Computer Forensics

¡Supera tus tareas y exámenes ahora con Quizwiz!

37. In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.

.pst

22. On a Linux computer, ____ represents file systems exported to remote hosts.

/etc/exports

50. You have a search warrant to seize a desktop computer. Put the steps in the correct order.

1. Take a photograph of the entrance to the room where the warrant is to be executed. 2. As you walk into the room, take photographs of your progress towards the evidence. 3. Photograph the computer from all angles, especially the cabling connections. 4. Attach an evidence tag to the device and fill out the top and first line of info. 5. If the computer is powered up, use forensics tools to copy the volatile memory contents.

15. In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.

1024

32. Most packet analyzers operate on layer 2 or ____ of the OSI model.

3

45. One of the pillars of cybersecurity is the CIA Triad. The 'A' stands for _________.

Availability

6. In the ____, you justify acquiring newer and better resources to investigate digital forensics cases.

Business Case

46. A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.

Court order

4. A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.

Disaster Recovery

12. Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.

False

36. E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated.

False

42. Most basic phones use the same OSs as PCs.

False

30. Changing the extension on a file name does not change the file type in the _______.

File Header

43. The 3G standard was developed by the ____ under the United Nations.

International Telecommunications Union ITU

26. AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.

KFF

25. ____ compression compresses data by permanently discarding bits of information in the file.

Lossy

8. Autopsy uses ____ to validate an image.

MD5

44. Frequency-hopping is used by CDMA as both a security measure and to increase cell tower throughput. Frequency hopping was patented by _______.

None of the above is correct.

18. To complete a forensic disk analysis and examination, you need to create a ____.

Report

21. In macOS, w hen you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.

Resource

31. In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

SYN flood

29. ____ increases the time and resources needed to extract, analyze, and present evidence.

Scoop Creep

10. This device is called a ______ and is a non-conducting probe used to form, shape, guide, and separate fine computer wire terminals, telephone wires and cables.

Spudger

5. A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.

Steel

41. Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel.

Time Division Multiple Access

16. The type of file system an OS uses determines how data is stored on the disk.

True

17. After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.

True

19. Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories.

True

2. After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.

True

20. If a file contains information, it always occupies at least one allocation block.

True

23. Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.

True

24. If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.

True

28. Private-sector cases, such as employee abuse investigations, might not specify limitations in recovering data.

True

3. By the 1970s, electronic crimes were increasing, especially in the financial sector.

True

35. A challenge with using social media data in court is authenticating the author and the information.

True

38. Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.

True

40. Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence.

True

47. In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.

True

48. Specially trained system and network administrators are often a CSP's first responders.​

True

7. A separate manual validation is recommended for all raw acquisitions at the time of analysis.

True

9. Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

True

11. A judge can exclude evidence obtained from a poorly worded warrant.

Ture

33. ____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage.

Type 1

14. A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.

VM

49. Which of the following is NOT a service level for the cloud?

Virtualization as a service

1. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.

Warning Banner

13. Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.

Warrant

27. investigations are limited to finding data defined in the search ____.

Warrant

39. Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!

Zoho

34. ____ is a layered network defense strategy developed by the National Security Agency (NSA).

defense in depth


Conjuntos de estudio relacionados

Chapter 7 beliefs goals and needs

View Set

Unit Test Review - COMBUSTION: PART 1

View Set

Ap Environmental Science: Sustainability

View Set

Western Civilization I CLEP Exam (ANSWERS)

View Set

Graphing Functions and Equations

View Set

Agency, Employment, Employment Discrimination L201 Unit 4 (heavily tested on final exam)

View Set