AccessData Certified Examiner v3.0

Page:    1 / 4   
Exam contains 63 questions
Expand All

You have processed a case in FTK using all the default options. The investigator supplies you with a list of 400 names in an electronic format. What is the quickest way to search unallocated space for all of these names?

  • A. build a dtSearch string with all 400 names
  • B. create a Regular Expression with all the names
  • C. make an imported text file of the names in Live Search
  • D. use an imported text file containing the names in Indexed Search


Answer : D

Which pattern does the following regular expression recover?
(\d{4}[\- ]){3}\d{4}

  • A. 000-000-0000
  • B. ddd-4-3-dddd-4-3
  • C. 000-00000-000-ABC
  • D. 0000-0000-0000-0000


Answer : D

You examine evidence and flag several graphic images found in different folders. You now want to bookmark these items into a single bookmark. Which tab in FTK do you use to view only the flagged thumbnails?

  • A. Explore tab
  • B. Graphics tab
  • C. Overview tab
  • D. Bookmark tab


Answer : C

Click the Exhibit button.
What change do you make to the file filter shown in the exhibit in order to show only graphics with a logical size between 500 kilobytes and 10 megabytes?

  • A. You change all file status items to a red circle.
  • B. You change all file status items to a yellow triangle.
  • C. You make no change. The filter is correct as shown.
  • D. You change Graphics in the File Type column to a yellow triangle.


Answer : D

FTK uses Data Carving to find which three file types? (Choose three.)

  • A. JPEG files
  • B. Yahoo! Chat Archives
  • C. WPD (Word Perfect Documents)
  • D. Enhanced Windows Meta Files (EMF)
  • E. OLE Archive Files (Office Documents)


Answer : A,D,E

You are asked to process a case using FTK and to produce a report that only includes selected graphics. What allows you to display only flagged graphics?

  • A. List by File Path
  • B. List File Properties
  • C. Graphic Thumbnails
  • D. Supplementary Files


Answer : C

Which two options are available in the FTK Report Wizard? (Choose two.)

  • A. List by File Path
  • B. List File Properties
  • C. Include HTML File Listing
  • D. Include PRTK Output List


Answer : AB

Using the FTK Report Wizard, which two options are available in the List by File Path window? (Choose two.)

  • A. List File Properties
  • B. Export to the Report
  • C. Apply a Filter to the List
  • D. Include Registry Viewer Reports


Answer : BC

Using the FTK Report Wizard, which two options are available in the Bookmarks - A window? (Choose two.)

  • A. Apply a filter to the list
  • B. Group all filenames at end of report
  • C. Yes, include all graphics in the case
  • D. No, do not include a bookmark section
  • E. Export full-size graphics and link them to the thumbnails


Answer : D,E

In Registry Viewer, which steps initiate the Hex Interpreter?

  • A. highlight the data and select the Hex Value Interpreter tab
  • B. highlight the data, right-click on the highlighted data and select the Show Hex Interpreter Window
  • C. select the Hex Value Interpreter tab, highlight the data, right-click on the data to initiate the Hex Interpreter
  • D. right-click on the data area and select the Show Hex Interpreter Window and highlight the data you want to interpret


Answer : B

Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)

  • A. calculate MD5 hashes of individual keys
  • B. translate the MRUs in chronological order
  • C. present data stored in null terminated keys
  • D. present the date and time of each typed URL
  • E. View Protected Storage System Provider (PSSP) data


Answer : B,C,E

What are two functions of the Summary Report in Registry Viewer? (Choose two.)

  • A. adds individual key values
  • B. is a template for other registry files
  • C. displays investigator keyword search results
  • D. permits searching of registry values based on key headers


Answer : AB

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

  • A. Report
  • B. Special Reports
  • C. Summary Report
  • D. Add to Report With Children


Answer : C

You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes this task?

  • A. Common Areas
  • B. Generate Report
  • C. Define Summary Report
  • D. Manage Summary Reports


Answer : B

Which Registry Viewer function would allow you to automatically document multiple unknown user names?

  • A. Add to Report
  • B. Export User List
  • C. Add to Report with Children
  • D. Summary Report with Wildcard


Answer : D

Page:    1 / 4   
Exam contains 63 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy