's hash value when it is decrypted - ANSWER It changes.
How would you view all the graphics in a case in FTK - ANSWER Select the root of the evdence tree and enable the quick picks for it.
The AD01 format has embeded hash data for hash verficaiton - ANSWER false
[Show More]
