1. The __________________ is the version of pcap available for linux based operating systems.

2. Elements in a smartart graphic are grouped in ____.

3. In microsoft exchange, a(n) ____ file is responsible for messages formatted with mapi.

4. In facebook the ____ info simply tells you the last time a person logged on.

5. In order to retrieve logs from exchange, the powershell cmdlet _______________________ can be used.

6. A judge _____ accept(s) the challenges put forth by attorneys regarding jury selection.

7. To complete a forensic disk analysis and examination, you need to create a ____.

8. Software forensics tools are commonly used to copy data from a suspects disk drive to a(n) ____.

9. After the evidence has been presented in a trial by jury, the jury must deliver a(n) _______.

10. A ____ is a column of tracks on two or more disk platters.

11. Details concerning the average age, sex, and income of a magazine's readership are known as _____.

12. Families operate as a _____________ where members interact with one another to form a whole.

13. The specificity of microcrystalline tests is ________ the specificity of color tests.

14. Cases of arson, assault, and murder of homosexuals __________ in the 1990s.

15. Exchange logs information about changes to its data in a(n) ____ log.

16. Some popular web-based e-mail service providers are gmail, ____, outlook online, and yahoo!

17. Winhex provides several hashing algorithms, such as md5 and ____.

18. The ____ digital network, a faster version of gsm, is designed to deliver data.

19. Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.

20. If you cant open a graphics file in an image viewer, the next step is to examine the files ____.

21. Candidates who complete the iacis test successfully are designated as a _______.

22. ____ alters hash values, which makes cracking passwords more difficult.

23. Analog footage can be digitized using video _____ equipment.

24. To view e-mail headers on yahoo! click the ____ list arrow, and click view raw message.

25. The most important laws applying to attorneys and witnesses are the ____.

26. The ______________ imaging tool produces three proprietary formats: idif, irbf, and ieif.

27. The _____________ format is a proprietary format used by adobe photoshop.

28. A _______ is not a private sector organization.

29. A ____ differs from a trial testimony because there is no jury or judge.

30. Fre ____ describes whether the expert is qualified and whether the expert opinion can be helpful.

31. Within windows vista and later, partition gaps are _____________ bytes in length.

32. When cases go to trial, you as a forensics examiner can play one of ____ roles.

33. Validate your tools and verify your evidence with ____ to ensure its integrity.

34. The term for detecting and analyzing steganography files is _________________.

35. The prodiscover utility makes use of the proprietary _______________ file format.

36. The lempel-ziv-welch (lzw) algorithm is used in _____________ compression.

37. The _______________ format is an image format produced by the nuance paperport scanning program.

38. The _______ is not one of the three stages of a typical criminal case.

39. The _______ command was developed by nicholas harbour of the defense computer forensics laboratory.

40. The ____ is the most important part of testimony at a trial.

41. Signed into law in 1973, the _______ was/were created to ensure consistency in federal proceedings.

42. One of the most noteworthy e-mail scams was 419, otherwise known as the _______________.

43. In a prefetch file, the application's last access date and time are at offset ____.

44. If practical, _______ team(s) should collect and catalog digital evidence at a crime scene or lab.

45. If a microphone is present during your testimony, place it ____ to eight inches from you.

46. How you format _____________ is less important than being consistent in applying formatting.

47. For exif jpeg files, the hexadecimal value starting at offset 2 is _____________.

48. Ext4f can support disk partitions as large as ____ tb.

49. Criminal law deals with harm to __________, whereas civil law involves harm to __________.

50. Blu-ray discs are the successor to the dvd and store up to __________ per layer.

51. Autopsy uses ____ to validate an image.

52. An evidence custody form does not usually contain _______.

53. A(n) _______________ acts as an evidence locker or safe to preserve the integrity of evidence.

54. ____, or mirrored striping with parity, is a combination of raid 1 and raid 5.

55. _______ is not recommended for a digital forensics workstation.

56. _______ is not one of the functions of the investigations triad.

57. _______ describes an accusation of fact that a crime has been committed.

58. _______ can be used with the dcfldd command to compare an image file to the original medium.

59. Current distributions of linux include two hashing algorithm utilities: md5sum and ____.

60. Fre ____ describes whether basis for the testimony is adequate.

61. Forensics tools such as ____ can retrieve deleted files for use as evidence.

62. One technique for extracting evidence from large systems is called ____.

63. Generally, digital records are considered admissible if they qualify as a ____ record.

64. _______ is a common cause for lost or corrupted evidence.

65. There are two types of depositions: ____ and testimony preservation.

66. Computer forensics examiners have two roles: fact witness and ____ witness.

67. Addresses that allow the mft to link to nonresident files are known as _______________.

68. A(n) ____ is a person using a computer to perform routine tasks other than systems administration.

69. _______ is the utility used by the prodiscover program for remote access.

70. _______ does not recover data in free or slack space.

71. ____ is a written list of objections to certain testimony or exhibits.

72. Courts consider evidence data in a computer as ____ evidence.

73. ____ is a core win32 subsystem dll file.

74. The simplest way to access a file header is to use a(n) ____ editor

75. The physical data copy subfunction exists under the ______________ function.

76. Most users rely on ____ for finding, viewing, and managing information on their computers.

77. Compared to todays computers, computers from the 1970s were ________

78. ____ is a session data probe, collector, and analysis tool.

79. The ____ is where directories and files are stored on a disk drive.

80. The linux command _____ can be used to write bit-stream data to files.

81. Using steganography to hide a message inside a larger message is known as __________.

82. Attorneys search ____ for information on expert witnesses.

83. Passwords are typically stored as one-way _____________ rather than in plaintext.

84. Hard drives that run __________ address blocks, or integer multiples of blocks, at a time.

85. Getting a hash value with a ____ is much faster and easier than with a(n) ____.

86. Confidential business data included with the criminal evidence are referred to as ____ data.

87. _______ would not be found in an initial-response field kit.

88. _______ describes the characteristics of a safe storage container.