dumpspedia logo
When a document is printed using EMF in Windows, what file(s) are generated in the spooling process?
What files are reconfigured or deleted by EnCase during the creation of an EnCase boot disk?
You are at an incident scene and determine that a computer contains evidence as described in the search warrant. When you seize the computer, you should:
A hard drive has been formatted as NTFS and Windows XP was installed. The user used fdisk to remove all partitions from that drive. Nothing else was done. You have imaged the drive and have opened the evidence file with EnCase. What would be the best way to examine this hard drive?
An evidence file can be moved to another directory without changing the file verification.
The following GREP expression was typed in exactly as shown. Choose the answer(s) that would result. [\x00-\x05]\x00\x00\x00?[\x00-\x05]\x00\x00\x00
Consider the following path in a FAT file system: C:\My Documents\My Pictures\Bikes. Where does the directory bikes receive its name?
By default, EnCase will display the data from the end of a logical file, to the end of the cluster, in what color:
When a file is deleted in the FAT or NTFS file systems, what happens to the data on the hard drive?
The following keyword was typed in exactly as shown. Choose the answer(s) that would result. All search criteria have default settings. Tom Jones
When a non-compressed evidence file is reacquired with compression, the acquisition and verification hash values for the evidence will remain the same for both files.
In Windows, the file MyNote.txt is deleted from C Drive and is automatically sent to the recycle Bin. The long filename was MyNote.txt and the short filename was MYNOTE.TXT. When viewing the recycle Bin with EnCase, how will the long filename and short filename appear?
TESTED 07 May 2024