EnCase Environment - Review Questions
20 important questions on EnCase Environment - Review Questions
In the EnCase Windows environment, must an examiner first create a new case before adding a device to examine?
A. Yes
B. No
When EnCase 7 is used to create a new case, which files are created automatically in the case folder under the folder bearing the name of the case?
A. Evidence, Export, Temp, and Index folders
B. Export, Temp, and Index folders
C. Email, Export, Tags, and Temp
D. Evidence, Email, Tags, and Temp
have to be created manually by the user if the user opted to place it in this
location.
From the EnCase 7 Home screen, which of the following cannot be carried out?
A. Opening a case
B. Creating a new case
C. Opening options
D. Generating a encryption key
E. All of the above
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!
I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.
Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.
Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!
Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!
Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!
I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.
I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.
For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!
I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..
Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.
At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.
Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.
Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!
The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.
In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past
With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.
Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.
When creating a new case, the Case Options dialog box prompts for which of the following?
A. Name (case name)
B. Examiner name
C. Base case folder path
D. Primary evidence cache path
E. All of the above
case is created.
What determines the action that will result when a user double-clicks a file within EnCase?
A. The settings in the TEXTSTYLES.INI file
B. The settings in the FILETYPES.INI file
C. The settings in the FILESIGNATURES.INI file
D. The settings in the VIEWERS.INI file
determines which file types will be opened by which viewers upon
double-clicking or opening the file.
In the EnCase environment, the term external viewers is best described as which of the following?
A. Internal programs that are copied out of an evidence file
B. External programs loaded in the evidence file to open specific file types
C. External programs that are associated with EnCase to open specific file types
D. External viewers used to open a file that has been copied out of an evidence
file
and are configured by the user.
Where is the list of external viewers kept within EnCase?
A. The settings in the TEXTSTYLES.INI file
B. The settings in the FILETYPES.INI file
C. The settings in the XTERNALVIEWERS.CFG file
D. The settings in the VIEWERS.INI file
uses to open specific file types.
When EnCase sends a file to an external viewer, to which folder does it send the file?
A. Scratch
B. Export
C. Temp
D. None of the above
temp folder.
How is the Disk view launched?
A. By simply switching to the Disk view tab on the Table pane
B. By launching it from the Device menu
C. By right-clicking the device and choosing Open With Disk Viewer
D. None of the above
Which of the following is true about the Gallery view?
A. Files that are determined to be images by their file extension will be
displayed.
B. Files that are determined to be images based on file signature analysis will
be displayed after the EnCase evidence processor has been run.
C. Files displayed in the Gallery view are determined by where you place the
focus in the Tree pane or where you activate the Set-Included
Folders feature.D. All of the above.
True or false? The right-side menu is a collection of the menus and tools found on its toolbar.
A. True
B. False
toolbar to its left. It is akin to the content formerly found on the right-click
mouse button.
True or false? The results of conditions and filters are seen immediately in the Table pane of the Evidence tab Entries view.
A. True
B. False
view or tab.
How do you access the setting to adjust how often a backup file (.cbak) is saved?
A. Select Tools a Options a Case Options.
B. Select View a Options a Case Options.
C. Select Tools a Options a Global.
D. Select View a Options a Global.
menu bar, select Options, and then change the time in the Auto Save Minutes
box on the Global tab of the resulting dialog box.
What is the maximum number of columns that can be sorted simultaneously in the Table view tab?
A. Two
B. Three
C. Six
D. 28 (maximum number of tabs)
How would a user reverse-sort on a column in the Table view?
A. Hold down the Ctrl key, and double-click the selected column header.
B. Right-click the selected column, select Sort, and select either Sort Ascending
or Sort Descending.
C. Both A and B.
How can you hide a column in the Table view?
A. Place the cursor on the selected column, and press Ctrl+H.
B. Place cursor on the selected column, open Columns menu on the
toolbar, and select Hide.
C. Place cursor on the selected column, open the right-side menu, open
the Columns submenu, and select Hide.
D. Open the right-side menu, open the Columns submenu, select Show
Columns, and uncheck the desired fields to be hidden.
E. All of the above.
What does the Gallery view tab use to determine graphics files?
A. Header or file signature
B. File extension
C. Filename
D. File size
which is determined by the file extensions until such time that ta file
signature analysis is run.
Will the EnCase Gallery view display a .jpeg file if its file extension was renamed to .txt?
A. No, because EnCase will treat it as a text file
B. Yes, because the Gallery view looks at a file’s header information and not
the file extension
C. Yes, but only if a signature analysis is performed to correct the File
Category to Picture based on its file header information
D. Yes, but only after a hash analysis is performed to determine the file’s
true identity
the file category to Picture, in this particular case, based on the
information contained in the file header.
How would a user change the default colors and text fonts within EnCase?
A. The user cannot change the default colors and fonts settings.
B. The user can change the default colors and fonts settings by right-clicking
the selected items and scrolling down to Change Colors and Fonts.
C. The user can change the default colors and fonts settings by clicking
the View tab on the menu bar and selecting the Colors tab or Fonts tab.
D. The user can change default colors and fonts settings by clicking the Tools
Tools tab and the clicking Options to change colors and fonts.
An EnCase user will always know the exact location of the selected data
in the evidence file by looking at which of the following?
A. Navigation Data on status bar
B. Dixon box
C. Disk view
D. Hex view
data's exact location, including the full path, physical sector, logical sector
number, cluster number, sector offset, and file offset.
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding
