Computer Forensics Final Review
A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.
.steel
A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.
.virtual machine
On a Linux computer, ____ represents file systems exported to remote hosts
/etc/exports
In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each
1024
Most packet analyzers operate on layer 2 or ____ of the OSI model.
3
One of the pillars of cybersecurity is the CIA Triad. The 'A' stands for _________.
Availability
____ is a layered network defense strategy developed by the National Security Agency (NSA).
Defense in Depth
Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.
False
E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated.
False
Most basic phones use the same OSs as PCs.
False
Changing the extension on a file name does not change the file type in the _______.
File Header
The 3G standard was developed by the ____ under the United Nations.
International Telecommunications Union
AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.
KFF
____ compression compresses data by permanently discarding bits of information in the file.
Lossy
Autopsy uses ____ to validate an image
MD5
Frequency-hopping is used by CDMA as both a security measure and to increase cell tower throughput. Frequency hopping was patented by _______.
None of the above
To complete a forensic disk analysis and examination, you need to create a ____.
Report
In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
SYN flood
.____ increases the time and resources needed to extract, analyze, and present evidence.
Scope creep
. This device is called a ______ and is a non-conducting probe used to form, shape, guide, and separate fine computer wire terminals, telephone wires and cables.
Spudger
Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel.
Time Division Multiple Access
A challenge with using social media data in court is authenticating the author and the information.
True
A judge can exclude evidence obtained from a poorly worded warrant
True
A separate manual validation is recommended for all raw acquisitions at the time of analysis
True
After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.
True
After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.
True
Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence.
True
Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories.
True
Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.
True
By the 1970s, electronic crimes were increasing, especially in the financial sector.
True
If a file contains information, it always occupies at least one allocation block.
True
If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.
True
In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.
True
Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
True
Private-sector cases, such as employee abuse investigations, might not specify limitations in recovering data.
True
Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.
True
Specially trained system and network administrators are often a CSP's first responders.
True
The type of file system an OS uses determines how data is stored on the disk.
True
____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage.
Type 1
Which of the following is NOT a service level for the cloud?
Virtualization as a service
. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
Warning Banner
Criminal investigations are limited to finding data defined in the search ____.
Warrant
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!
Zoho
In the ____, you justify acquiring newer and better resources to investigate digital forensics cases.
business case
A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
court order
A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.
disaster recovery
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.
pst
In macOS, w hen you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.
resource
Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.
warrant
