Chapter 13 - Computer Forensics
Metadata in a prefetch file contains an application's _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created.
MAC
What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds.
XenServer and XenCenter Windows Management Conosole
A ___________________ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
court order
What information below is not something recorded in Google Drive's snapshot.db file?
file SHA values and sizes
The _________________ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system.
filecache.dbx
A __________________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.
management plane
To reduce the time it takes to start applications, Microsoft has created ____________ files, which contain the DLL pathnames and metadata used by applications.
prefetch
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?
seizure order
With cloud systems running in a virtual environment, _____________ can give you valuable information before, during, and after an incident
snapshot
The Google drive file ______________________ contains a detailed list of a user's cloud transactions.
sync_log.log
Which is not a valid method of deployment for a cloud?
targeted
The ____________________ is an organization that has developed resource documentations for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Cloud Security Alliance
At what offset is a prefetch file's create date & time located?
0x80
In a prefetch, the application's last access date and time are at offset ____________________.
0x90
Which of the following is not a valid source for cloud forensics training?
A+ Security
Where is the snapshot database created by Google Drive located in Windows?
C:\Users\username\AppData\Local\Google\Drive
Select the folder below that is most likely to contain Dropbox files for a specified user.
C:\Users\username\Dropbox
The ____________ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack
FROST
What cloud application offers a variety of cloud services, including automation and CRM, cloud applications development, and Web site marketing?
Saleforce
Which of the following is NOT a service level for the cloud?
Virtualization as a service
