Chapter 13 Forensics

Metadata in a prefetch file contains an application's ____ times in UTC format and a counter of how many times the application has run since the prefect file was created

MAC

What cloud service provides a freeware type 1 hypervisor used for public and private clouds?

XenServer and XenCenter Windows Management Console

Which Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system?

filecache.dbx

Which Google Drive file contains a detailed list of a user's cloud transactions?

sync_log.log

Which type of tool has application programming interfaces (APIs) that allow reconfiguring a cloud on the fly and is accessed through the application's Web interface?

A management plane

Which organization has developed resource documentation for cloud service providers and their staff and provides guidance for privacy agreements, security measures, and other issues?

Cloud Security Alliance

At what offset is a prefetch file's create date and time located?

0x80

At what offset are the application's last access date and time located in a prefetch file?

0x90

What document, issued by a judge, compels the recipient to do or not do something?

A court order

Which type of order requires that the government offer specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation?

A court order

A government entity must show that there is probable cause to believe the contents of a wire communication, an electronic communication, or other records are relevant to an ongoing criminal investigation to obtain which type of order?

A search warrant

Where is the snapshot database created by Google Drive located in Windows?

C:\Users\username\AppData\Local\Google\Drive\user_default

Which folder is most likely to contain Dropbox files for a specific user?

C:\Users\username\Dropbox

Which tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack?

FROST

Which cloud forensics training program is limited to law enforcement personnel?

National Institute of Justice Digital Forensics Training

What is Microsoft's SkyDrive now called?

OneDrive

With cloud systems running in a virtual environment, what can be used to give the investigator valuable information before, during, and after an incident?

Snapshots

What files, created by Microsoft, contain the DLL pathnames and metadata used by applications and reduce the time it takes to start applications?

Prefetch

What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?

Salesforce

In which cloud service level are applications delivered via the Internet?

Software as a service