AccessData A30-327 Free Practice Questions

NEW QUESTION 1
When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

• A. Report
• B. Special Reports
• C. Summary Report
• D. Add to Report With Children

Answer: AB

Explanation:
Which two options are available in the FTK Report Wizard? (Choose two.)
A. List by File Path
B. List File Properties
C. Include HTML File Listing
D. Include PRTK Output List

NEW QUESTION 2
In FTK, which search broadening option allows you to find grammatical variations of the word "kill" such as "killer," "killed," and "killing"?

• A. Phonic
• B. Synonym
• C. Stemming
• D. Fuzzy Logic

Answer: C

NEW QUESTION 3
In FTK, which tab provides specific information on the evidence items, file items, file status and file category?

• A. E-mail tab
• B. Explore tab
• C. Overview tab
• D. Graphics tab

Answer: C

NEW QUESTION 4
Click the Exhibit button.
You need to search for specific data that are located in a Microsoft Word document. You do not know the exact spelling of this datA. Using the Index Search Options as displayed in the exhibit, which changes do you make in the Broadening Options and Search Limiting Options containers?

• A. check the Fuzzy box;check the File Name Pattern box; type *.doc in the pattern container
• B. check the Stemming box; check the File Name Pattern box; type *.doc in the pattern container
• C. check the Synonym box; check the File Name Pattern box; type *.doc in the pattern container
• D. check the Stemming box; check the File Name Pattern box;type %.doc in the pattern container

Answer: A

NEW QUESTION 5
During the execution of a search warrant, you image a suspect drive using FTK Imager and store the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for storage. How do you verify that the information stored on the server is unaltered?

• A. open and view the Summary file
• B. load the image into FTK and it automatically performs file verification
• C. in FTK Imager, use the Verify Drive/Image function to automatically compare a calculatedhash with a stored hash
• D. use FTK Imager to create a verification hash and manually compare that value to the valuestored in the Summary file

Answer: D

NEW QUESTION 6
What are three types of evidence that can be added to a case in FTK? (Choose three.)

• A. local drive
• B. registry MRU list
• C. contents of a folder
• D. acquired image of a drive
• E. compressed volume files (CVFs)

Answer: ACD

NEW QUESTION 7
You successfully export and create a file hash list while using FTK Imager. Which three pieces of information are included in this file? (Choose three.)

• A. MD5
• B. SHA1
• C. filename
• D. record date
• E. date modified

Answer: ABC

NEW QUESTION 8
After creating a case, the Encrypted Files container lists EFS files. However, no decrypted
sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)

• A. SAM
• B. system
• C. SECURITY
• D. Master Key
• E. FEK Certificate

Answer: AB

NEW QUESTION 9
When previewing a physical drive on a local machine with FTK Imager, which statement is true?

• A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
• B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
• C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
• D. FTK Imager should always be used in conjunction with a hardware write protect device toprevent writes to suspect media.

Answer: D

NEW QUESTION 10
You have processed a case in FTK using all the default options. The investigator supplies you with a list of 400 names in an electronic format. What is the quickest way to search
unallocated space for all of these names?

• A. build a dtSearch string with all 400 names
• B. create a Regular Expression with all the names
• C. make an imported text file of the names in Live Search
• D. use an imported text file containing the names in Indexed Search

Answer: D

NEW QUESTION 11
To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

• A. image file
• B. currently booted drive
• C. server object settings
• D. profile access control list

Answer: B

NEW QUESTION 12
You are asked to process a case using FTK and to produce a report that only includes selected graphics. What allows you to display only flagged graphics?

• A. List by File Path
• B. List File Properties
• C. Graphic Thumbnails
• D. Supplementary Files

Answer: C

NEW QUESTION 13
While analyzing unallocated space, you locate what appears to be a 64-bit Windows date and
time. Which FTK Imager feature allows you display the information as a date and time?

• A. INFO2 Filter
• B. Base Converter
• C. Metadata Parser
• D. Hex Value Interpreter

Answer: D

NEW QUESTION 14
Click the Exhibit button.
When decrypting EFS files in a case, you receive the result shown in the exhibit. What is the most plausible explanation for this result?

• A. The encrypted file was corrupt.
• B. A different user encrypted the remaining encrypted file.
• C. The hash value of the remaining encrypted file did not match.
• D. The remaining encrypted file had previously been bookmarked.
• E. An incorrect CRC value for the $EFS certificate was applied by the user.

Answer: B

NEW QUESTION 15
Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)

• A. calculate MD5 hashes of individual keys
• B. translate the MRUs in chronological order
• C. present data stored in null terminated keys
• D. present the date and time of each typed URL
• E. View Protected Storage System Provider (PSSP) data

Answer: BCE

NEW QUESTION 16
You used FTK Imager to create several hash list files. You view the location where the files were exported. What is the file extension type for these files?

• A. .txt = ASCII Text File
• B. .dif = Data Interchange Format
• C. .prn = Formatted Text Delimited
• D. .csv = Comma Separated Values

Answer: D

NEW QUESTION 17
FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

• A. E01
• B. Ghost
• C. SMART
• D. SafeBack

Answer: AC

NEW QUESTION 18
What are two functions of the Summary Report in Registry Viewer? (Choose two.)

• A. Mastered
• B. Not Mastered

Answer: A

NEW QUESTION 19
When adding data to FTK, which statement about DriveFreeSpace is true?

• A. Mastered
• B. Not Mastered

Answer: A

NEW QUESTION 20
Which pattern does the following regular expression recover?
(d{4}[- ]){3}d{4}

• A. 000-000-0000
• B. ddd-4-3-dddd-4-3
• C. 000-00000-000-ABC
• D. 0000-0000-0000-0000

Answer: D

NEW QUESTION 21
In FTK, when you view the Total File Items container (rather than the Actual Files container), why are there more items than files?

• A. Total File Items includes files that are in archive files, while Actual Files does not.
• B. Total File Items includes all unfiltered files while Actual Files includes only checked files.
• C. Total File Items includes all KFF Ignorables while Actual Files includes only the KFF Alerts.
• D. Total File Items includes files that are in the Graphics and E-Mail tabs, while Actual Files only includes files in the Graphics tab while excluding attachments in the E-mail tab.

Answer: A

NEW QUESTION 22
......