PrepAway - Latest Free Exam Questions & Answers

Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an e

Which of the following tools works by using standard set of MS-DOS commands and can create an
MD5 hash of an entire drive, partition, or selected files?

PrepAway - Latest Free Exam Questions & Answers

A.
Device Seizure

B.
Ontrack

C.
DriveSpy

D.
Forensic Sorter

Explanation:
DriveSpy is a modified MS-DOS shell, which is designed to use standard commands of MS-DOS for
forensic purposes. It uses a set of standard MS-DOS commands followed by commands specific to
process the computer during investigations. It can clean an entire drive or partition, unallocated
space, or slack space. DriveSpy can also create an MD5 hash of an entire drive, partition, or selected
files. It saves and restores compressed images of a partition for forensic use.
Answer options B, A, and D are incorrect. All these tools are not used for creating an MD5 hash of an
entire drive, partition, or selected files. Ontrack is a data recovery tool, which is used to recover lost
and deleted data. It provides file repair capability for files in Microsoft Word and Zip format. Ontrack
also recovers deleted files, folders, and entire partitions. It uses an emergency boot disks to collect
data from systems that cannot boot Windows operating system. The user can configure the filter of
the file for a full scan. Ontrack can also filter data according to the different file parameters, such as
date, time, name, size, etc.
Device Seizure is a software, which is used in forensic analysis and recovery of mobile phone and
PDA data. It is used for data recovery, full data dumps of certain cell phone models, logical and
physical acquisitions of PDAs, data cable access, and advanced reporting. Device Seizure also
provides feature of GSM SIM card acquisition and deleted data recovery using SIMCon technology.
Forensic Sorter is software, which is used to organize the contents of a hard drive. It sorts files of
hard drive into different categories, such as video, audio, spreadsheets etc. Forensic Sorter also

recovers deleted files, or file fragments in slack. It supports drive image in RAW, PFR, safeback, and
Encase image file formats. Forensic Sorter sorts file on the basis of their header for more accuracy.
CHFI Course Manual, Contents: “Forensic software”


Leave a Reply