Ch9 - 15

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

CH 14 Review If you were a lay witness at a previous trail. You shouldn't list that case in your written report. True/False

True

CH 11 Quiz One of the most noteworthy e-mail scams was 419, otherwise known as the ??? a. Nigerian Scam b. Lake Venture Scam c. Conficker virus d. Iloveyou Scam

a. Nigerian Scam

CH 10 Quiz At what layers of the OSI model do most packet analyzers function a. layer 1 or 2 b. layer 2 or 3 c. layer 3 or 4 d. layer 4 or 5

b. layer 2 or 3

CH 13 Review Which of the following cloud deployment methods typically offers no security? a. Hybrid Cloud b. Public Cloud c. Community cloud d. Private Cloud

b. Public Cloud

CH 10 Quiz Forensics tools can't directly mount VMs as external drives T/F

False

CH 10 Quiz The Sysinternals Handle utility shows only file system activity, but does not show what processes are using files on the file system T/F

False

CH 10 Quiz Type 2 hypervisors are typically loaded on servers or workstations with a lot of RAM and storage T/F

False

CH 11 Quiz An Internet e-mail is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company T/F

False

CH 11 Quiz Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail T/F

False

CH 11 Quiz In an e-mail address, everything before the @ symbol represents the domain name T/F

False

CH 11 Review To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True/False

False

CH 15 Review Voir dire is the process of qualifying a witness as an expert. True or False?

True

CH 9 QUIZ Advanced hexadecimal editors offer many features not available in digital forensics tools, such as hashing specific files or sectors. ​ t/f

True

CH 9 QUIZ One of the most critical aspects of digital forensics is validating digital evidence because ensuring the integrity of data you collect is essential for presenting evidence in court.​ t/f

True

CH 9 QUIZ The advantage of recording hash values is that you can determine whether data has changed.​ t/f

True

CH 9 Review The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the password length. True/False

True

CH 12 Quiz What digital network technology was developed during World War II? a. TDMA b. CDMA c. GSM d. iDEN

b. CDMA

CH 10 Quiz What utility is best suited to examine e-mail headers or chat logs, or network communication between worms and viruses a. tcpdump b. Argus c. Ngrep d. Tcpslice

c. Ngrep

CH 14 Review Which of the following is the standard format for filed reports in electronically in federal courts? a. Word b. Excel c. PDF d. HTML e. Any of the above

c. PDF

CH 12 Quiz Where is the OS stored on a smartphone? a. RAM b. Microprocessor c. ROM d. Read/write flash

c. ROM

CH 12 Review When acquiring a mobile device at an investigation scene, you should leave it connected to a PC so that you can observe synchronization as it takes place. True/False

False

CH 13 Quiz A search warrant can be used in any kind of case, either civil or criminal T/F

False

CH 13 Quiz The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect. T/F

False

CH 13 Review Any text editor can be used to read Dropbox files. True/False

False

CH 13 Review Commingled data isn't a concern when acquiring cloud data. True/False

False

CH 9 QUIZ Because attorneys do not have the right of full discovery of digital evidence, it is not possible for new evidence to come to light while complying with a defense request for full discovery.​ t/f

False

CH 9 QUIZ In private sector cases, like criminal and civil cases, the scope is always defined by a search warrant.​ t/f

False

CH 9 Review After you shift a file's bits, the hash value remains the same. True/False

False

CH 9 Review Password recovery is included in all forensics tools. True/False

False

CH 13 Review The multitenancy nature of cloud environments means conflicts in private laws can occur. True/False

True

CH 13 Review To see Google Drive synchronization files, you need a SQL viewer. True/False

True

CH 10 Quiz The capability of type 1 hypervisors is limited only by the amount of available RAM, storage, and throughput T/F

True

CH 10 Quiz The honeynet Project was developed to make information widely available in an attempt to thwart internet and network attackers T/F

True

CH 10 Review A forensic image of a VM includes all snapshots. True/False

True

CH 10 Review Tcpslice can be used to retrieve specific timeframes of packet captures. True/False?

True

CH 11 Quiz The DomainKey identified Mail service is a way to verity the names of domains a message is flowing through and was developed as a way to cut down on spam T/F

True

CH 11 Quiz The Pagefile.sys file on a computer can contain message fragments from instant messaging applications T/F

True

CH 11 Review All email headers contain the same types of information. True/False

True

CH 11 Review Internet e-mail accessed with a Web brower leaves files in temporary folders. True/False

True

CH 11 Review You can view e-mail headers in Notepad with all popular e-mail clients. True/False

True

CH 12 Review SIM card readers can alter evidence by showing that a message has been read when you view it? True/False

True

CH 12 Review Typically, you need a search warrant to retrieve information from a service provider. True/False

True

CH 12 Review When investigating social media content, evidence artifacts can vary, depending on the social media channel and the device. True/False

True

CH 13 Quiz In the United State, the Electronic Communications Privacy Act (ECPA) describes 5 mechanisms the government can use to get electronic information from a provider T/F

True

CH 13 Quiz Specially trained system and network administrators are often a CSP's first responders T/F

True

CH 13 Quiz The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET) T/F

True

CH 13 Review Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True/False

True

CH 11 Review In Microsoft Outlook, what are the email storage files typically found on a client computer? a. .pst and .ost b. res1.log and res2.log c. PU020102.db d. .evolution

a. .pst and .ost

CH 10 Review Which of the following file extensions are associated with VMware virtual machine? a. .vmx, .log, and .nvram b. .vdi, .ova, and .r0 c. .vmx, .r0, and .xml-prev d. .vbox, .vdi, and .log

a. .vmx, .log, and .nvram

CH 10 Quiz The SANS Investigative Forensics Toolkit (SIFT) appliance can currently only be installed on what version of Ubuntu a. 12.04 b. 13.11 c. 14.04 d. 14.11

a. 12.04

CH 15 Quiz When cases go to trial, you as a forensics examiner can play one of ____ roles. a. 2 b. 3 c. 4 d. 5

a. 2

CH 15 Review Your curriculum vitae is which of the following? (Choose all that apply) a. A necessary tool to be an expert witness b. A generally required document to be made available before your testimony c. A detailed record of your experience, education, and training d. Focused on your skills as they apply to the current case

a. A necessary tool to be an expert witness b. A generally required document to be made available before your testimony c. A detailed record of your experience, education, and training

CH 12 Review The term TDMA refers to which of the following? (Choose all that apply) a. A technique of dividing a radio frequent so that multiple users share the same channel b. A proprietary protocol developed by Motorola c. A specific cellular network standard d. A technique of spreading the signal across many channels

a. A technique of dividing a radio frequent so that multiple users share the same channel c. A specific cellular network standard.

CH 11 Review What information is _NOT_ in an e-mail header? (Choose all that apply) a. Blind copy (Bcc) addresses b. Internet addresses c. Domain name d. Contents of the message e. Type of e-mail server used to send the email

a. Blind copy (Bcc) addresses d. Contents of the message

CH 12 Quiz Within NIST guidelines for mobile forensics methods, the ______________ method requires physically removing flash memory chips and gathering information at the binary level.​ a. Chip-off b. Logical extraction c. Micro read d. Manual extraction

a. Chip-off

CH 15 Review Before testifying, you should do which of the following? (Choose all that apply) a. Create an examination plan with your attorney. b. Make sure you've been paid for your services and the estimated fee for the deposition or trial. c. Get a haircut d. Type all the draft notes you took during your investigation

a. Create an examination plan with your attorney. b. Make sure you've been paid for your services and the estimated fee for the deposition or trial.

CH 11 Review When searching a victim's computer for a crime committed with a specific email, what provides information for determining the emails originator? (Choose all that apply) a. E-mail header b. Username and password c. Firewall log d. All of the above

a. E-mail header c. Firewall log

CH 9 Review Which forensic image file format creates or incorporates a validation hash value in the image file? (Choose all that apply) a. Expert Witness b. SMART c. AFF d. dd

a. Expert Witness b. SMART c. AFF

CH 14 Review Which of the following rules or laws requires an expert to prepare and submit a report? a. FRCP 26 b. FRE 801 c. Neither d. Both

a. FRCP 26

CH 14 Quiz ​An expert's opinion is governed by ________________ and the corresponding rule in many states. a. FRE, Rule 705 b. FRE, Rule 507 c. FRCP 26 d. FRCP 62

a. FRE, Rule 705

CH 9 Review The Known File Filter (KFF) can be used for which of the following purposes? (Choose all that apply) a. Filter known program file from view b. Calculate hash values of image files c. Compare hash values of known files with evidence files d. Filter out evidence that doesn't relate to our investigation

a. Filter known program file from view d. Filter out evidence that doesn't relate to our investigation

CH 10 Quiz What Windows Registry key contains associations for file extensions a. HKEY_CLASSES_ROOT b. HKEY_USERS c. HKEY_LOCAL_MACHINE d. HKEY_CURRENT_CONFIG

a. HKEY_CLASSES_ROOT

CH 15 Review What should you do if you realize you have made a mistake or misstatement during a deposition? (Choose all that apply) a. If the deposition is still in session, refer back to the error and correct it. b. Decide weather the error is minor, and if so, ignor it c. If the deposition if over, make the correction on the corrections page of the copy provided for your signature d. Call the opposing attorney and inform him of your mistake or misstatement e. Request an opportunity to make the correction at trial.

a. If the deposition is still in session, refer back to the error and correct it. c. If the deposition if over, make the correction on the corrections page of the copy provided for your signature

CH 10 Quiz The ___ tool is an updated version of BackTrack, and contains more than 300 tools, such as password crackers, network sniffers, and freeware forensics tools a. Kali Linux b. Ubuntu c. OSForensics d. Sleuth Kit

a. Kali Linux

CH 15 Review During your cross-examination, you should do which of the following? (Choose all that apply) a. Maintain eye contact with the jury b. Pay close attention to what your attorney is objecting to. c. Help the attorneys, judge, and jury in understanding the case, even if you have to go a bit beyond the scope of your expertise d. Pay close attention to opposing counsel's questions. e. Answer opposing counsel's questions as briefly as is practical

a. Maintain eye contact with the jury b. Pay close attention to what your attorney is objecting to. d. Pay close attention to opposing counsel's questions. e. Answer opposing counsel's questions as briefly as is practical

CH 15 Review When using graphics while testing, which of the following guidelines applies? (Choose all that apply) a. Make sure the jury can see your graphics b. Practice using charts for courtroom testimony c. Your exhibits must be clear and easy to understand d. Make sure you have plenty of extra graphics, in case you have to explain more complex supporting issues.

a. Make sure the jury can see your graphics b. Practice using charts for courtroom testimony c. Your exhibits must be clear and easy to understand

CH 12 Quiz ​What type of mobile forensics method listed by NIST guidelines involves looking at a device's content page by page and taking pictures? a. Manual extraction b. Chip-off c. Micro read d. Logical extraction

a. Manual extraction

CH 9 Review Rainbow tables serve what purpose for digital forensics examinations? a. Rainbow tables contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords. b. Rainbow tables are a supplement to the NIST NSRL library of hash tables. c. Rainbow tables are designed to enhance the search capability of many digital forensics examination tools. d. Rainbow tables provide a scoring system for probable search terms.

a. Rainbow tables contain computed hashes of possible passwords that some password- recovery programs can use to crack passwords.

CH 12 Review Remote wiping of a mobile device can result in which of the following? (Choose all that apply) a. Removing account information b. Enabling GPS beacon to track the thief c. Returning the phone to the original factory settings d. Deleting contacts

a. Removing account information c. Returning the phone to the original factory settings d. Deleting contacts

CH 15 Review Which of the following describes fact testimony? a. Scientific or technical testimony describing information recovered during an examination b. Testimony by law enforcement officers c. Testimony based on observations by lay witnesses d. None of the above

a. Scientific or technical testimony describing information recovered during an examination

CH 14 Quiz __________________ means the tone of language you use to address the reader.​ a. Style b. Format c. Outline d. Prose

a. Style

CH 13 Review Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? (Choose all that apply) a. Subpoenas with prior notice b. Temporary restraining orders c. Search warrants d. Court orders

a. Subpoenas with prior notice c. Search warrants d. Court orders

CH 15 Review Which of the following describes expert witness testimony? (Choose all that apply.) a. Testimony designed to assist the jury in determining matters beyond the ordinary person's scope of knowledge b. Testimony that defines issues of the case for determination by the jury c. Testimony resulting in the expression of an opinion by a witness with scientific, technical, or other professional knowledge or experience. d. Testimony designed to raise doubt about facts or witnesses' credibility

a. Testimony designed to assist the jury in determining matters beyond the ordinary person's scope of knowledge c. Testimony resulting in the expression of an opinion by a witness with scientific, technical, or other professional knowledge or experience.

CH 14 Review For what purpose have hypothetical questions traditionally been used in litigation? a. To frame the factual context of rendering an expert witness's opinion. b. To define the case issues for the finder of fact to determine c. To stimulate discussion between consulting expert and expert witnesses d. To deter a witness from expanding the scope of his or her investigation beyond the case requirements. e. All of the above

a. To frame the factual context of rendering an expert witness's opinion.

CH 12 Quiz The use of smart phones for illicit activities is becoming more prevalent.​ a. true b. false

a. True

CH 12 Quiz The ________________ technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and supports transmission speeds of 12 Mbps​ a. WiMAX b. CDMA c. UMB d. MIMO

a. WiMAX

CH 15 Quiz Discuss any potential problems with your attorney ____ a deposition. a. before b. after c. during d. during direct examination at

a. before

CH 13 Quiz A ??? is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities a. court order b. temporary restraining order c. warrant d. subpoena

a. court order

CH 15 Quiz You provide ____ testimony when you answer questions from the attorney who hired you. a. direct b. cross c. examination d. rebuttal

a. direct

CH 15 Quiz Validate your tools and verify your evidence with ____ to ensure its integrity. a. hashing algorithms b. watermarks c. steganography d. digital certificates

a. hashing algorithms

CH 12 Quiz What method below is NOT an effective method for isolating a mobile device from receiving signals? a. placing the device into a plastic evidence bag b. placing the device into a paint can, preferable one previously containing radio-wave blocking paint c. placing the device into airplane mode d. turning the device off

a. placing the device into a plastic evidence bag

CH 15 Quiz ____ from both plaintiff and defense is an optional phase of the trial. Generally, it's allowed to cover an issue raised during cross-examination. a. rebuttal b. plaintiff c. closing arguments d. opening statements

a. rebuttal

CH 9 QUIZ What technique is designed to reduce or eliminate the possibility of a rainbow table being used to discover passwords?​ a. salted passwords b. ​scrambled passwords c. ​indexed passwords d. master passwords

a. salted passwords

CH 11 Review Sendmail uses which file for instructions on processing an e-mail message? a. sendmail.cf b. syslogd.conf c. mese.ese d. mapi.log

a. sendmail.cf

CH 15 Quiz When you give ____ testimony, you present this evidence and explain what it is and how it was obtained. a. technical/scientific b. expert c. lay witness d. deposition

a. technical/scientific

CH 11 Quiz What information is not typically included in an e-mail header a. the sender's physical location b. the originating IP address c. the unique ID of the e-mail d. the originating domain

a. the sender's physical location

CH 12 Quiz Search and seizure procedures for mobile devices are as important as procedures for computers.​ a. true b. false

a. true

CH 12 Quiz While travelling internationally with a GSM phone, you can pop in a SIM card for the country you're currently in, rather than get a new phone. a. true b. false

a. true

CH 14 Quiz A report can provide justification for collecting more evidence and be used at a probable cause hearing.​ a. true b. false

a. true

CH 14 Quiz Specially trained system and network administrators are often a CSP's first responders.​ a. true b. false

a. true

CH 14 Quiz Technical terms, if included in a report, should be defined in ordinary language such that lawyers, judges, and jurors can understand them.​ a. true b. false

a. true

CH 15 Quiz As a standard practice, collect evidence and record the tools you used in designated file folders or evidence containers. a. true b. false

a. true

CH 15 Quiz As an expert witness, you have opinions about what you have found or observed. a. true b. false

a. true

CH 15 Quiz Part of what you have to deliver to the jury is a person they can trust to help them figure out something that's beyond their expertise. a. true b. false

a. true

CH 14 Quiz ​When using the PassMark software to find forensic information in e-mails, messages that appear to be suspicious should be flagged __________. a. yellow b. green c. red d. orange

a. yellow

CH 11 Quiz What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data a. .txt b. .tmp c. .exe d. .log

b. .tmp

CH 9 QUIZ What format below is used for VMware images? a. .vhd b. .vmdk c. .s01 d. .aff

b. .vmdk

CH 10 Quiz What file type below, associated with VMWare, stores VM paging files that are used as RAM for a virtual machine a. .nvram b. .vmen c. .vmpage d. .vmx

b. .vmen

CH 13 Quiz At what offset is a prefetch file's create date & time located a. 0x88 b. 0x80 c. 0x98 d. 0x90

b. 0x80

CH 9 QUIZ ​Within Windows Vista and later, partition gaps are _____________ bytes in length. a. ​64 b. ​128 c. ​256 d. ​512

b. 128

CH 15 Quiz If your CV (curriculum vitae) is more than ____ months old, you probably need to update it to reflect new cases and additional training. a. 2 b. 3 c. 4 d. 5

b. 3

CH 9 Review The National Software Reference Library provides what type of resources for digital forensics examiners? a. A list of digital forensics tools that make examinations easier b. A list of MD5 and SHA1 hash values for all known OSs and applications c. Reference books and materials for digital forensics d. A repository for software vendors to register their developed applications

b. A list of MD5 and SHA1 hash values for all known OSs and applications

CH 13 Quiz Which of the following is not a valid source for cloud forensics training a. Sans Cloud Forensics with F-Response b. A+ Security c. INFOSEC Intitute d. (ISC)2 Certified Cyber Forensics Professional

b. A+ Security

CH 11 Quiz What service below can be used to map an IP address to a domain name, and then find the domain name's point of contact a. iNet b. ARIN c. Google d. ERIN

b. ARIN

CH 14 Review Which of the following is an example of a written report? a. A search warrant b. An affidavit c. Voir Dire d. Any of the above

b. An affidavit

CH 10 Review When do zero day attacks occur? (Choose all that apply) a. On the day the application or OS is released b. Before a patch is available c. Before the vendor is aware of the vulnerability d. On the day the patch is created

b. Before a patch is available c. Before the vendor is aware of the vulnerability

CH 15 Review When working for a prosecutor, what should you do if the evidence you found appears to be exculpatory and isn't being released to the defense? a. Keep the information on file for later review b. Bring the information to the attention of the prosecutor, then his or her supervisor and finally to the judge (the court) c. Destroy the evidence d. Five the evidence to the defense attorney

b. Bring the information to the attention of the prosecutor, then his or her supervisor and finally to the judge (the court)

CH 15 Quiz For forensics specialists, keeping the ____ updated and complete is crucial to supporting your role as an expert and showing that you're constantly enhancing your skills through training, teaching, and experience. a. testimony b. CV (curriculum vitae) c. examination plan d. deposition

b. CV (curriculum vitae)

CH 12 Review Which of the following categories of information is stored on a SIM card? (Choose all that apply.) a. Volatile Memory b. Call data c. Service-related data d. None of the above

b. Call data c. Service-related data

CH 11 Quiz Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups a. Fookes Aid4mail b. DataNumen Outlook Repair c. EnCase Forensics d. AccessData FTK

b. DataNumen Outlook Repair

CH 11 Quiz Which service below does not put log information into /var/log/maillog a. SMTP b. Exchange c. IMAP d. POP

b. Exchange

CH 14 Review Automated tools help you collect and report evidence, but you're responsible for doing which of the following? a. Explaining your formatting choices b. Explaining the significance of the evidence c. Explaining in detail how the software works d. All of the above

b. Explaining the significance of the evidence

CH 13 Quiz The ??? tool can be used by bypass a virtual machine's hypervisor, and can be used with OpenStack a. Openforensics b. FROST c. WinHex d. ARC

b. FROST

CH 9 Review Which of the following represents known files you can eliminate from an investigation? (Choose all that apply) a. Any graphics files b. Files associated with an application c. System files the OS uses d. Any files pertaining to the company

b. Files associated with an application c. System files the OS uses

CH 10 Review Which Registry key contains associations for file extensions? a. HFILE_CLASSES_ROOT b. HKEY_CLASSES_ROOT c. HFILE_EXTENSIONS d. HKEY_CLASSES_FILE

b. HKEY_CLASSES_ROOT

CH 9 Review Steganography is used for which of the following purposes? a. Validating data b. Hiding data c. Accessing remote computers d. Creating strong passwords

b. Hiding Data

CH 12 Quiz ​What organization is responsible for the creation of the requirements for carriers to be considered 4G? a. IEEE b. ITU-R c. ISO d. TIA

b. ITU-R

CH 12 Quiz ​The ___________________ technology is designed for GSM and Universal Mobile Telecommunications Systems (UMTS) technology, supports 45 Mbps to 144 Mbps transmission speeds. a. WiMAX b. LTE c. MIMO d. UMB

b. LTE

CH 10 Quiz The ___ is the version of Pcap available for Linux based operating systems a. Wincap b. Libcap c. Tcpcap d. Netcap

b. Libcap

CH 11 Review Phishing does which of the following? a. Uses DNS poisoning b. Lures users with false promises c. Takes people to fake websites d. Uses DHCP

b. Lures users with false promises

CH 11 Review Which of the following is a current formatting standard for e-mail? a. SMTP b. MIME c. Outlook d. HTML

b. MIME

CH 12 Review Which of the following relies on a central database that tracks across data, location data and subscriber information? a. BTS b. MSC c. BSC d. None of the above

b. MSC

CH 11 Review What's the main piece of information you look for in an email message you're investigating? a. Sender or receivers e-mail address b. Originating e-mail domain or IP address c. Subject line content d. Message number

b. Originating e-mail domain or IP address

CH 10 Quiz The tcpdump and Wireshark utilities both use what well known packet capture format a. Netcap b. Pcap c. Packetd d. RAW

b. Pcap

CH 15 Review The most reliable way to ensure that jurors recall testimony is to do which of the following? a. Present evidence using oral testimony supported by hand gestures and facial expressions b. Present evidence combining oral testimony and graphics that support the testimony c. Wear bright colored clothing to attract juror's attention d. Emphasize your points with humorous anecdotes e. Memorize your testimony carefully

b. Present evidence combining oral testimony and graphics that support the testimony

CH 10 Review In VirtualBox, a(n) ______ file contains settings for virtual hard drives. a. .vox-prev b. .ovf c. .vbox d. .log

c. vbox

CH 11 Review When confronted with an e-mail server that no longer contains a log with the date information you need for your investigation, and the client has deleted the e-mail, what should you do? a. Search available log files for any forwarded messages b. Restore the e-mail server from a backup c. Check the current database files for an existing copy of the email d. Do nothing because after the file has been deleted, it can no longer be recovered.

b. Restore the e-mail server from a backup

CH 14 Quiz The report generator in ProDiscover defaults to ______________________, which can be opened by most word processors.​ a. HyperText Markup Language (HTML) b. Rich Text Format (RTF) c. Extensible Markup Language (XML) d. Microsoft Word document format

b. Rich Text Format (RTF)

CH 12 Quiz GSM refers to mobile phones as "mobile stations" and divides a station into two parts, the __________ and the mobile equipment (ME).​ a. antenna b. SIM card c. radio d. transceiver

b. SIM card

CH 10 Quiz In a ___ attack, the attacker keeps asking your server to establish a connection, with the intent of overloading a server with established connections a. smurf b. SYN flood c. spoof d. ghost

b. SYN flood

CH 9 Review If an application uses salting when creating passwords, what concerns should a forensics examiner have when attempting to recover passwords? a. There are no concerns because salting doesn't affect password-recovery tools. b. Salting can make password recovery extremely difficult and time consuming. c. Salting applies only to OS startup passwords, so there are no serious concerns for examiners. d. The effect on the computer's CMOS clock could alter files' date and time values.

b. Salting can make password recovery extremely difficult and time consuming.

CH 10 Review You can expect to find a type 2 hypervisor on what type of device? (Choose all that apply) a. Desktop b. Smartphone c. Tablet d. Network Server

b. Smartphone c. Tablet

CH 10 Quiz The ___ is a good tool for extracting information from large Libpcap files; you simply specify the time frame you want to examine a. Tcpdstat b. Tcpslice c. Ngrep d. tcpdump

b. Tcpslice

CH 15 Review What expressions are acceptable to use in testimony to respond to a question for which you have no answer? (Choose all that apply) a. No Comment b. That's beyond the scope of my expertise c. I don't want to answer that questino d. I was not requested to investigate that e. That is beyond the scope of my investigation

b. That's beyond the scope of my expertise d. I was not requested to investigate that e. That is beyond the scope of my investigation

CH 15 Review In answering a question about the size of a hard drive, which of the following responses is appropriate? (Choose all that apply.) a. It's a very large hard drive b. The technical data sheet indicates it's a 3 terabyte hard drive. c. It's a 3 terabyte hard drive configured with 2.78 terabytes of accessible storage. d. I was unable to determine the drive size because it was so badly damaged

b. The technical data sheet indicates it's a 3 terabyte hard drive. c. It's a 3 terabyte hard drive configured with 2.78 terabytes of accessible storage. d. I was unable to determine the drive size because it was so badly damaged

CH 9 Review You're using Disk Manager to view primary and extended partitions on a subjects drive. The program reports the extended partitions total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information? a. The disk is corrupted. b. There's a hidden partition. c. Nothing; this is what you'd expect to see. d. The drive is formatted incorrectly

b. There's a hidden partition

CH 10 Review Virtual Machine Extension (VMX) are part of which of the following? a. Type 1 hypervisors b. Type 2 hypervisors c. Intel Virtualized Technology d. AMD Virtualized Technology

b. Type 2 hypervisor

CH 10 Review Which of the following is a clue that a virtual machine has been installed on a host system? a. Network Logs b. Virtual network adapter c. Virtualization Software d. USB Drive

b. Virtual network adapter

CH 11 Quiz In what state is sending unsolicited email illegal a. Florida b. Washington c. Maine d. New York

b. Washington

CH 15 Review At trial as a fact or expert witness, what must you always remember about your testimony? a. You're responsible for the outcome of the case b. Your duty is to report your technical or scientific findings or render an honest opinion c. Avoid mentioning how much you were paid for your services d. All of the above

b. Your duty is to report your technical or scientific findings or render an honest opinion

CH 14 Quiz If a report is long and complex, you should include a(n) _____________.​ a. appendix b. abstract c. glossary d. table of contents

b. abstract

CH 11 Quiz E-mail administrators may make use of ???, which overwrites a log file when it reaches a specified size or at the end of a specified time frame a. log recycling b. circular logging c. log purging d. log cycling

b. circular logging

CH 14 Quiz The ________________ section of a report starts by referring to the report's purpose, states the main points, draws conclusions, and possibly renders an opinion.​ a. body b. conclusion c. appendix d. reference

b. conclusion

CH 15 Quiz The ____ is the most important part of testimony at a trial. a. cross-examination b. direct examination c. rebuttal d. motions in limine

b. direct examination

CH 15 Quiz There are two types of depositions: ____ and testimony preservation. a. examination b. discovery c. direct d. rebuttal

b. discovery

CH 14 Quiz An ___________________ is a document that serves as a guideline for knowing what questions to expect when you're testifying. a. testimony procedure b. examination plan c. planned questionnaire d. testimony excerpt

b. examination plan

CH 12 Quiz Because mobile phones are seized at the time of arrest, a search warrant is not necessary to examine the device for information.​ a. true b. false

b. false

CH 12 Quiz Most Code Division Multiple Access networks conform to IS-95. The systems are referred to as CDMAOne, and when they went to 3G service, they became CDMAThree a. true b. false

b. false

CH 14 Quiz An expert's opinion is governed by FRCP, Rule 26, and the corresponding rule in many states. a. true b. false

b. false

CH 14 Quiz Expert witnesses are not required to submit a written report for civil cases.​ a. true b. false

b. false

CH 15 Quiz Like a job resume, your CV (curriculum viate) should be geared for a specific trial. a. true b. false

b. false

CH 15 Quiz You should create a formal checklist of your procedures that's applied to all your cases or include such a checklist in your report. a. true b. false

b. false

CH 13 Quiz A ??? is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface a. configuration manager b. management plane c. backdoor d. programming language

b. management plane

CH 15 Quiz Generally, the best approach your attorney can take in direct examination is to ask you ____ questions and let you give your testimony. a. setup b. open-ended c. compound d. repid-fire

b. open-ended

CH 11 Quiz The ??? utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook a. fixmail.exe b. scanpst.exe c. repairpst.exe d. rebuildpst.exe

b. scanpst.exe

CH 14 Quiz If a preliminary report is written, destroying the preliminary report after the final report is complete could be considered ______________.​ a. proper data security b. spoliation c. beneficial d. necessary

b. spoliation

CH 13 Quiz The Google drive file ??? contains a detailed list of a user's cloud transactions a. loggedtransactions.log b. sync_log.log c. transact_user.db d. history.db

b. sync_log.log

CH 14 Quiz How you format _____________ is less important than being consistent in applying formatting.​ a. words b. text c. paragraphs d. sections

b. text

CH 14 Quiz Lawyers may request _________________ of previous testimony by their own potential experts to ensure that the experts haven't previously testified to a contrary position.​ a. warrants b. transcripts c. subpoenas d. evidence

b. transcripts

CH 9 QUIZ What letter should be typed into DiskEdit in order to mark a good sector as bad?​ a. ​M b. ​B c. ​T d. ​D

b. ​B

CH 9 QUIZ ​In which file system can you hide data by placing sensitive or incriminating data in free or slack space on disk partition clusters? a. ​NTFS b. ​FAT c. ​HFSX d. ​Ext3fs

b. ​FAT

CH 9 QUIZ Typically, anti-virus tools run hashes on potential malware files, but some advanced malware uses ________________ as a way to hide its malicious code from antivirus tools.​ a. ​hashing b. ​bit-shifting c. ​registry edits d. ​slack space

b. ​bit-shifting

CH 9 QUIZ Many commercial encryption programs use a technology called _____________, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.​ a. ​key vault b. ​key escrow c. ​bump key d. ​master key

b. ​key escrow

CH 9 QUIZ ​In order to aid a forensics investigation, a hardware or software ______________ can be utilized to capture keystrokes remotely. a. ​keygrabber b. ​keylogger c. ​packet capture d. ​protocol analyzer

b. ​keylogger

CH 9 QUIZ The goal of recovering as much information as possible can result in ________________, in which an investigation expands beyond the original description because of unexpected evidence found.​ a. ​litigation b. ​scope creep c. ​criminal charges d. ​violations

b. ​scope creep

CH 13 Quiz Where is the snapshot database created by Google Drive located in Windows a. C:/Program Files/Google/Drive b.C:/Users/username/AppData/Local//Google/Drive c. C:/Users/username/Google/Google drive d. C:/Google/drive

b.C:/Users/username/AppData/Local//Google/Drive

CH 11 Quiz In older versions of exchange, what type of file was responsible for massages formatted with Messaging Application Programming Interface, and served as the database file a. .ost b. edp c. .edb d. .edi

c. .edb

CH 11 Review Which of the following types of files can provide useful information when you're examining an e-mail server? a. .dbf files b. .emx files c. .log files d. .slf files

c. .log files

CH 11 Quiz Where does the Postfix UNIX mail server store e-mail a. /home/username/mail b. /var/mail/postfix c. /var/spool/postfix d. /etc/postfix

c. /var/spool/postfix

CH 14 Quiz How many words should be in the abstract of a report?​ a. 50 to 100 words b. 100 to 150 words c. 150 to 299 words d. 200 to 250 words

c. 150 to 299 words

CH 10 Quiz In VirtualBox, ___ different types of virtual network adapters are possible, such as AMD and Intel Pro adapters a. 2 b. 4 c. 6 d. 8

c. 6

CH 12 Review SD cards have a capacity up to which of the following? a. 100 MB b. 4 MB c. 64 GB d. 500 MB

c. 64 GB

CH 11 Review To trace an IP address in an email header, what type of lookup service can you use? (Choose all that apply) a. Intelius Inc's AnyWho online directory b. Verizon's http://superpages.com c. A Domain lookup service, such as www.arin.net, www.internic.com.,or ww.whois.net d. Any Web search engine

c. A Domain lookup service, such as www.arin.net, www.internic.com.,or ww.whois.net d. Any Web search engine

CH 15 Review What is the motion in limine? a. A motion to discuss the case b. THe movement of molecules in a random fashion c. A pretrial motion for the purpose of excluding certain evidence d. A pretrial motion to revise the case schedule

c. A pretrial motion for the purpose of excluding certain evidence

CH 11 Review When you access your email, what type of computer architecture are you using? a. Mainframe and minicomputers b. Domain c. Client/Server d. None of the above

c. Client/server

CH 13 Quiz The ??? is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more a. OpenStack Framework Alliance b. vCluod Security Advisory Panel c. Cloud Security Alliance d. Cloud Architecture Group

c. Cloud Security Alliance

CH 14 Quiz _______________ is the process of opposing attorneys seeking information from each other.​ a. Subpoena b. Warranting c. Discovery d. Digging

c. Discovery

CH 15 Review What kind of information do fact witnesses provide during testimony? (Choose all that apply) a. Their professional opinion on the significance of evidence b. Definitions of issues to be determined bu the founder of the fact c. Facts only d. Observations of the results of tests they performed.

c. Facts only d. Observations of the results of tests they performed.

CH 14 Quiz The rule that states that testimony is inadmissible unless it is "testimony deduced from a well-recognized scientific principle or discovery; the thing from which the deduction is made must be sufficiently established to have gained general acceptance in the particular field in which it belongs", was established in what court case?​ a. Daubert v. Merrell Dow Pharmaceuticals, Inc b. Smith v. United States c. Frye v. United States d. Dillon v. United States

c. Frye v. United States

CH 10 Quiz In Windows, what PowerShell cmdlet can be used in conjunction with Get-VM to display a virtual machine's network adapters a. Slow-NetworkAdapters b. Query-ipconfig c. Get-VMNetworkAdapter d. Dump-Betconfig

c. Get-VMNetworkAdapter

CH 12 Quiz Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis?​ a. Chip-off b. Manual extraction c. Hex dumping d. Micro read

c. Hex dumping

CH 12 Quiz What standard introduced sleep mode to enhance battery life, and is used with TDMA?​ a. IS-99 b. IS-140 c. IS-136 d. IS-95

c. IS-136

CH 12 Quiz ​​Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA). a. TS-95 b. 802.11 c. IS-95 d. IS-136

c. IS-95

CH 10 Review A layered network defense strategy puts the most valuable data where? a. In the DMZ b. In the outermost layer c. In the innermost layer d. None of the above

c. In the innermost layer

CH 9 Review Suppose you're investigating an e-mail harassment case. Generally, is collecting evidence for this type of case easier for an internal corporate investigation or a criminal investigation? a. Criminal investigation because subpoenas can be issued to acquire any needed evidence quickly. b. Criminal investigation because law enforcement agencies have more resources at their disposal c. Internal corporate investigation because corporate investigators typically have ready access to company records. d. Internal corporate investigation because ISPs almost always turn over email and access logs when requested by a large corporation

c. Internal corporate investigation because corporate investigators typically have ready access to company records.

CH 14 Review Which of the following statements about the legal-sequential numbering system in report writing is true? a. It's favorable because it's easy to organize and understand b. It's most effective for shorter reports c. It doesn't indicate the relative importance of information d. It's required for reports submitted in federal court

c. It doesn't indicate the relative importance of information

CH 10 Review Packet analyzers examine what layers of the OSI model? a. Layers 2 and 4 b. Layers 4 through 7 c. Layers 2 and 3 d. All layers

c. Layers 2 and 3

CH 11 Review The term "via Frontend Transport" in a header indicates that the e-mail is on which of the following? a. UNIX server b. Older NetWare Server c. Microsoft Exchange Server d. Mac Server

c. Microsoft Exchange Server

CH 12 Review In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices? a. Miles v. North Dakota b. Smith v. Oregon c. Riley v. California d. Dearborn v. Ohio

c. Riley v California

CH 13 Quiz What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing a. Amazon EC2 b. IBM Cloud c. Salesforce d. HP Helion

c. Salesforce

CH 9 Review In steganalysis, cover-media is which of the following? a. The content of a file used for a steganography message b. The type of steganographic method used to conceal a message c. The file a steganography tool uses to host a hidden message, such as a JPEG or an MP3 file d. A specific type of graphics file used only for hashing steganographic files

c. The file a steganalysis tool uses to host a hidden message, such as a JPEG or an MP3 file

CH 9 QUIZ When performing a static acquisition, what should be done after the hardware on a suspect's computer has been inventoried and documented?​ a. ​Inventory and documentation information should be stored on a drive and then the drive should be reformatted. b. ​Start the suspect's computer and begin collecting evidence. c. The hard drive should be removed, if practical, and the system's date and time values should be recorded from the system's CMOS.​ d. ​Connect the suspect's computer to the local network so that up to date forensics utilities can be utilized.

c. The hard drive should be removed, if practical, and the system's date and time values should be recorded from the system's CMOS.​

CH 11 Review Router logs can be used to verify what types of email data? a. Message content b. Content of Attached files c. Tracking flows through e-mail server ports d. Finding blind copies

c. Tracking flows through email server ports

CH 15 Review If you're giving an answer that you think your attorney should follow up on, what should you do? a. Change the tone of your voice b. Argue with the attorney who asked the question c. Use an agreed-on expression to alert the attorney to follow up on the question d. Try to include as much information in your answer as you can.

c. Use an agreed-on expression to alert the attorney to follow up on the question

CH 10 Quiz What processor instruction set is required in order to utilize virtualization software a. AMD-VT b. Intel VirtualBit c. Virtual Machine Extensions (VMX) d. Virtual HardwareExtensions (VHX)

c. Virtual Machine Extensions (VMX)

CH 13 Quiz Which of the following is NOT a service level for the cloud a. Platform as a service b. Infrastructure as a service c. Virtualization as a service d. Software as a service

c. Virtualization as a service

CH 13 Quiz What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds a. HP Helion b. Amazon EC2 c. XenServer and XenCenter Windows Management Console d. Cisco Cloud Computing

c. XenServer and XenCenter Windows Management Console

CH 15 Quiz Sometimes opposing attorneys ask several questions inside one question; this practice is called a ____ question. a. leading b. hypothetical c. compound d. rapid-fire

c. compound

CH 14 Quiz ​A report using the _________________ system divides material into sections and restarts numbering with each main section. a. numerically ordered b. hierarchical c. decimal numbering d. number formatted

c. decimal numbering

CH 13 Quiz The ??? Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system a. read_filejournal b. filetx.log c. filecache.dbx d. filecache.dll

c. filecache.dbx

CH 14 Quiz ​The _________________ numbering system is often used in legal pleadings. Each Roman numeral represents a major aspect of the report, and each Arabic numeral is an important piece of supporting information. a. decimal b. ordered-sequential c. legal-sequential d. reverse-order

c. legal-sequential

CH 14 Quiz When writing a report, group related ideas and sentences into ___________________,​ a. chapters b. sections c. paragraphs d. separate reports

c. paragraphs

CH 15 Quiz Leading questions such as "Isn't it true that forensics experts always destroy their handwritten notes?" are referred to as ____ questions. a. hypothetical b. attorney c. setup d. nested

c. setup

CH 11 Quiz The Suni Munshani v. Singal Lake Venture Fund II, LP et al case is an example of a case that involves e-mail ??? a. destruction b. spamming c. spoofing d. theft

c. spoofing

CH 15 Quiz Regarding a trial, the term ____ means rejecting potential jurors. a. voir dire b. rebuttal c. strikes d. venireman

c. strikes

CH 11 Review On a Unix-like system, which file specifies where to save different types of e-mail log files? a. maillog b. /var/spool/log c. syslog.conf d. log

c. syslog.conf

CH 13 Quiz Which is not a valid method of deployment for a cloud a. community b. public c. targeted d. private

c. targeted

CH 14 Quiz ​In addition to opinions and exhibits, the ______________ must specify fees paid for the expert's services and list all other civil or criminal cases in which the expert has testified. a. verbal report b. informal report c. written report d. preliminary report

c. written report

CH 9 QUIZ The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to filter known program files from view and contains the hash values of known illegal files.​ a. ​DeepScan Filter b. Unknown File Filter (UFF) c. ​Known File Filter (KFF) d. ​FTK Hash Imager

c. ​Known File Filter (KFF)

CH 9 QUIZ ​Select the tool below that does not use dictionary attacks or brute force attacks to crack passwords: a. ​Last Bit b. ​AccessData PRTK c. ​OSForensics d. ​Passware

c. ​OSForensics

CH 9 QUIZ A ____________ image file containing software is intended to be bit-stream copied to floppy disks or other external media.​ a. ​fdisk b. ​format c. ​dd d. ​DiskEdit

c. ​dd

CH 9 QUIZ A user with programming experience may use an assembler program (also called a __________ ) on a file to scramble bits, in order to secure the information contained inside.​ a. ​compiler b. shifter c. ​macro d. ​script

c. ​macro

CH 9 QUIZ The term for detecting and analyzing steganography files is _________________.​ a. ​carving b. ​steganology c. ​steganalysis d. ​steganomics

c. ​steganalysis

CH 10 Quiz The ___ disk image file format is associated with the VirtualBox hypervisor a. .vmdk b. .had c. .vhd d. .vdi

d. .vdi

CH 11 Quiz Which option below is the correct path to the sendmail configuration file a. /var/etc/sendmail.cf b. /var/mail/sendmail.cf c. /usr/local/sendmail.cf d. /etc/mail/sendmail.cf

d. /etc/mail/sendmail.cf

CH 11 Quiz On a UNIX system, where is a user's mail stored by default a. /var/mail b. /var/log/mail c. /username/mail d. /home/username/mail

d. /home/username/mail

CH 11 Quiz Syslog is generally configured to put all e-mail related log information into what file a. /usr/log/mail.log b. /var/log/message c. /proc/mail d. /var/log/maillog

d. /var/log/maillog

CH 13 Quiz In a prefetch file, the application's last access date and time are at offset ??? a. 0x80 b. 0x88 c. 0xD4 d. 0x90

d. 0x90

CH 15 Quiz Jurors typically average just over ____ years of education and an eighth-grade reading level. a. 9 b. 10 c. 11 d. 12

d. 12

CH 15 Quiz If a microphone is present during your testimony, place it ____ to eight inches from you. a. 3 b. 4 c. 5 d. 6

d. 6

CH 12 Quiz What frequencies can be used by GSM with the TDMA technique a. 1200 to 1500 MHz b. 2.4 GHz to 5.0 GHZ c. 600 to 1000 MHz d. 800 to 1000 MHZ

d. 800 to 1000 MHZ

CH 11 Review Logging options on many email servers can be: a. Disabled by the administrator b. Set up in a circular logging configuration c. Configured to a specified size before being overwritten d. All of the above

d. All of the above

CH 14 Review An expert witness can give an opinion in which the following situations. a. The opinion, inferences, or conclusions depend on a special knowledge, skills, or training not within the ordinary experience of lay people b. The witness is shown to be qualified as a true expert in the field c. The witness testifies to a reasonable degree of certainty (probability) about his or her opinion, inference, or conclusion. d. All of the above

d. All of the above

CH 12 Quiz The _______________ component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; sometimes referred to as a "cell phone tower".​ a. Vase station controller (BSC) b. Mobile switching center (MSC) c. Base transceiver controller (BTC) d. Base transceiver station (BTS)

d. Base transceiver station (BTS)

CH 9 Review For which of the following reasons should you wipe a target drive? a. To ensure the quality of digital evidence you acquire b. To make sure unwanted data isn't retained on the drive c. neither of the above d. Both a and b

d. Both a and b

CH 13 Quiz Select the folder below that is most likely to contain Dropbox files for a specific user a. C:/User/username/AppData/Dropbox b. C:/Dropbos c. C:/Users/Dropbox d. C:/Users/username/Dropbox

d. C:/Users/username/Dropbox

CH 14 Review When writing a report, what's the most important aspect of formatting? a. A neat appearance b. Size of the font c. Clear use of symbols and abbreviations d. Consistency

d. Consistency

CH 12 Quiz ​What digital network technology is a digital version of the original analog standard for cell phones? a. GSM b. CDMA c. iDEN d. D-AMPS

d. D-AMPS

CH 13 Review What are the two states of encrypted data in a secure cloud? a. RC4 and RC5 b. CRC-32 and UTF-16 c. Homomorphic and AES d. Data in motion and data at rest

d. Data in motion and data at rest

CH 11 Quiz Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora a. AccessData FTK b. DataNumen c. R-Tools R-Mail d. Fookes Aid4Mail

d. Fookes Aid4Mail

CH 11 Quiz In order to retrieve logs from exchange, the Powershell cmdlet ??? can be used a. GetExchangeLogs.psl b. GetLogInfo.psl c. ShowExchangeHistrory.psl d. GetTransactionLogStats.psl

d. GetTransactionLogStats.psl

CH 12 Quiz ​Select below the option that is not a typical feature of smartphones on the market today: a. Microprocessor b. Flash c. ROM d. Hard drive

d. Hard drive

CH 9 QUIZ Which option below is not a disk management tool?​ a. Partition Magic​ b. ​Partition Master c. ​GRUB d. ​HexEdit

d. HexEdit

CH 13 Quiz Metadata in a prefetch file contains an application's ??? times in UTC format and a counter of how many times the application has run since the prefect file was created a. startup / access b. log event c. ACL d. MAC

d. MAC

CH 10 Quiz The NSA's defense in depth (DiD) strategy contains three modes of protection. Which option below is not one of the three modes a. People b. Technology c. Operations d. Management

d. Management

CH 11 Quiz Exchange uses and Exchange database and is based on the ???, which uses several files in different combinations to provide e-mail service a. Microsoft Mail Storage Engine (MSE) b. Microsoft Stored Mail Extension (SME) c. Microsoft Extended Mail Storage (EMS) d. Microsoft Extensible Storage Engine (ESE)

d. Microsoft Extensible Storage Engine (ESE)

CH 12 Quiz Which component of cell communication is used to route digital packets for the network and relies on a database to support subscribers?​ a. Base station controller (BSC) b. Base transceiver station (BTS) c. Base transceiver controller (BTC) d. Mobile switching center (MSC)

d. Mobile switching center (MSC)

CH 9 QUIZ The _______________________ maintains a national database of updated file hash values for a variety of OSs, applications, and images, but does not list hash values of known illegal files.​ a. ​Open Hash Database b. ​HashKeeper Online c. ​National Hashed Software Referenced. d. National Software Reference Library

d. National Software Reference Library

CH 10 Quiz Select below the option that is not common type 1 hypervisor a. VMwar vSphere b. Microsoft Hyper-V c. Citirix XenServer d. Oracle VirtualBox

d. Oracle VirtualBox

CH 12 Quiz Nonvolatile memory on a mobile device can contain OS files and stored user data, such as a __________________ and backed-up files. a. Professional Data Holder b. Personal Assistant Organizer c. Personal Data Manager d. Personal Information Manager

d. Personal Information Manager

CH 9 Review Block-wise hashing has which of the following benefits for forensics examiners? a. Allows validating sector comparisons between known files b. Provides a faster way to shift bits in a block or sector of data c. Verifies the quality of OS files d. Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect's drive

d. Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect's drive.

CH 10 Quiz Select below the program within the Ps Tools suite that allows you to run processes remotely a. PsService b. PsPasswd c. PsRemote d. PsExec

d. PsExec

CH 12 Quiz Which of the following is not a type of peripheral memory card used in PDAs?​ a. Secure Digital (SD) b. Compact Flash (CF) c. Multimedia Card (MMC) d. RamBus (RB)

d. RamBus (RB)

CH 13 Review Evidence of cloud access found on a smartphone usually means which cloud service level was in use? a. IaaS b. HaaS c. PaaS d. SaaS

d. SaaS

CH 14 Quiz Which type of report typically takes place in an attorney's office? a. Examination Plan b. Written Report c. Preliminary Report d. Verbal Report

d. Verbal Report

CH 10 Quiz What virtual machine software supports all Windows and Linux OSs as well as Macintosh and Solaris, and is provided as shareware? a. KVM b. Parallels c. Microsoft Virtual PC d. VirtualBox

d. VirtualBox

CH 13 Review When should a temporary restraining order be requested for cloud environment? a. When cloud customers need immediate access to their data b. To enforce a court order c. When anti-forensics techniques are suspected d. When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case.

d. When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case.

CH 9 QUIZ Which of the following file systems can't be analyzed by OSForensics? a. ​FAT12 b. Ext2fs c. ​HFS+ d. ​XFS

d. XFS

CH 14 Quiz As with any research paper, write the ___________________ last. a. appendix b. body c. acknowledgements d. abstract

d. abstract

CH 15 Quiz ___ is an attempt by opposing attorneys to prevent you from serving on an important case. a. conflict of interest b. warrant c. deposition d. conflicting out

d. conflicting out

CH 15 Quiz A ____ differs from a trial testimony because there is no jury or judge. a. rebuttal b. plaintiff c. civil case d. deposition

d. deposition

CH 15 Quiz ____ evidence is evidence that exonerates or diminishes the defendant's liability. a. rebuttal b. plaintiff c. inculpatory d. exculpatory

d. exculpatory

CH 13 Quiz What information blow is not something recorded in Google Drive's snapshot.db file a. modified and created times b. URL pathnames c. file access records d. file SHA values and sizes

d. file SHA values and sizes

CH 11 Quiz What command below could be used on a UNIX system to help locate log directories a. show log b. detail c. search d. find

d. find

CH 12 Quiz ​On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures? a. Android b. Blackberry c. Windows RT d. iPhone

d. iPhone

CH 15 Quiz ____ is a written list of objections to certain testimony or exhibits. a. defendant b empanelling the jury c. plaintiff d. motion in limine

d. motion in limine

CH 10 Quiz Select the file below that is used in VirtualBox to create a virtual machine a. .vdi b. .vbox c. .r0 d. ova

d. ova

CH 13 Quiz To reduce the time it takes to start applications, Microsoft has created ??? files, which contain the DLL pathnames and metadata used by application a. temp b. cache c. config d. prefetch

d. prefetch

CH 14 Quiz What rule of the Federal Rules of Civil Procedure requires that parties who anticipate calling an expert witness to testify must provide a copy of the expert's written report that includes all opinions, the basis for the opinions, and the information considered in coming to those opinions?​ a. rule 24 b. rule 35 c. rule 36 d. rule 26

d. rule 26

CH 13 Quiz Which of the following is NOT one of the five mechanisms the government can use to get electronic information from a provider a. search warrants b. subpoenas c. court orders d. seizure order

d. seizure order

CH 13 Quiz With cloud systems running in a virtual environment, ??? can give you valuable information before, during, and after an incident a. carving b. live acquisition c. RAM d. snapshot

d. snapshot

CH 10 Quiz The ___ command line program is a common way of examining network traffic, which provides records of network activity while it is running, and produce hundreds of thousands of records a. netstat b. ls c. ifconfig d. tcpdump

d. tcpdump

CH 9 QUIZ Which password recovery method uses every possible letter, number, and character found on a keyboard?​ a. ​rainbow table b. ​dictionary attack c. ​hybrid attack d. ​brute-force attack

d. ​brute-force attack

CH 9 QUIZ ​In Windows, the ______________ command can be used to both hide and reveal partitions within Explorer. a. ​format b. ​fdisk c. ​grub d. ​diskpart

d. ​diskpart

CH 11 Quiz What type of Facebook profile is usually only given to law enforcement with a warrant a. private profile b. advanced profile c. basic profile d.Neoprint profile

d.Neoprint profile

CH 11 Review E-mail headers contain which of the following information? (Choose all that apply.) a. The sender and receiver e-mail address b. An ESMTP number or reference number c. The e-mail servers the message traveled through to reach its destination d. The IP address of the receiving server e. All of the above

e. All of the above


Kaugnay na mga set ng pag-aaral

Clotting and Cellular Regulation practice questions

View Set

MS 2 Final Exam Review Questions

View Set

Martini Chapters 23/24 Respiratory and Digestive

View Set

Series 7 Top-Off - Chapter 6 **copy**

View Set

CH 19: Genetic and Developmental Diseases and Disorders: Human Diseases 4th edition

View Set

The Americas (LABS-3300-001 CRN:25766) Book Test 1: Amalia L. Cabezas, Economies of Desire

View Set