[FTK ACE] FTK ACE 자격증 - #5 자격증 기출 문제 풀이 (ACE v7)

Forensics/FTK ACE 자격증

[FTK ACE] FTK ACE 자격증 - #5 자격증 기출 문제 풀이 (ACE v7)

pental 2021. 2. 22. 11:26

만약 이 글이 문제가 된다면, 바로 비공개 처리를 할것이고, 갑자기 글이 사라질수 있음을 알려드립니다.

#1 자격증 시험을 보기전 알아야 할 사항 > blog.system32.kr/245
#2 시험 정보 (ACE v7) > blog.system32.kr/246
#3 기출 문제 (ACE v6, 필기) > blog.system32.kr/247
#4 기출 문제 (ACE v6, 실기) > blog.system32.kr/248

먼저 ACE 기출문제를 올리는 이유는 현 글을 작성하고 있는 2021-02-21 기준으로 AccessData사의 FTK ACE 는 v7버전으로 변경되었음을 확인하였습니다.
그래서 Ace v6 버전의 자격증 시험에 사용되었던 문제는 v7 버전에서 사용되지 않는다는것을 확인 하였고, 여러 사람들이 FTK Ace 의 시험은 어떻게 진행되는 알고 싶다는 문의가 많았으며, 저도 이 지식을 공유하고 싶다는 취지에서 작성하게 되었습니다.
만약 이 글이 문제가 된다면 (저작권 및 시험 정보 유출 등으로), 바로 비공개 처리를 할 것이고, 갑자기 글이 사라질수 있음을 알려드립니다.

Question 1 - What is the name of the Microsoft Word document stored within Raylan Givens' Desktop?
Question 2 - What is the file name for the largest file within the John W. Gacy Directory (Including all subdirectories)?
Question 3 - What is the MFT Record Number for the file 'Equipment.xlsx' in the Bluep OneDrive?
Question 4 - What is the Central Time - US Chicago (With Daylight Savings) Created column value for the file Chernobyl.docx?
Question 5 - How many duplicates of the file with the MD5 hash starting with 09916, are labeled as secondary?
Question 6 – How many graphics are loaded in the Graphics tab when the tab filter is changed to show all Graphics?
Question 7 - How many .ost files are identified by FTK?
Question 8 - How many non-deleted zero length files are identified by FTK?
Question 9 - FTK reports how many items in the Google Maps Web Page Category?
Question 10 - How many directories are located within Timothy's Desktop?
Question 11 - How many allocated graphic files have GPS information?
Question 12 - For the graphic files with GPS information and a created date of May 28, 2020, what is the filename of the only graphic with GPS data and EXIF data indicating the photo was actually taken in May?
Question 13 - How many total URLs were visited on October 19, 2020 OR were from palmettostatearmory?
Question 14 - How many URLs are from the sites righttobear or midwayusa on October 9, 2020?
Question 15 - How many emails are sent or received between Danielle Jasons and Lance McClain? (The results may include emails that are group emails, count those as well)
Question 16 - What is the alias associated with Alanna Mitsopolis?
Question 17 - What is the filename of the document with the title "Disaster in the West"
Question 18 - The date a picture was taken is often stored in the EXIF data tag, Exif.Photo.DateTimeDigitized. How many image files have a recorded digitized date of April 20, 2020?
Question 19 - Search for a document containing the word "fires" within three words of "west". What is returned?
Question 20 - Search for the word "trigger", including all of its stems. Which user is recorded in the 'Last Saved By' field for the document returned?
Question 21 - Using the resulting files from the KFF, which bank has a sort code of 30-10-82?
Question 22 - Within the KFF returned files, the image taken by an Android device, what is the DateTime as recorded in the Exif?
Question 23 - Within the KFF results, Who is the Author for the Microsoft Word document returned?
Question 24 - For the carved unallocated image(s) found in the KFF results. What city does FTK report as the city?
Question 25 - For the KFF Alert file containing a list of individuals, how many individuals have alternate names?

[Question 1]
What is the name of the Microsoft Word document stored within Raylan Givens' Desktop?
T ) Raylan Givens'의 컴퓨터에 저장된 워드 문서의 이름은 무엇인가?
A Law and Order.docx
B Chernobyl.docx
C Identity theft Info for sale.xlsx
D Gun Stuff to buy.docx

[ Question 2 ]
What is the file name for the largest file within the John W. Gacy Directory (Including all subdirectories)?
T ) 하위 폴더를 포함한 John W. Gacy의 폴더에서 가장 큰 파일의 이름은 무엇인가?
A IMG_9839.JPG
B Places To Visit.docx
C History
D Close Up view.jpg

Axiom의 파일 시스템 항목에서 John W Gacy 폴더를 찾은수 크기별로 내림차순 정렬을 해보면
Close up view.jpg 파일이 29,814,759Byte로 가장 크다.

[ Question 3 ]
What is the MFT Record Number for the file 'Equipment.xlsx' in the Bluep OneDrive?
T ) Bluep의 OneDrive에서 'Equipment.xlsx’ 파일의 MFT 레코드 번호는?
A 501
B 811
C 78
D 172

[ Question 4 ]
What is the Central Time - US Chicago (With Daylight Savings) Created column value for the file Chernobyl.docx?
T ) 언제 Chernobyl.docx 파일을 생성했는가? (UTC-6:00 사용, 중부 표준시)
A 9/22/202 6:31:25 PM
B 9/22/202 9:31:25 PM
C 9/22/202 7:31:25 PM
D 9/22/202 8:31:25 PM

[ Question 5 ]
How many duplicates of the file with the MD5 hash starting with 09916, are labeled as secondary? T ) 09916으로 시작하는 MD5 해시가 있는 파일의 중복 항목 수는 몇 개인가?
A 9
B 1
C 8
D 0

[ Question 6 ]
Including Carved image, How many graphics are loaded in the Graphics tab when the tab filter is changed to show all Graphics?
T ) 카빙된 이미지를 포함해서, 탭 필터가 모든 그래픽을 표시하도록 변경되었을 때 그래픽 탭에 로드되는 그래픽 수는 얼마입니까?
A ~~472~~
B ~~525~~
C 1,119
D 320

[ Question 7 ]
How many .ost files are identified by FTK?
T ) FTK에서 식별되는 .ost 파일은 몇 개입니까?
A 3
B 0
C 2
D 1

[ Question 8 ]
How many non-deleted zero length files are identified by FTK?
T ) FTK는 삭제되지 않은 제로 길이 파일을 몇 개 식별합니까?
A 10
B 20
C 0
D 9

[ Question 9 ]
FTK reports how many items in the Google Maps Web Page Category?
T ) FTK는 Google 지도 웹 페이지 카테고리의 항목 수를 보고합니까?
A 0
B 501
C 112
D 900

[ Question 10 ]
How many directories are located within Timothy's Desktop?
T ) Timothy's Desktop에는 몇 개의 디렉터리가 있습니까?
A 5
B 3
C 4
D 2

[ Question 11 ]
How many allocated graphic files have GPS information?
T ) GPS 정보가 있는 할당된 그래픽 파일은 몇 개입니까?
A 472
B 185
C 262
D 300

[ Question 12 ]
For the graphic files with GPS information and a created date of May 28, 2020, what is the filename of the only graphic with GPS data and EXIF data indicating the photo was actually taken in May?
T ) GPS 정보가 있고 생성된 날짜가 2020년 5월 28일인 그래픽 파일의 경우, 실제로 5월에 사진을 찍었다는 것을 나타내는 GPS 데이터와 EXIF 데이터가 있는 유일한 그래픽 파일 이름은 무엇입니까?
A 5ABBA8FD3A32C60797E11B75D4FEA1DD9B1F861E
B 74AEA9FB5542C6B3656EEF913C153C7DB7511E28
C FF2A32F451300DA5615C7724D419C62C4069B0E7
D A8E7F6BED19FCED6E7304FB2BD02AEF6CD902663

[ Question 13 ]
How many total URLs were visited on October 19, 2020 OR were from palmettostatearmory?
T ) 2020년 10월 19일에 방문한 총 URL은 몇 개입니까? 또는 "palmettostatemarory"에서였습니까?
A 40
B 103
C 64
D 1

[ Question 14 ]
How many URLs are from the sites righttobear or midwayusa on October 9, 2020?
T ) 2020년 10월 9일, 우리를 지탱할 수 있는 사이트의 URL은 몇 개인가?
A 64
B 43
C 88
D ~~109~~

[ Question 15 ]
How many emails are sent or received between Danielle Jasons and Lance McClain? (The results may include emails that are group emails, count those as well)
T ) Danielle Jasons와 Lance McClain 간에 얼마나 많은 이메일을 보내거나 받았습니까? (결과에는 그룹 이메일인 이메일도 포함될 수 있습니다.)
A 11
B 18
C 9
D 20

[ Question 16 ]
What is the alias associated with Alanna Mitsopolis?
A Max
B Langley
C MI6
D White Widow

[ Question 17 ]
What is the filename of the document with the title "Disaster in the West"
A Chernobyl.docx
B Fires in California.docx
C Apocalyptic Manifesto.docx
D Law and Order.docx

[ Question 18 ]
The date a picture was taken is often stored in the EXIF data tag, Exif.Photo.DateTimeDigitized. How many image files have a recorded digitized date of April 20, 2020?
T ) 사진을 찍은 날짜는 종종 EXIF 데이터 태그인 Exif에 저장됩니다.사진.날짜 시간 디지털화. 2020년 4월 20일로 기록된 이미지 파일의 수는 얼마나 됩니까?
A 4
B 2
C 30
D 90

[ Question 19 ]
Search for a document containing the word "fires" within three words of "west". What is returned?
T ) "west"의 세 단어 내에 "fire"라는 단어가 포함된 문서를 검색합니다. 무엇이 반환됩니까?
A ~~A document discussing the damages related to fires in California~~
~~캘리포니아 화재 관련 피해에 대한 문서~~
B A file containing web searches
웹 검색을 포함하는 파일
C A cache file discussing air tanker support for fires in California
캘리포니아 화재에 대한 에어 탱커 지원을 논의하는 캐시 파일
D A spreadsheet containing identity theft information
ID 도난 정보가 들어 있는 스프레드시트

[ Question 20 ]
Search for the word "trigger", including all of its stems. Which user is recorded in the 'Last Saved By' field for the document returned?
T ) 모든 스템을 포함하여 "트리거" 단어를 검색합니다. 반환된 문서의 '마지막 저장 기준' 필드에 기록된 사용자는 누구입니까?
A Timothy
B Raylan Givens
C BluePaladinofVoltron
D John W Gacy

[ Question 21 ]
Using the resulting files from the KFF, which bank has a sort code of 30-10-82?
T ) KFF의 결과 파일을 사용해서, 어느 은행이 30-10-82의 분류 코드를 가지고 있습니까?
A US Bank
B Trout Banking
C L. Turner Banking
D Bank of America

[ Question 22 ]
Within the KFF returned files, the image taken by an Android device, what is the DateTime as recorded in the Exif?
T ) KFF에서 Android 기기에서 촬영한 이미지인 파일을 반환했습니다. Exif에 기록된 Date Time은 무엇입니까?
A 2018:10:26 17:17:20
B 5/10/2019 1:10:09 PM
C 2020-12-16 22:15:40 UTC
D 2019-05-10 18:10:09 UTC

[ Question 23 ]
Within the KFF results, Who is the Author for the Microsoft Word document returned?
T ) KFF 결과에서 반환된 Microsoft Word 문서 작성자는 누구입니까?
A Timothy
B Raylan Givens
C Justin
D BluePaladinofVoltron

[ Question 24 ]
For the carved unallocated image(s) found in the KFF results. What city does FTK report as the city?
T ) KFF 결과에 있는 할당되지 않은 조각된 이미지의 경우. FTK는 어느 도시를 도시로 보고합니까?
A ~~Portland~~
B ~~London~~
C Vilna
D Salt Lake City

[ Question 25 ]
For the KFF Alert file containing a list of individuals, how many individuals have alternate names?
T ) 개인 목록이 포함된 KFF 알림 파일의 경우 대체 이름을 가진 개인 수는 얼마나 됩니까?
A 2
B 6
C 3
D 9

저작자표시 비영리