Homework answers / question archive / Chapter 6- 1)Consistency checking analysis is usually much slower than zero-knowledge analysis

Chapter 6- 1)Consistency checking analysis is usually much slower than zero-knowledge analysis

Computer Science

Share With

Chapter 6-

1)Consistency checking analysis is usually much slower than zero-knowledge analysis.

2. In FAT and NTFS file systems, a __________ is used to map files to specific clusters where they are stored on the disk.
3. Damage to how data is stored on a disk, such as file system corruption, is the definition of physical damage.
4. A test system is a functional system compatible with the hard drive from which someone is trying to recover data.
5. The basic repair tool in Mac OS is _______.
6. Which operating system uses the ext file system natively?
7. What is meant by zero-knowledge analysis?
8. A symbolic link is an inode that links directly to a specific file.

9. What name is given to a technique for file system repair that involves scanning a disk's logical structure and ensuring that it is consistent with its specification?
10. A symbolic link in Linux is similar to a ____________.
11. A(n) __________ is a data structure in the Linux file system that stores all the information about a file except its name and actual data.
12. With the consistency checking file system repair technique, a computer's file system is rebuilt from scratch using knowledge of an undamaged file system structure.
13. Windows 2000 and newer Windows operating systems use the __________ file system.
14. Forensically scrubbing a file or folder may involve overwriting data with random characters seven times.
15. The purpose of file carving is to extract the data from a single file from the larger set of data, that is, the entire disk or partition.
16. An environment that has a controlled level of contamination, such as from dust, microbes, and other particles is the definition of a __________.
17. Logical damage to a file system is more common than physical damage.
18. Paige is attempting to recover data from a failed hard disk. She removed the failed drive from the system on which it was installed, and then connected it to a test system. She made the connection by simply connecting the data and power cables but did not actually install the failed drive. What step should she perform next?
19. The Linux/UNIX command __________ can be used to search for files or contents of files.
20. In Windows, files that are moved to the Recycle Bin are permanently deleted.
21. Which file recovery tool works in Linux and Mac OS, and in Windows if you compile the source code?
22. Linux file systems use hard links and symbolic links.
23. The two NTFS files of most interest to forensics are the Master File Table (MFT) and the __________.
24. Clusters in a Windows NTFS system are more likely to be overwritten as more time elapses after deletion.

25. Linux stores file content in blocks, which are similar to clusters in Windows NTFS.