ISCS377: Chapter 13
Sync_log.log
The Google drive file __________ contains a detailed list of a user's cloud transactions.
True
The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).
Cloud Security Alliance
The __________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Read_config.py
The __________ script converts Dropbox's config.db into a readable text file.
False
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
True
The platform as a service cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure.
Search Warrant
To get a __________, a government entity must show that there's probable cause to believe the contents of a wire communication, an electronic communication, or other records are relevant to an ongoing criminal investigation.
Virtualization as a service
Which of the following is NOT a service level for the cloud?
A+ Security
Which of the following is not a valid source for cloud forensics training?
Seizure Order
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?
Court Orders
__________ are written by judges to compel someone to do or not do something, such as a CSP producing user logon activities.
Government Agency Subpoenas
__________ is used to get information when it is believed there is a danger of death or serious physical injury or the National Center for Missing and Exploited Children.
True
Specially trained system and network administrators are often a CSP's first responders.
Service Level Agreement
A __________ is a contract between a CSP and a customer that describes what services are being provided and at what level.
False
A search warrant can be used in any kind of case, either civil or criminal.
True
Anti-Forensics is used in cloud and other network environments.
True
Digital forensics examiners could be held liable when conducting an investigation involving cloud data.
MAC
Metadata in a prefetch file contains an application's __________ times in UTC format and a counter of how many times the application has run since the prefect file was created.
False
Remote acquisitions are often easier b/c you're usually dealing w/ large volumes of data.
Snapshot
W/ cloud systems running in a virtual environment, __________ can give you valuable information before, during, and after an incident.
