Improve A30-327 Keys 2021

NEW QUESTION 1
In FTK, which search broadening option allows you to find grammatical variations of the word "kill" such as "killer," "killed," and "killing"?

• A. Phonic
• B. Synonym
• C. Stemming
• D. Fuzzy Logic

Answer: C

NEW QUESTION 2
In FTK, a user may alter the alert or ignore status of individual hash sets within the active KFF. Which utility is used to accomplish this?

• A. KFF Alert Editor
• B. ADKFF Library Selector
• C. Hash Database File Selector
• D. Hash Database Recovery Engine

Answer: A

NEW QUESTION 3
In FTK, you navigate to the Graphics tab at the Case level and you do not see any graphics. What should you do to see all graphics in the case?

• A. list all descendants
• B. run the graphic files filter
• C. check all items in the current list
• D. select the Graphics container button

Answer: A

NEW QUESTION 4
Click the Exhibit button.
When decrypting EFS files in a case, you receive the result shown in the exhibit. What is the most plausible explanation for this result?

• A. The encrypted file was corrupt.
• B. A different user encrypted the remaining encrypted file.
• C. The hash value of the remaining encrypted file did not match.
• D. The remaining encrypted file had previously been bookmarked.
• E. An incorrect CRC value for the $EFS certificate was applied by the user.

Answer: B

NEW QUESTION 5
You currently store alternate hash libraries on a remote server. Where do you configure FTK to access these files rather than the default library, ADKFFLibrary.hdb?

• A. Preferences
• B. User Options
• C. Analysis Tools
• D. Import KFF Hashes

Answer: A

NEW QUESTION 6
Click the Exhibit button.
What change do you make to the file filter shown in the exhibit in order to show only graphics with a logical size between 500 kilobytes and 10 megabytes?

• A. You change all file status items to a red circle.
• B. You change all file status items to a yellow triangle.
• C. You make no chang
• D. The filter is correct as shown.
• E. You change Graphics in the File Type column to a yellow triangle.

Answer: D

NEW QUESTION 7
When using FTK Imager to preview a physical drive, which number is assigned to the first logical volume of an extended partition?

• A. 2
• B. 3
• C. 4
• D. 5

Answer: D

NEW QUESTION 8
When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?

• A. Report
• B. Special Reports
• C. Summary Report
• D. Add to Report With Children

Answer: AB

Explanation:
Which two options are available in the FTK Report Wizard? (Choose two.)
A. List by File Path
B. List File Properties
C. Include HTML File Listing
D. Include PRTK Output List

NEW QUESTION 9
Which two statements are true? (Choose two.)

• A. PRTK can recover Windows logon passwords.
• B. PRTK must run in conjunction with DNA workers to decrypt EFS files.
• C. PRTK and FTK must be installed on the same machine to decrypt EFS files.
• D. EFS files must be exported from a case and provided to PRTK for decryption.

Answer: AC

NEW QUESTION 10
How can you use FTK Imager to obtain registry files from a live system?

• A. You use the Export Files option.
• B. You use the Advanced Recovery option.
• C. Registry files cannot be exported from a live system.
• D. You use the Protected Storage System Provider option.

Answer: A

NEW QUESTION 11
You successfully export and create a file hash list while using FTK Imager. Which three pieces of information are included in this file? (Choose three.)

• A. MD5
• B. SHA1
• C. filename
• D. record date
• E. date modified

Answer: ABC

NEW QUESTION 12
Which statement is true about using FTK Imager to export a folder and its subfolders?

• A. Exporting a folder will copy all its subfolders.
• B. Each subfolder must be exported individually.
• C. Exporting a folder copies only the folder without any files.
• D. Exporting a folder will copy all subfolders without the system attribute.

Answer: A

NEW QUESTION 13
In FTK, which two formats can be used to export an E-mail message? (Choose two.)

• A. raw format
• B. XML format
• C. PDF format
• D. HTML format
• E. binary format

Answer: AD

NEW QUESTION 14
In which Overview tab container are HTML files classified?

• A. Archive container
• B. Java Code container
• C. Documents container
• D. Internet Files container

Answer: C

NEW QUESTION 15
You are converting one image file format to another using FTK Imager. Why are the hash values of the original image and the resulting new image the same?

• A. because FTK Imager's progress bar tracks the conversion
• B. because FTK Imager verifies the amount of data converted
• C. because FTK Imager compares the elapsed time of conversion
• D. because FTK Imager hashes only the data during the conversion

Answer: D

NEW QUESTION 16
What are two functions of the Summary Report in Registry Viewer? (Choose two.)

• A. Mastered
• B. Not Mastered

Answer: A

NEW QUESTION 17
During the execution of a search warrant, you image a suspect drive using FTK Imager and store the Raw(dd) image files on a portable drive. Later, these files are transferred to a server for storage. How do you verify that the information stored on the server is unaltered?

• A. open and view the Summary file
• B. load the image into FTK and it automatically performs file verification
• C. in FTK Imager, use the Verify Drive/Image function to automatically compare a calculatedhash with a stored hash
• D. use FTK Imager to create a verification hash and manually compare that value to the valuestored in the Summary file

Answer: D

NEW QUESTION 18
FTK Imager allows a user to convert a Raw (dd) image into which two formats? (Choose two.)

• A. E01
• B. Ghost
• C. SMART
• D. SafeBack

Answer: AC

NEW QUESTION 19
You view a registry file in Registry Viewer. You want to create a report, which includes items that you have marked "Add to Report." Which Registry Viewer option accomplishes
this task?

• A. Common Areas
• B. Generate Report
• C. Define Summary Report
• D. Manage Summary Reports

Answer: B

NEW QUESTION 20
To obtain protected files on a live machine with FTK Imager, which evidence item should be added?

• A. image file
• B. currently booted drive
• C. server object settings
• D. profile access control list

Answer: B

NEW QUESTION 21
What is the purpose of the Golden Dictionary?

• A. maintains previously created level information
• B. maintains previously created profile information
• C. maintains a list of the 100 most likely passwords
• D. maintains previously recovered passwords

Answer: D

NEW QUESTION 22
Which two Registry Viewer operations can be conducted from FTK? (Choose two.)

• A. list SAM file account names in FTK
• B. view all registry files from within FTK
• C. create subitems of individual keys for FTK
• D. export a registry report to the FTK case report

Answer: BD

NEW QUESTION 23
......