Weekend Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple70

Home
AccessData
AccessData Certification
A30-327
AccessData Certified Examiner Questions and Answers

Pass the AccessData Certification A30-327 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam A30-327 Premium Access

View all detail and faqs for the A30-327 exam

Go to Exam

480 Students Passed

92% Average Score

95% Same Questions

Viewing page 1 out of 2 pages

Viewing questions 1-10 out of questions

Questions # 1:

You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and

suspect.001 image files. Which file has the hash value for the Raw (dd) image?

Options:

suspect.001.txt

suspect.E01.txt

suspect.001.csv

suspect.E01.csv

Answer

Questions # 2:

In FTK, a user may alter the alert or ignore status of individual hash sets within the active

KFF. Which utility is used to accomplish this?

Options:

KFF Alert Editor

ADKFF Library Selector

Hash Database File Selector

Hash Database Recovery Engine

Answer

Questions # 3:

When previewing a physical drive on a local machine with FTK Imager, which statement is true?

Options:

FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.

FTK Imager can operate from a USB drive, thus preventing writes to suspect media.

FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.

FTK Imager should always be used in conjunction with a hardware write protect device to

prevent writes to suspect media.

Answer

Questions # 4:

When adding data to FTK, which statement about DriveFreeSpace is true?

Options:

DriveFreeSpace is merged with deleted files.

DriveFreeSpace is segmented into 10 megabyte items.

DriveFreeSpace is truncated, based on the size of the case.dat file.

DriveFreeSpace is classified with file slack items in the Overview tab.

Answer

Questions # 5:

You are converting one image file format to another using FTK Imager. Why are the hash

values of the original image and the resulting new image the same?

Options:

because FTK Imager's progress bar tracks the conversion

because FTK Imager verifies the amount of data converted

because FTK Imager compares the elapsed time of conversion

because FTK Imager hashes only the data during the conversion

Answer

Questions # 6:

FTK uses Data Carving to find which three file types? (Choose three.)

Options:

JPEG files

Yahoo! Chat Archives

WPD (Word Perfect Documents)

Enhanced Windows Meta Files (EMF)

OLE Archive Files (Office Documents)

Answer

A, D, E

Questions # 7:

Click the Exhibit button.

Question # 7

What change do you make to the file filter shown in the exhibit in order to show only graphics with a logical size between 500 kilobytes and 10 megabytes?

Options:

You change all file status items to a red circle.

You change all file status items to a yellow triangle.

You make no change. The filter is correct as shown.

You change Graphics in the File Type column to a yellow triangle.

Answer

Questions # 8:

You currently store alternate hash libraries on a remote server. Where do you configure FTK to access these files rather than the default library, ADKFFLibrary.hdb?

Options:

Preferences

User Options

Analysis Tools

Import KFF Hashes

Answer

Questions # 9:

Which pattern does the following regular expression recover?

(\d{4}[\- ]){3}\d{4}

Options:

000-000-0000

ddd-4-3-dddd-4-3

000-00000-000-ABC

0000-0000-0000-0000

Answer

Questions # 10:

You are asked to process a case using FTK and to produce a report that only includes selected graphics. What allows you to display only flagged graphics?