General Digital Forensics MCQs

1. The files that provide helpful information to an e-mail investigation are log files and ____ files.

2. ____ increases the time and resources needed to extract, analyze, and present evidence.

3. ____ is a good tool for extracting information from large libpcap files.

4. A ____ is where you conduct your investigations, store evidence, and do most of your work.

5. Exchange logs information about changes to its data in a(n) ____ log.

6. Fre ____ describes whether the expert is qualified and whether the expert opinion can be helpful.

7. Most packet analyzer tools can read anything captured in ____ format.

8. Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.

9. When cases go to trial, you as a forensics examiner can play one of ____ roles.

10. You provide ____ testimony when you answer questions from the attorney who hired you.

11. One way to hide partitions is with the windows disk partition utility, ____.