What can an investigator examine to verify that a file has the correct extension?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Computer Hacking Forensic Investigator v11 exam. Study with flashcards and multiple choice questions. Each question includes hints and explanations. Get exam-ready efficiently!

Multiple Choice

What can an investigator examine to verify that a file has the correct extension?

Explanation:
File headers contain the signature that identifies the true format of a file, independent of its name. This header, often called a magic number, tells you the actual type of content (for example, a PNG starts with a specific byte sequence, a PDF begins with “%PDF-”, etc.). Because extensions are just labels and can be incorrect or misleading, examining the header lets you verify whether the file’s content matches its claimed extension. The other options don’t reliably indicate the file’s type: the File Allocation Table shows where the file’s data blocks are on disk, not what the data actually is; the sector map is a low-level disk layout detail; and a file footer may exist for some formats but isn’t a universal source of truth for file type.

File headers contain the signature that identifies the true format of a file, independent of its name. This header, often called a magic number, tells you the actual type of content (for example, a PNG starts with a specific byte sequence, a PDF begins with “%PDF-”, etc.). Because extensions are just labels and can be incorrect or misleading, examining the header lets you verify whether the file’s content matches its claimed extension.

The other options don’t reliably indicate the file’s type: the File Allocation Table shows where the file’s data blocks are on disk, not what the data actually is; the sector map is a low-level disk layout detail; and a file footer may exist for some formats but isn’t a universal source of truth for file type.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy