EnCase Concepts - Review Questions
17 important questions on EnCase Concepts - Review Questions
The EnCase evidence file is best described as:
A. A mirror image of the source device written to a hard drive
B. A sector-by-sector image of the source device written to corresponding
sectors of a secondarhard drive
C. A bitstream image of a source device written to the corresponding sectors
of a secondary hard drive
D. A bitstream image of a source device written to a file or several file segments
hard drive, CD-ROM, or floppy disk written to a file (.E01) or several file
segments (.E02, .E03, etc.).
How does EnCase verify the contents of an evidence file?
A. EnCase writes an MD5 hash value for every 32 sectors copied.
B. EnCase writes an MD5 value for every 64 sectors copied.
C. EnCase writes a CRC value for every 32 sectors copied.
D. EnCase writes a CRC value for every 64 sectors copied.
the block size has been modified, the CRC frequency will be adjusted
accordingly.
What is the smallest file size that an EnCase evidence file can be saved as?
A. 64 sectors
B. 512 sectors
C. 1MB
D. 2MB
E. 640MB
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!
I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.
Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.
Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!
Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!
Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!
I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.
I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.
For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!
I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..
Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.
At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.
Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.
Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!
The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.
In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past
With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.
Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.
What is the largest file segment size that an EnCase evidence file can be saved as?
A. 640MB
B. 1GB
C. 2GB
D. No maximum limit
For an EnCase evidence file to successfully pass the file verification process,
which of the following must be true?
A. The MD5 hash value must verify.
B. The CRC values and the MD5 hash value both must verify.
C. Either the CRC or MD5 hash values must verify.
D. The CRC values must verify.
EnCase verifies both the CRC and MD5 hash values.
The MD5 hash algorithm is ___ hexadecimal characters in length.
A. 16
B. 32
C. 64
D. 128
If an evidence file has been added to a case and completely verified, what happens if the data area within the evidence file is later altered?
A. EnCase will detect the error when that area of the evidence file is accessed
by the user.
B. EnCase will detect the error if the evidence file is manually reverified.
C. EnCase will allow the examiner to continue to access the rest of the evidence
file that has not been changed.
D. All of the above.
unaffected areas of the evidence file.
Which of the following aspects of the EnCase evidence file can be changed
during a reacquire of the evidence file?
A. Investigator’s name
B. Evidence number
C. Notes
D. Evidence file size
E. All of the above
An evidence file was archived onto five CD-ROMs with the third file segment
on disc number 3. Can the contents of the third file segment be verified
by itself while still on the CD-ROM?
A. No. All evidence file segments must be put back together.
B. Yes. Any evidence file segment can be verified independently by comparing
the CRC values.
CRC values of the data blocks.
Will EnCase allow a user to write data into an acquired evidence file?
A. Yes, when adding notes or comments to bookmarks.
B. Yes, when adding search results.
C. A and B.
D. No, data cannot be added to the evidence file after the acquisition is made.
All investigators using EnCase should run tests on the evidence file
acquisition and verification process to:
A. Further the investigator’s understanding of the evidence file
B. Give more weight to the investigator’s testimony in court
C. Verify that all hardware and software is functioning properly
D. All of the above
to better understand how the tool performs and to verify that
it is functioning properly.
When a noncompressed evidence file is reacquired with compression, the
acquisition and verification hash values for the evidence file will remain
the same for both files.
A. True
B. False
Search hit results and bookmarks are stored in the evidence file.
A. True
B. False
The EnCase evidence file’s logical file name can be changed without affecting
the verification of the acquired evidence.
A. True
B. False
affecting the verification of the acquired evidence.
An evidence file can be moved to another directory without changing the file
verification.
A. True
B. False
What happens when EnCase attempts to reopen a case once the evidence file has been moved?
A. EnCase reports that the file’s integrity has been compromised and renders
the file useless.
B. EnCase reports a different hash value for the evidence file.
C. EnCase prompts for the location of the evidence file.
D. EnCase opens the case, excluding the moved evidence file.
will prompt for the new location of the evidence file.
During reacquisition, you may change which of the following? (Select all that are correct.)
A. Block size and Error granularity
B. Add or remove a password
C. Investigator’s name
D. Compression
E. File segment size
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding
