You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and
suspect.001 image files. Which file has the hash value for the Raw (dd) image?
Which two Registry Viewer operations can be conducted from FTK? (Choose two.)
While analyzing unallocated space, you locate what appears to be a 64-bit Windows date and
time. Which FTK Imager feature allows you display the information as a date and time?
After creating a case, the Encrypted Files container lists EFS files. However, no decrypted
sub- items are present. All other necessary components for EFS decryption are present in the case. Which two files must be used to recover the EFS password for use in FTK? (Choose two.)
Which three items are displayed in FTK Imager for an individual file in the Properties
window? (Choose three.)
Into which two categories can an imported hash set be assigned? (Choose two.)
In which Overview tab container are HTML files classified?
You successfully export and create a file hash list while using FTK Imager. Which three
pieces of information are included in this file? (Choose three.)
When using Registry Viewer to view a key with 20 values, what option can be used to display only 5 of the 20 values in a report?