AccessData Certified Examiner
Which three items are displayed in FTK Imager for an individual file in the Properties
window? (Choose three.)
C. hash set
E. item number
Answer: A, B, D
In FTK, which search broadening option allows you to find grammatical variations of the word
"kill" such as "killer," "killed," and "killing"?
D. Fuzzy Logic
When using FTK Imager to preview a physical drive, which number is assigned to the first
logical volume of an extended partition?
When previewing a physical drive on a local machine with FTK Imager, which statement is
A. FTK Imager can block calls to interrupt 13h and prevent writes to suspect media.
B. FTK Imager can operate from a USB drive, thus preventing writes to suspect media.
C. FTK Imager can operate via a DOS boot disk, thus preventing writes to suspect media.
D. FTK Imager should always be used in conjunction with a hardware write protect device to
prevent writes to suspect media.
Which type of evidence can be added to FTK Imager?
A. individual files
B. all checked items
C. contents of a folder
D. all currently listed items
To obtain protected files on a live machine with FTK Imager, which evidence item should be
A. image file
B. currently booted drive
C. server object settings
D. profile access control list
What are three image file formats that can be read by FTK Imager? (Choose three.)
A. E01 files
B. raw (dd) image files
C. SafeBack version 2.2 image files
D. SafeBack version 3.0 image files
E. Symantec Ghost compressed image files
Answer: A, B, C
Which statement is true about using FTK Imager to simultaneously create multiple images of a
A. In the Image