Question 1

________ links are simply pointers to other files and aren't included in the link count.​

Accepted Answer

The answer of ________ links are simply pointers to other...

Question 2

Match each term with its definition:
-?A key part of the Linux file system, these informatuin nodes contain descriptive file or directory data, such as UIDS, GIDs, modification times, access times, creation times, and file locations.

Accepted Answer

A)  B*-tree
B)  data block
C)  logical block
D)  inodes
E)  Volume Control BlockF) Allocation BlockG) header nodeH) data forkI) superblockJ) resource fork

Question 3

Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.​

Accepted Answer

A)  ​dd
B)  ​fdisk
C)  badblocks
D)  mke2fs

Question 4

After making an acquisition on a Mac computer, the next step is examining the image of the ﬁle system with a forensics tool. ​Explain how to select the proper forensics tool for the task.

Accepted Answer

After making an acquisition, the next st...

Question 5

In UNIX and Linux, everything except monitors are considered files.​

Accepted Answer

A) True 
 B)False

Question 6

Adding the _____________ flag to the ​ls -l command has the effect of of showing all files beginning with the "." character in addition to other files.

Accepted Answer

A)  -s​
B)  ​-d
C)  -l
D)  -a D

Question 7

Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.​

Accepted Answer

A) True 
 B)False

Question 8

________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.​

Accepted Answer

A)  ​AccessData FTK
B)  ​X-Ways Forensics
C)  Guidance Software EnCase
D)  Foremost

Question 9

​On Mac OS X systems, what utility can be used to encrypt ​/ decrypt a user's home directory?

Accepted Answer

A)  ​Disk Utility
B)  ​BitLocker
C)  FileVault
D)  iCrypt

Question 10

What are bad blocks, and how do you find them?​

Accepted Answer

Some forensics tools ignore inode 1 and fail to recover valuable data for cases. Someone trying to mislead an investigator can access the bad block inode, list good sectors in it, and then hide information in these supposedly "bad" sectors.
To ﬁnd bad blocks on your Linux computer, you can use the badblocks command, although you must log in as root to do so. Linux includes two other commands that supply bad block information: mke2fs and e2fsck. The badblocks command can destroy valuable data, but the mke2fs and e2fsck commands include safeguards that prevent them from overwriting important information.

Question 11

​________________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.

Accepted Answer

A)  ​Blocks
B)  ​Clusters
C)  Inodes
D)  Plist files

Question 12

A hash that begins with "$6" in the shadow file indicates that it is a hash from what hashing algorithm? ​

Accepted Answer

A)  ​MD5
B)  ​Blowfish
C)  SHA-1
D)  SHA-512

Question 13

UNIX and Linux ​have four components defining the file system. Identify and give a brief description of each.

Accepted Answer

UNIX​/ Linux has four components definin...

Question 14

Match each term with its definition:
-?A node that stores information about B*-tree file.

Accepted Answer

A)  B*-tree
B)  data block
C)  logical block
D)  inodes
E)  Volume Control BlockF) Allocation BlockG) header nodeH) data forkI) superblockJ) resource fork

Question 15

Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.​

Accepted Answer

To examine a Mac computer, you need to m...

Question 16

Match each term with its definition:
-?A block in the Linux file system that specifies and keep tracks of the disk geometry and available space and manages the file system.

Accepted Answer

A)  B*-tree
B)  data block
C)  logical block
D)  inodes
E)  Volume Control BlockF) Allocation BlockG) header nodeH) data forkI) superblockJ) resource fork I

Question 17

Where is the root user's home directory located on a Mac OS X file system?​

Accepted Answer

A)  ​​/ root
B)  ​​/ private​/ var​/ root
C)  ​/ private​/ spool​/ root
D)  ​/ home​/ root

Question 18

Within the ​/ etc​/ shadow file, what field contains the password hash for a user account if one exists?​

Accepted Answer

A)  ​1st field
B)  ​2nd field
C)  3rd field
D)  4th field

Question 19

Linux is a certified UNIX operating system.​

Accepted Answer

A) True 
 B)False

Question 20

Explain the differences between a hard link and a symbolic link.​

Accepted Answer

A hard link is a pointer that allows acc...

Exam 7: Macintosh and Linux Boot Processes and File Systems

________ links are simply pointers to other files and aren't included in the link count.

Correct Answer
verified

Match each term with its definition: -?A key part of the Linux file system, these informatuin nodes contain descriptive file or directory data, such as UIDS, GIDs, modification times, access times, creation times, and file locations.

Correct Answer
verified

Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.

Correct Answer
verified

After making an acquisition on a Mac computer, the next step is examining the image of the ﬁle system with a forensics tool. Explain how to select the proper forensics tool for the task.

Correct Answer
verified
After making an acquisition, the next st...
View Answer

In UNIX and Linux, everything except monitors are considered files.

Correct Answer
verified

Adding the _____________ flag to the ls -l command has the effect of of showing all files beginning with the "." character in addition to other files.

Correct Answer
verified
D

Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.

Correct Answer
verified

________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.

Correct Answer
verified

On Mac OS X systems, what utility can be used to encrypt / decrypt a user's home directory?

Correct Answer
verified

What are bad blocks, and how do you find them?

________________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.

Correct Answer
verified

A hash that begins with "$6" in the shadow file indicates that it is a hash from what hashing algorithm?

Correct Answer
verified

UNIX and Linux have four components defining the file system. Identify and give a brief description of each.

Correct Answer
verified
UNIX/ Linux has four components definin...
View Answer

Match each term with its definition: -?A node that stores information about B*-tree file.

Correct Answer
verified

Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.

Correct Answer
verified
To examine a Mac computer, you need to m...
View Answer

Match each term with its definition: -?A block in the Linux file system that specifies and keep tracks of the disk geometry and available space and manages the file system.

Correct Answer
verified
I

Where is the root user's home directory located on a Mac OS X file system?

Correct Answer
verified

Within the / etc/ shadow file, what field contains the password hash for a user account if one exists?

Correct Answer
verified

Linux is a certified UNIX operating system.

Correct Answer
verified

Explain the differences between a hard link and a symbolic link.

Correct Answer
verified
A hard link is a pointer that allows acc...
View Answer

Exam 7: Macintosh and Linux Boot Processes and File Systems

________ links are simply pointers to other files and aren't included in the link count.​

Correct AnswerverifiedShow Answer

Match each term with its definition: -?A key part of the Linux file system, these informatuin nodes contain descriptive file or directory data, such as UIDS, GIDs, modification times, access times, creation times, and file locations.

Correct AnswerverifiedShow Answer

Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.​

Correct AnswerverifiedShow Answer

After making an acquisition on a Mac computer, the next step is examining the image of the ﬁle system with a forensics tool. ​Explain how to select the proper forensics tool for the task.

Correct AnswerverifiedAfter making an acquisition, the next st...View AnswerShow Answer

In UNIX and Linux, everything except monitors are considered files.​

Correct AnswerverifiedShow Answer

Adding the _____________ flag to the ​ls -l command has the effect of of showing all files beginning with the "." character in addition to other files.

Correct AnswerverifiedD

Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.​

Correct AnswerverifiedShow Answer

________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.​

Correct AnswerverifiedShow Answer

​On Mac OS X systems, what utility can be used to encrypt ​/ decrypt a user's home directory?

Correct AnswerverifiedShow Answer

What are bad blocks, and how do you find them?​

​________________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.

Correct AnswerverifiedShow Answer

A hash that begins with "$6" in the shadow file indicates that it is a hash from what hashing algorithm? ​

Correct AnswerverifiedShow Answer

UNIX and Linux ​have four components defining the file system. Identify and give a brief description of each.

Correct AnswerverifiedUNIX​/ Linux has four components definin...View AnswerShow Answer

Match each term with its definition: -?A node that stores information about B*-tree file.

Correct AnswerverifiedShow Answer

Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.​

Correct AnswerverifiedTo examine a Mac computer, you need to m...View AnswerShow Answer

Match each term with its definition: -?A block in the Linux file system that specifies and keep tracks of the disk geometry and available space and manages the file system.

Correct AnswerverifiedI

Where is the root user's home directory located on a Mac OS X file system?​

Correct AnswerverifiedShow Answer

Within the ​/ etc​/ shadow file, what field contains the password hash for a user account if one exists?​

Correct AnswerverifiedShow Answer

Linux is a certified UNIX operating system.​

Correct AnswerverifiedShow Answer

Explain the differences between a hard link and a symbolic link.​

Correct AnswerverifiedA hard link is a pointer that allows acc...View AnswerShow Answer

________ links are simply pointers to other files and aren't included in the link count.

Correct Answer
verified

Correct Answer
verified

Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.

Correct Answer
verified

After making an acquisition on a Mac computer, the next step is examining the image of the ﬁle system with a forensics tool. Explain how to select the proper forensics tool for the task.

Correct Answer
verified
After making an acquisition, the next st...
View Answer

In UNIX and Linux, everything except monitors are considered files.

Correct Answer
verified

Adding the _____________ flag to the ls -l command has the effect of of showing all files beginning with the "." character in addition to other files.

Correct Answer
verified
D

Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.

Correct Answer
verified

________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.

Correct Answer
verified

On Mac OS X systems, what utility can be used to encrypt / decrypt a user's home directory?

Correct Answer
verified

What are bad blocks, and how do you find them?

________________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.

Correct Answer
verified

A hash that begins with "$6" in the shadow file indicates that it is a hash from what hashing algorithm?

Correct Answer
verified

UNIX and Linux have four components defining the file system. Identify and give a brief description of each.

Correct Answer
verified
UNIX/ Linux has four components definin...
View Answer

Correct Answer
verified

Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.

Correct Answer
verified
To examine a Mac computer, you need to m...
View Answer

Correct Answer
verified
I

Where is the root user's home directory located on a Mac OS X file system?

Correct Answer
verified

Within the / etc/ shadow file, what field contains the password hash for a user account if one exists?

Correct Answer
verified

Linux is a certified UNIX operating system.

Correct Answer
verified

Explain the differences between a hard link and a symbolic link.

Correct Answer
verified
A hard link is a pointer that allows acc...
View Answer