Name:
Class:
Date:
Indicate whether the statement is true or false.
1. Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.
a.
True
b.
False
2. In UNIX and Linux, everything except monitors are considered files.
a.
True
b.
False
3. The term “kernel” is often used when discussing Linux because technically, Linus is only the core of the OS.
a.
True
b.
False
4. Linux is a certified UNIX operating system.
a.
True
b.
False
5. The only pieces of metadata not in an inode are the filename and path.
a.
True
b.
False
Indicate the answer choice that best completes the statement or answers the question.
6. What is the minimum size of a block in UNIX/Linux filesystems?
a.
128 bytes
b.
512 bytes
c.
1024 bits
d.
2048 bits
7. What file under the /etc folder contains the hashed passwords for a local system?
a.
passwd
b.
hashes
c.
shadow
d.
users
8. What type of block does a UNIX/Linux computer only have one of?
a.
boot block
b.
data block
c.
inode block
d.
superblock
9. What file is used to store any file information that is not in the MDB or a VCB?
a.
page file
b.
metadata database file
Name:
Class:
Date:
c.
slack file
d.
extents overflow file
10. Adding the _____________ flag to the ls -l command has the effect of of showing all files beginning with the “.”
character in addition to other files.
a.
-s
b.
-d
c.
-l
d.
-a
11. The ______________ command can be used to see network interfaces.
a.
ifconfig
b.
ipconfig
c.
show interfaces
d.
show ip brief
12. Select below the command that can be used to display bad block information on a Linux file system, but also has the
capability to destroy valuable information.
a.
dd
b.
fdisk
c.
badblocks
d.
mke2fs
13. Who is the current maintainer of the Linux kernel?
a.
Tim Cook
b.
Eric Shmidt
c.
Linus Torvalds
d.
Lennart Poettering
14. As part of a forensics investigation, you need to recover the logon and logoff history information on a Linux based
OS. Where can this information be found?
a.
/var/log/utmp
b.
/var/log/wtmp
c.
/var/log/userlog
d.
/var/log/system.log
15. In a B*-tree file system, what node stores link information to previous and next nodes?
a.
inode
b.
header node
c.
index node
d.
map node
16. What command below will create a symbolic link to a file?
a.
ln -s
b.
ls -ia
Name:
Class:
Date:
c.
ln -l
d.
ls -h
17. The Mac OS reduces file fragmentation by using _______________.
a.
inodes
b.
superblocks
c.
clumps
d.
chunks
18. If a file has 510 bytes of data, what is byte 510?
a.
The physical EOF.
b.
The logical EOF.
c.
The terminating EOF.
d.
The end of the sector.
19. On Mac OS X systems, what utility can be used to encrypt / decrypt a user’s home directory?
a.
Disk Utility
b.
BitLocker
c.
FileVault
d.
iCrypt
20. ________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert
Witness.
a.
AccessData FTK
b.
X-Ways Forensics
c.
Guidance Software EnCase
d.
Foremost
21. ________________ contain file and directory metadata and provide a mechanism for linking data stored in data
blocks.
a.
Blocks
b.
Clusters
c.
Inodes
d.
Plist files
22. A hash that begins with “$6” in the shadow file indicates that it is a hash from what hashing algorithm?
a.
MD5
b.
Blowfish
c.
SHA-1
d.
SHA-512
23. Where is the root user’s home directory located on a Mac OS X file system?
a.
/root
b.
/private/var/root
c.
/private/spool/root
Name:
Class:
Date:
d.
/home/root
24. Within the /etc/shadow file, what field contains the password hash for a user account if one exists?
a.
1st field
b.
2nd field
c.
3rd field
d.
4th field
25. What information below is not included within an inode?
a.
The mode and type of the file or directory
b.
The number of links to a file or directory
c.
The file’s or directory’s last access time and last modified time
d.
The file’s or directory’s path
Enter the appropriate word(s) to complete the statement.
26. An assigned inode has _____ pointers that link to data blocks and other pointers where files are stored.
27. Since Mac OS 8.6, _______________ have been available for use in managing passwords for applications, web sites,
and other system files.
28. ________ links are simply pointers to other files and aren’t included in the link count.
29. With Linux commands, arguments consisting of multiple letters must be preceded by two ___________ characters
instead of one and can’t be grouped together.
30. The _____________ is the listing of all files and directories on a volume and is used to maintain relationships between
files and directories on a volume.
Match each term with its definition:
a.
B*-tree
b.
data block
c.
logical block
d.
inodes
e.
Volume Control Block
f.
Allocation Block
g.
header node
h.
data fork
i.
superblock
j.
resource fork
31. In the Mac file system, a group of consecutive logical blocks assembled in a volume when a file is saved.
32. A node that stores information about B*-tree file.
33. A Mac file that organizes the directory hierarchy and file block mapping for File Manager.
34. The part of a Mac file containing file metadata and application information, such as menus, dialog boxes, icons,
executable code, and controls. Also contains resource map and header information, window locations, and icons.
35. The part of a Mac file containing the file’s actual data, both user-created data and data written by applications, as well
Name:
Class:
Date:
as a resouce map and header information, window locations, and icons.
36. In the Mac file system, a collection of data that can‘t exceed 512 bytes. Assembled in allocation blocks to store files in
a volume.
37. A key part of the Linux file system, these informatuin nodes contain descriptive file or directory data, such as UIDS,
GIDs, modification times, access times, creation times, and file locations.
38. A block in the Linux file system that specifies and keep tracks of the disk geometry and available space and manages
the file system.
39. A block in the Linux file system where directories and files are stored on a drive.
40. An area of the Mac file system containing information from the Master Directory Block.
41. Linux supports a wide range of file systems. Distinguish the three Extended File Systems of Linux.
42. What are bad blocks, and how do you find them?
43. UNIX and Linux have four components defining the file system. Identify and give a brief description of each.
44. As you’ve learned, Linux commands use options to create variations of a command. Describe the rules for grouping
letter arguments.
45. Describe a tarball.
46. Compare and contrast the data fork and resource fork of a Mac file.
47. After making an acquisition on a Mac computer, the next step is examining the image of the file system with a
forensics tool. Explain how to select the proper forensics tool for the task.
48. Explain why one should have Apple factory training before attempting an acquisition on a Mac computer.
49. Explain the differences between a hard link and a symbolic link.
50. What is a plist file?
Name:
Class:
Date:
Name:
Class:
Date:
Name:
Class:
Date:
Name:
Class:
Date: