Computer Science > QUESTIONS & ANSWERS > Murdoch University ICT 378 Personal Exam Notes-QUESTIONS WITH VERIFIED ANSWERS (All)

Murdoch University ICT 378 Personal Exam Notes-QUESTIONS WITH VERIFIED ANSWERS

Document Content and Description Below

Data Acquisition Discuss one advantage and one disadvantage of the raw format? Advantages: Faster data transfer speeds, Ignore minor data errors and most forensics can be used to read it Disadvant ... ages: Requires equal or greater target disk space, Might have to run a separate hash program to validate raw formatted and might not collect marginal (bad) blocks Advantages and Disadvantages of Proprietary format: A: Intelligent acquisition saves space, features to manipulate the image, e.g. splitting it and can include metadata and case details D: Locked in to using only 1 tool (ILookIX) and Software limitations, like file size limits of up to 2GB With remote acquisitions, what problems should you be aware of? 1. Antivirus 2. Antispyware 3. Firewall programs - Antivirus, antispyware, and firewall tools can be configured to ignore remote access programs - Suspects could easily install their own security tools that trigger an alarm to notify them of remote access intrusions Compare and contrast the terms BITSTREAM COPY and FILE BACKUP COPY. File backup copy: Backup software only copies known files (active data), also modifies the timestamps of data, contaminating the timeline Bitstream copy: Backup software cannot copy deleted files, email messages or recover file fragments, but a bitstream copy is able to. c) Describe a Linux command line tool that would enable you to create a raw image of a drive, and highlight a key advantage of using this particular tool.File System The following questions all refer to the topic of File Systems: a) What is the role of a file system? Gives OS a road map to data on a disk Component of the operating system charged with managing files b) What are some of the most commonly used file systems utilized on a modern Windows based PC? 1. NTFS 2. FAT c) Explain what the initials FAT and MFT stand for and how these relate to the two file systems respectively d) List two features NTFS has that FAT does not. 1. Unicode characters 2. Security 3. Journaling e) In Windows 7 and later, how much data from RAM is loaded into RAM slack on a disk drive? No data from RAM is copied to the RAM slack on a disk drive. f) List two items stored in the FAT database 1. File and directory names 2. Starting cluster numbers [Show More]

Last updated: 3 years ago

Preview 1 out of 10 pages

Buy Now

Instant download

We Accept: