Review Questions

1. When running a signature analysis, EnCase will do which of the following?

A. Compare a file’s header to its hash value.

B. Compare a file’s header to its file signature.

C. Compare a file’s hash value to its file extension.

D. Compare a file’s header to its file extension.

2. A file header is which of the following?

A. A unique set of characters at the beginning of a file that identifies the file type.

B. A unique set of characters following the filename that identifies the file type.

C. A 128-bit value that is unique to a specific file based on its data.

D. Synonymous with file extension.

3. The Windows operating system uses a filename’s ______________ to associate files with the proper applications.

A. signature

B. MD5 hash ...

Get EnCE EnCase Computer Forensics: The Official EnCase Certified Examiner Study Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial