Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

AccessData A30-327 - AccessData Certified Examiner

AccessData A30-327 Premium Access     Download Demo    
Page: 2 / 2
Total 60 questions

Which two statements are true? (Choose two.)

A.

PRTK can recover Windows logon passwords.

B.

PRTK must run in conjunction with DNA workers to decrypt EFS files.

C.

PRTK and FTK must be installed on the same machine to decrypt EFS files.

D.

EFS files must be exported from a case and provided to PRTK for decryption.

FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

A.

E01

B.

Ghost

C.

SMART

D.

SafeBack

Which statement is true about Processes to Perform in FTK?

A.

Processing options can be chosen only when adding evidence.

B.

Processing options can be chosen during or after adding evidence.

C.

Processing options can be chosen only after evidence has been added.

D.

If processing is not performed while adding evidence, the case must be started again.

Which three items are contained in an Image Summary File using FTK Imager? (Choose

three.)

A.

MD5

B.

CRC

C.

SHA1

D.

Sector Count

E.

Cluster Count

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

A.

FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

B.

FTK Imager can operate from a USB drive, thus preventing writes to suspect media.

C.

FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.

D.

FTK Imager should always be used in conjunction with a hardware write protect device to

prevent writes to suspect media.

Into which two categories can an imported hash set be assigned? (Choose two.)

A.

alert

B.

ignore

C.

contraband

D.

system files

During the execution of a search warrant, you image a suspect drive using FTK Imager and store the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for storage. How do you verify that the information stored on the server is unaltered?

A.

open and view the Summary file

B.

load the image into FTK and it automatically performs file verification

C.

in FTK Imager, use the Verify Drive/Image function to automatically compare a calculated hash with a stored hash

D.

use FTK Imager to create a verification hash and manually compare that value to the value stored in the Summary file

You are asked to process a case using FTK and to produce a report that only includes selected graphics. What allows you to display only flagged graphics?

A.

List by File Path

B.

List File Properties

C.

Graphic Thumbnails

D.

Supplementary Files