Computer forensics final exam
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.
.PST
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside.
/etc/sendmail.cf
Typically, UNIX installations are set to store logs in the ____ directory.
/var/log
The abstract should be one or two paragraphs totaling about 150 to ____ words.
200
Most packet analyzers operate on layer 2 or ____ of the OSI model.
3
In an e-mail address, everything after the ____ symbol represents the domain name.
@
____ provide additional resource material not included in the body of the report.
Appendixes
Select the folder below that is most likely to contain Dropbox files for a specific user:
C:\Users\username\Dropbox
Developed during WWII, this technology,____, was patented by Qualcomm after the war.
CDMA
Before allowing an attorney to describe any case details, determine who the parties are to reduce the possibility of a ____.
CONFLICT
____ isn't usually punitive, but it can be embarrassing for you as a professional and potentially for the attorney who retained you.
DISQUALIFIFCATION
Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically.
EEPROM
During opening statements, both attorneys provide an overview of the case, with the plaintiff's attorney going last.
FALSE
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
FALSE
When intruders break into a network, they rarely leave a trail behind.
False
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive.
GUI
Reports and logs generated by forensic tools are typically in text format, word processing, spreadsheet, or ____ format.
HTML
____ questions can give you the factual structure to support and defend your opinion.
Hypothetical
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The "Internet headers" text box at the bottom of the dialog box contains the message header.
OPTIONS
Attorneys can now submit documents electronically in many courts; the standard format in U.S. federal courts is ____.
____ are devices or software placed on a network to monitor traffic.
Packet analyzer
____ from both the plaintiff's and defense's attorneys is an optional phase of the trial. Generally, it's allowed to cover an issue raised during cross-examination of a witness.
Rebuttal
Regarding a trial, the term ____ means rejecting potential jurors.
STRIKES
In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
SYN flood
When you give ____ testimony, you present this evidence and explain what it is and how it was obtained.
TECHNICAL/SCIENTIFIC
As a standard practice, collect evidence and record the tools you used in designated file folders or evidence containers.
TRUE
Besides presenting facts, reports can communicate expert opinion.
TRUE
Evidence artifacts vary depending on the social media channel and the device.
TRUE
In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.
TRUE
Network logs record traffic in and out of a network.
TRUE
No single source offers a definitive code of ethics for expert witnesses, so you must draw on standards from other organizations to form your own ethical standards.
TRUE
Type 2 hypervisors cannot be used on laptops.
TRUE
When writing a report, style means the tone of language you use to address the reader.
TRUE
When searching for specific record information, sometimes you see duplicate files with the same name that have different data runs, meaning the file was written to disk more than once on separate occasions.
True
Which of the following is NOT a service level for the cloud?
Virtualization as a service
If necessary, you can include ____ containing material such as raw data, figures not used in the body of the report, and anticipated exhibits.
appendixes
____ provide additional resource material not included in the body of the report.
appendixes
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.
circular logging
The report's ____ should restate the objectives, aims, and key questions and summarize your findings with clear, concise statements.
conclusion
A ____ differs from a trial testimony because there is no jury or judge.
deposition
You provide ____ testimony when you answer questions from the attorney who hired you.
direct
Remember that anything you write down as part of your examination for a report in a civil litigation case is subject to ____ from the opposing attorney.
discovery
You can use the ____ to help your attorney learn the terms and functions used in digital forensics.
examination plan
____ evidence is evidence that exonerates or diminishes the defendant's liability.
exculpatory
Forensics examiners have two roles: fact witness and ____ witness.
expert
A search warrant can be used in any kind of case, either civil or criminal.
false
A verbal report is more structured than a written report.
false
Investigating crimes or policy violations involving e-mail is different than investigating other types of computer abuse and crimes.
false
Most basic phones use the same OSs as PCs.
false
Network forensics is a fast, easy process.
false
Type 1 hypervisors are usually the ones you find loaded on a suspect machine.
false
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive.
gUI
The method for expressing an opinion is to have an attorney frame a ____ question based on available factual evidence.
hypothetical
Microsoft created SkyDrive as a cloud service that later became?
onedrive
For personal use, ____ have been replaced by iPods, iPads, and other mobile devices.
pda's
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The "Internet headers" text box at the bottom of the dialog box contains the message header.
properties
To get a ____, a government entity must show that there's probable cause to believe the contents of a wire communication, an electronic communication, or other records are relevant to an ongoing criminal investigation.
search warrant
Mobile devices can range from simple phones to ____.
smartphones
Regarding a trial, the term ____ means rejecting potential jurors.
strike
As a standard practice, collect evidence and record the tools you used in designated file folders or evidence containers.
true
Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence.
true
Evidence artifacts vary depending on the social media channel and the device.
true
Lawyers use services called deposition banks (libraries), which store examples of expert witnesses' previous testimony.
true
Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
true
Many people store more information on smartphones and tablets than on computers.
true
No single source offers a definitive code of ethics for expert witnesses, so you must draw on standards from other organizations to form your own ethical standards.
true
Part of what you have to deliver to the jury is a person they can trust to help them figure out something that's beyond their expertise.
true
People need ethics to help maintain their balance, especially in difficult and contentious situations.
true
Portability of information is what makes SIM cards so versatile.
true
Research on wearable computers has been conducted at MIT labs for more than a decade, and these computers are now moving into working reality.
true
Signposts assist readers in scanning the text quickly by highlighting the main points and logical development of information.
true
Virtual machines (VMs) help offset hardware costs for companies.
true
When searching for specific record information, sometimes you see duplicate files with the same name that have different data runs, meaning the file was written to disk more than once on separate occasions.
true
When writing a report, style means the tone of language you use to address the reader.
true
Whether you're serving as an expert witness or a fact witness, be professional and polite when presenting yourself to any attorney or the court.
true
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.
zombies
