You are using FTK to process e-mail files. In which two areas can E-mail attachments be located? (Choose two.)

1. A. the E-mail tab
2. B. the From E-mail container in the Overview tab
3. C. the Evidence Items container in the Overview tab
4. D. the E-mail Messages container in the Overview tab

Correct Answer: AB

Which data in the Registry can the Registry Viewer translate for the user? (Choose three.)

1. A. calculate MD5 hashes of individual keys
2. B. translate the MRUs in chronological order
3. C. present data stored in null terminated keys
4. D. present the date and time of each typed URL
5. E. View Protected Storage System Provider (PSSP) data

Correct Answer: BCE

A. E01 files

1. A. raw (dd) image files
2. B. SafeBack version 2.2 image files
3. C. SafeBack version 3.0 image files
4. D. Symantec Ghost compressed image files

Correct Answer: ABC

You create two evidence images from the suspect's drive: suspect.E01 and suspect.001. You want to be able to verify that the image hash values are the same for suspect.E01 and
suspect.001 image files. Which file has the hash value for the Raw (dd) image?

1. A. suspect.001.txt
2. B. suspect.E01.txt
3. C. suspect.001.csv
4. D. suspect.E01.csv

Correct Answer: A

In FTK, which tab provides specific information on the evidence items, file items, file status and file category?

1. A. E-mail tab
2. B. Explore tab
3. C. Overview tab
4. D. Graphics tab

Correct Answer: C