A30-327 : FTK AccessData Certified Examiner - ACE - Uma ajudinha nas perguntas da certificação em FTK - Parte 1

segunda-feira, 10 de março de 2014

Primeiro post deste mês, e o porquê da minha ausência algum/muito estudo para a certificação A30-327, mais conhecida por AccessData Certified Examiner ou ACE.

Bom vamos começar pelos manuais que devem ser lidos e servem de ajuda para as questões apresentadas no exame.

Manual FTK: http://marketing.accessdata.com/acton/attachment/4390/f-0643/1/-/-/-/-/FTK_UG.pdf
Manual FTK Imager: http://marketing.accessdata.com/acton/attachment/4390/f-000d/1/-/-/-/-/file.pdf
Manual PRTK: http://marketing.accessdata.com/acton/attachment/4390/f-0653/1/-/-/-/-/PRTK_DNA%20User%20Guide.pdf
Manual Registry Viewer: http://marketing.accessdata.com/acton/attachment/4390/f-0672/1/-/-/-/-/RegistryViewer_UG.pdf

O exame consiste em 40 perguntas, 10 de conhecimento prático e 30 de conhecimento teórico, tendo 90 minutos para o resolver.

Para a resolução das perguntas da parte prática é necessário fazer o download da imagem disponibilizada e analisa-la cuidadosamente.

Segundo o que consegui "apurar" as perguntas da parte prática são sempre as mesmas mas de ordenação diferente.

Q. Practical Question: Which of the following pictures in Manny's Pictures library was taken with a Nikon D3100 camera?
a.Photo2.jpg
b.Photo1.jpg
c.Photo4.jpg
d.Photo3.jpg



Q. Practical Question: Using the Filter Manager, display all email attachments which are not OLE Subitems. How many items are listed?
a.524
b.60
c.101
d.585



Q. Practical Question: Which Windows User encrypted the file "LSMF.txt"?; DO NOT use SID numbers to determine this.
a.Moe
b.Manny
c.Jack
d.PepBoyz



Q. Practical Question: What is the Volume Serial Number of the C: Drive?
a.A8AD-2656
b.20F9-F09A
c.4E3F-6EA2
d.2656-A8AC



Q. Practical Question: What is true File Type of the file "216203-438x.png"?
a.JPEG
b.Bitmap
c.PNG
d.TIFF



Q. Practical Question: Locate the file PSNM.doc. What is the subject of the parent email message?
a.Questar QBA
b.Transwertern - Collateral Demand from PSNM
c.FW:TWP letter to venders
d.Richardson Products



Q. Practical Question: Process the Wildlife.wmv using the "Create Thumbnails for Videos" option with a three second interval. What is depicted in the 2nd thumbail?
a.Polar Bear
b.Koala
c.Seals
d.Horses



Q. Practical Question: What is the SID unique identifier for the Windows User Moe?
a.1002
b.1001
c.1004
d.1003



Q. Practical Question: Using Registry Viewer, search Jack's NTUSER.DAT file for the word "Caspian". How many values are contained in the key where the search term occurs?
a.15
b.20
c.28
d.22



Q. Practical Question: Perform an indexed Search for the word "gubergren", restricting your search to registry files. Which registry key contains the search term?
a.Printers
b.Mouse
c.Account
d.Identities



Em breve algumas perguntas da parte teórica.
Até lá boa sorte :)

UPDATE:

Parte 2 : http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_11.HTML
Parte 3: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_12.html
Parte 4: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_13.HTML
Parte 5: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_14.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 6: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_28.HTML
Parte 7: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_6649.HTML
Parte 8: http://e-forense.blogspot.com/2014/03/q.HTML
Parte 9: http://e-forense.blogspot.com/2014/03/a30-327-ftk-accessdata-certified_31.HTML
Parte 10: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified.HTML
Parte 11: http://e-forense.blogspot.com/2014/04/a30-327-ftk-accessdata-certified_3.html

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Labels

Question Dump A30-327 ACE AccessData AccessData ACE AccessData Certified Examiner AccessData FTK FTK Segurança da Informação Software (ISC)² CISSP Certified Information System Security Professional Preparação para Certificação Browsers Ferramentas Windows Análise Forense Microsoft OSINT Ouya Redes Android Malware Open Source Open Source Intelligence Sysinternals Sysinternals Live Sysinternals tools Cache Cookies Fingerprint Games Internet Explorer Mozilla Firefox Notícia Pentesting Python Script Skype Vulnerabilidades .dd .net 3.5 1Z0-144 ARPwner AccessChk v5.11 AccessEnum v1.32 Auburn Base de Dados Bypass C# CERT CISP CMS CSIP Canonical Centro de Cibersegurança China China Software and Integrated Chip Promotions Ciência Forense Computacional Cloud Creepy Cyber Security Information Sharing Partnership Código Dev Developer Disassembler Exploits FOCA Favorites Fingerprinting Organizations with Collected Archives Firefox Foundstone FoxOne Scanner Futuremark GCHQ Galleta GameInformer Gamepop Gaming Geolocalization Github Gmail Google Chrome Hardware Hash Hotmail IDS IP IPS JSON Javascript Object Notation Format Kaspersky Lab Kon-boot Live View MAC OSX MAC OSX Bypass MI5 Malware Bancário McAfee labs Microsoft Office Mozilla Foundation Msiecfexport Netflix Nirsoft Nmap Notepad++ ODA Online DisAssembler Oracle Oracle 11G Oryon C Oryon C Portable Outlook Ouya Specs PL/SQL Pasco Passwords Phishing Poisoning Programar Programação RAW RPC Republica Popular da China SQL SQLite Sandbox Sandboxie Scan Security Meeting ShadowSEC Skype Log Viewer Smartphones SmoothSec Startup Terdot The Verge Timestamp Trojan UK Ubuntu UbuntuKylin OS Userrole Virtualização WIFI WebApp Webmails Windows Bypass Windows Registry Write Blocker XML Yahoo Zeus hash-identifier iFixIt index.dat profiles.ini sqlite3 th3j35t3r wig

Posts + Vistos

Com tecnologia do Blogger.