Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

AccessData A30-327 - AccessData Certified Examiner

AccessData A30-327 Premium Access     Download Demo    
Page: 1 / 2
Total 60 questions

You used FTK Imager to create several hash list files. You view the location where the files

were exported. What is the file extension type for these files?

A.

.txt = ASCII Text File

B.

.dif = Data Interchange Format

C.

.prn = Formatted Text Delimited

D.

.csv = Comma Separated Values

Which Registry Viewer function would allow you to automatically document multiple

unknown user names?

A.

Add to Report

B.

Export User List

C.

Add to Report with Children

D.

Summary Report with Wildcard

Which two options are available in the FTK Report Wizard? (Choose two.)

A.

List by File Path

B.

List File Properties

C.

Include HTML File Listing

D.

Include PRTK Output List

What are three types of evidence that can be added to a case in FTK? (Choose three.)

A.

local drive

B.

registry MRU list

C.

contents of a folder

D.

acquired image of a drive

E.

compressed volume files (CVFs)

When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

A.

Report

B.

Special Reports

C.

Summary Report

D.

Add to Report With Children

When using PRTK to attack encrypted files exported from a case, which statement is true?

A.

PRTK will request the user access control list from FTK.

B.

PRTK will generate temporary copies of decrypted files for printing.

C.

FTK will stop all active jobs to allow PRTK to decrypt the exported files.

D.

File hash values will change when they are saved in their decrypted format.

E.

Additional interoperability between PRTK and NTAccess becomes available when files

begin decrypting.

To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

A.

image file

B.

currently booted drive

C.

server object settings

D.

profile access control list

You successfully export and create a file hash list while using FTK Imager. Which three

pieces of information are included in this file? (Choose three.)

A.

MD5

B.

SHA1

C.

filename

D.

record date

E.

date modified

You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and

suspect.001 image files. Which file has the hash value for the Raw (dd) image?

A.

suspect.001.txt

B.

suspect.E01.txt

C.

suspect.001.csv

D.

suspect.E01.csv

In FTK, you navigate to the Graphics tab at the Case level and you do not see any graphics. What should you do to see all graphics in the case?

A.

list all descendants

B.

run the graphic files filter

C.

check all items in the current list

D.

select the Graphics container button