NEW QUESTION 1
Which three items are contained in an Image Summary File using FTK Imager? (Choose three.)

• A. MD5
• B. CRC
• C. SHA1
• D. Sector Count
• E. Cluster Count

Answer: ACD

NEW QUESTION 2
Which file should be selected to open an existing case in FTK?

• A. ftk.exe
• B. case.ini
• C. case.dat
• D. isobuster.dll

Answer: C

NEW QUESTION 3
Which statement is true about Processes to Perform in FTK?

• A. Processing options can be chosen only when adding evidence.
• B. Processing options can be chosen during or after adding evidence.
• C. Processing options can be chosen only after evidence has been added.
• D. If processing is not performed while adding evidence, the case must be started again.

Answer: B

NEW QUESTION 4
In which Overview tab container are HTML files classified?

• A. Archive container
• B. Java Code container
• C. Documents container
• D. Internet Files container

Answer: C

NEW QUESTION 5
You successfully export and create a file hash list while using FTK Imager. Which three pieces of information are included in this file? (Choose three.)

• A. MD5
• B. SHA1
• C. filename
• D. record date
• E. date modified

Answer: ABC

NEW QUESTION 6
Which type of evidence can be added to FTK Imager?

• A. individual files
• B. all checked items
• C. contents of a folder
• D. all currently listed items

Answer: C

NEW QUESTION 7
You want to search for two words within five words of each other. Which search request would accomplish this function?

• A. apple by pear w/5
• B. June near July w/5
• C. supernova w/5 cassiopeia
• D. supernova by cassiopeia w/5

Answer: C

NEW QUESTION 8
You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and
suspect.001 image files. Which file has the hash value for the Raw (dd) image?

• A. suspect.001.txt
• B. suspect.E01.txt
• C. suspect.001.csv
• D. suspect.E01.csv

Answer: A

NEW QUESTION 9
You are attempting to access data from the Protected Storage System Provider (PSSP) area of a registry. How do you accomplish this using PRTK?

• A. You drop the SAM file onto the PRTK interface.
• B. You drop the NTUSER.dat file onto the PRTK interface.
• C. You use the PSSP Attack Marshal from Registry Viewer.
• D. This area can not be accessed with PRTK as it is a registry file.

Answer: B

NEW QUESTION 10
Which two image formats contain an embedded hash value for file verification? (Choose two.)

• A. E01
• B. S01
• C. ISO
• D. CUE
• E. 001 (dd)

Answer: AB

NEW QUESTION 11
In PRTK, which type of attack uses word lists?

• A. dictionary attack
• B. key space attack
• C. brute-force attack
• D. rainbow table attack

Answer: A

NEW QUESTION 12
After creating a case, the Encrypted Files container lists EFS files. However, no decrypted
sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)

• A. SAM
• B. system
• C. SECURITY
• D. Master Key
• E. FEK Certificate

Answer: AB

NEW QUESTION 13
FTK Imager can be invoked from within which program?

• A. FTK
• B. DNA
• C. PRTK
• D. Registry Viewer

Answer: A

NEW QUESTION 14
You currently store alternate hash libraries on a remote server. Where do you configure FTK to access these files rather than the default library, ADKFFLibrary.hdb?

• A. Preferences
• B. User Options
• C. Analysis Tools
• D. Import KFF Hashes

Answer: A

NEW QUESTION 15
You used FTK Imager to create several hash list files. You view the location where the files were exported. What is the file extension type for these files?

• A. .txt = ASCII Text File
• B. .dif = Data Interchange Format
• C. .prn = Formatted Text Delimited
• D. .csv = Comma Separated Values

Answer: D

NEW QUESTION 16
How can you use FTK Imager to obtain registry files from a live system?

• A. You use the Export Files option.
• B. You use the Advanced Recovery option.
• C. Registry files cannot be exported from a live system.
• D. You use the Protected Storage System Provider option.

Answer: A

NEW QUESTION 17
To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

• A. image file
• B. currently booted drive
• C. server object settings
• D. profile access control list

Answer: B

NEW QUESTION 18
While analyzing unallocated space, you locate what appears to be a 64-bit Windows date and
time. Which FTK Imager feature allows you display the information as a date and time?

• A. INFO2 Filter
• B. Base Converter
• C. Metadata Parser
• D. Hex Value Interpreter

Answer: D

NEW QUESTION 19
In FTK, which two formats can be used to export an E-mail message? (Choose two.)

• A. raw format
• B. XML format
• C. PDF format
• D. HTML format
• E. binary format

Answer: AD

NEW QUESTION 20
What are three types of evidence that can be added to a case in FTK? (Choose three.)

• A. local drive
• B. registry MRU list
• C. contents of a folder
• D. acquired image of a drive
• E. compressed volume files (CVFs)

Answer: ACD

NEW QUESTION 21
Into which two categories can an imported hash set be assigned? (Choose two.)

• A. alert
• B. ignore
• C. contraband
• D. system files

Answer: AB

NEW QUESTION 22
......