Chapter 13: Cloud Forensics
At what offset is a prefetch file's create date & time located?
0x80
In a prefetch file, the application's last access date and time are at offset ____.
0x90
Which of the following is not a valid source for cloud forensics training?
A+ Security
Where is the snapshot database created by Google Drive located in Windows?
C:\Users\username\AppData\Local\Google\Drive\user_default
Select the folder below that is most likely to contain Dropbox files for a specific user:
C:\Users\username\Dropbox
The ____ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Cloud Security Alliance
Also called "master service agreements."
Cloud service agreements (CSAs)
Use a variety of approaches and systems to build their cloud systems, such as servers using distributive processing methods with data farms for storage.
Cloud service providers (CSPs)
A way to bring people together for a specific purpose, for example, to access to common files.
Community cloud
Poses a serious legal challenge in cloud forensics.
Deprovisioning
The ____ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack.
FROST
A search warrant can be used in any kind of case, either civil or criminal.
False
Magnet AXIOM Cloud can retrieve information from Skype, Instagram, Twitter, iCloud, but not from Facebook Messenger.
False
Remote acquisitions are often easier because you're usually dealing with large volumes of data.
False
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
False
Enables a company to keep some information private and designate other files as public or community information.
Hybrid cloud
Customers can rent hardware, such as servers and workstations, and install whatever OSs and applications they need.
Infrastructure as a service (IaaS)
Metadata in a prefetch file contains an application's ____ times in UTC format and a counter of how many times the application has run since the prefect file was created.
MAC
Many different unrelated businesses and users share the same applications and storage space.
Multitenancy
Microsoft created SkyDrive as a cloud service that later became?
OneDrive
Can only be accessed by people who have the necessary credentials.
Private cloud
A cloud service that's available to the general public.
Public cloud
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?
Salesforce
Failing to preserve evidence.
Spoliation
Homomorphic encryption uses an "ideal lattice" mathematical formula to encrypt data.
True
In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.
True
In the United States, the Electronic Communications Privacy Act (ECPA) describes five mechanisms the government can use to get electronic information from a provider.
True
Specially trained system and network administrators are often a CSP's first responders.
True
The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).
True
The platform as a service cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure.
True
Which of the following is NOT a service level for the cloud?
Virtualization as a service
What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds?
XenServer and XenCenter Windows Management Console
A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
court order
The ____ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system.
filecache.dbx
A ____ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.
management plane
To reduce the time it takes to start applications, Microsoft has created ____ files, which contain the DLL pathnames and metadata used by applications.
prefect
To get a ____, a government entity must show that there's probable cause to believe the contents of a wire communication, an electronic communication, or other records are relevant to an ongoing criminal investigation.
search warrant
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?
seizure order
With cloud systems running in a virtual environment, ____ can give you valuable information before, during, and after an incident.
snapshots
The Google drive file ____ contains a detailed list of a user's cloud transactions.
sync_log.log
