CJUS 363 B01 Test 2 Study Guide

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application Programming Interface, and served as the database file?

.edb

What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data?​

.tmp

Which option below is the correct path to the sendmail configuration file?​

/etc/mail/sendmail.cf

On a UNIX system​, where is a user's mail stored by default?

/var/spool/postfix

Where does the Postfix UNIX mail server store e-mail?​

/var/spool/postfix

SD cards have a capacity up to which of the following?

64 GB

Orthogonal Frequency Division Multiplexing (OFDM)

A 4G technology that uses numerous parallel carriers instead of a single broad carrier and is less susceptible to interference.

Telecommunications Industry Association (TIA)

A U.S. trade association representing hundreds of telecommunications companies that works to establish and maintain telecommunications standards.

Hybrid Cloud

A cloud deployment model that combines public, private, or community cloud services under one cloud. Segregation of data is used to protect private cloud storage and applications.

platform as a service (PaaS)

A cloud is a service that provides a platform in the cloud that has only an OS. The customer can use the platform to load their own applications and data. The CSP is responsible only for the OS and hardware it runs on; the customer is responsible for everything else that they have loaded on to it.

private cloud

A cloud service dedicated to a single organization.

Public Cloud

A cloud service that's available to the general public, but typically offers no security.

Lossless Compression

A compression method in which no data is lost. With this type of compression, a large file can be compressed to take up less space and then uncompressed without any loss of information.

Lossy Compression

A compression method that permanently discards bits of information in a file. The removed bits of information reduce image quality.

testimony preservation deposition

A deposition held to preserve your testimony in case of schedule conflicts or health problems; it's usually videotaped as well as recorded by a stenographer.

examination plan

A document that lets you know what questions to expect when you are testifying.

Exchangeable Image File (Exif)

A file format the Japan Electronics and Information Technology Industries Association (JEITA) developed as a standard for storing metadata in JPEG and TIF files.

RAW file format

A file format typically found on higher-end digital cameras; the cameras performs no enhancement processing. This format maintains the best picture quality, but because it's proprietary format, not all images viewers can display it.

Vector Quantization (VQ)

A form of compression that uses an algorithm similar to rounding off decimal values to eliminate unnecessary bits of data.

Deposition

A formal examination in which you're questioned under oath with only the opposing parties, your attorney, and a court reporter present. There's no judge or jury. The purpose of a deposition is to give the opposing counsel a chance to preview your testimony before trial.

lay witness

A person whose testimony is based on personal observation; not considered to be an expert in a particular field.

What is a motion in limine?

A pretrial motion to exclude certain evidence because it would prejudice the jury. Effectively, this motion is a written list of objections to certain testimony or exhibits. It allows the judge to decide whether certain evidence should be admitted when the jury isn't present.

Multitenancy

A principle of software architecture in which a single installation of a program runs on a server accessed by multiple entities (tenants). When software is accessed by tenants in multiple jurisdictions, conflicts in copyright and licensing laws might result.

Insertion

A process that places data from the secret file into the host file. When you view the host file in its associated program, the inserted data is hidden unless you analyze the data structure.

Substitution

A process that replaces bits of the host file with other bits of data.

Global System for Mobile Communications (GSM)

A second-generation cellular network standard; currently the most used cellular network in the world.

community cloud

A shared cloud service that provides access to common or shared data.

Management plane

A tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly.

electronically erasable programmable read-only memory (EEPROM)

A type of nonvolatile memory that can be reprogrammed electrically, without having to physically access or remove the chip.

Code Division Multiple Access (CDMA)

A widely used digital cell phone technology that makes use of spread-spectrum modulation to spread the signal across a wide range of frequencies.

high-risk document

A written report containing sensitive information that could create an opening for the opposing attorney to discredit you.

What can be included in report appendixes?

Additional resource material not included in the text, raw data, figures not used in the body of the report, and anticipated exhibits.

Provisioning

Allocating cloud resources, such as additional disk space.

What is anti-forensics?

An effort to alter log records as well as date and time values of important system files and install malware to hide hackers' activities.

curriculum vitae (CV)

An extensive outline of your professional history that includes education, training, work, and what cases you have worked on as well as training you have conducted, publications you have contributed to, and professional associations and awards.

Enhanced Data GSM Environment (EDGE)

An improvement to GSM technology that enables it to deliver higher data rates. See also Global System for Mobile Communications (GSM).

International Telecommunication Union (ITU)

An international organization dedicated to creating telecommunications standards.

What are the technical challenges in cloud forensics?

Cloud architecture, data collection, analysis of cloud forensic data, anti-forensics, incident first responders, role management, legal issues, and standards and training.

What are Bitmap images?

Collections of dots, or pixels, that form an image.

Raster images

Collections of pixels stored in rows rather than a grid, as with bitmap images, to make graphics easier to print; usually created when a vector graphic is converted to a bitmap image.

Standard graphics file formats

Common graphics file formats that most graphics programs and image viewers can open.

List three peripheral memory cards used with PDAs.

Compact Flash, MultiMedia Card, and Secure Digital Cards.

When writing a report, what's the most important aspect of formatting?

Consistency

What do graphic files contain?

Contains an image, such as a digital photo, line art, a three-dimensional image, or a scanned replica of a printed picture.

Service Level Agreement (SLA)

Contracts between a cloud service provider and a cloud customer. Any additions or changes to an SLA can be made through an addendum.

Which e-mail recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups?

DataNumen Outlook Repair

Deprovisioning

Deallocating cloud resources that were assigned to a user or an organization.

Spoliation

Destroying, altering, hiding, or failing to preserve evidence, whether it's intentional or a result of negligence.

You don't need to make the jury subject matter experts; you're simply explaining the general meaning of these terms. The following are examples of definitions to prepare ahead of time for your testimony:

Digital forensics or computer forensics CRC-32, MD5, and SHA-1 hashing algorithms Image files and bit-stream copies File slack and unallocated (free) space File timestamps Computer log files Folder or directory Hardware Software Operating system

Which cloud services contain data on a user's computer or mobile device that can reveal what files were copied or accessed along with dates and times they were accessed.

Dropbox, Google Drive, and Microsoft OneDrive.

discovery

Efforts to gather information before a trial by demanding documents, depositions, interrogatories (written questions answered in writing under oath), and written requests for admissions of fact.

Compare and contrast email services on Internet and an intranet.

Email services on internet and intranet operate similarly in a client/sever architecture. However, the primary difference is how the email accounts are assigned to clients. For example, intranet email servers are part of a local network that was established by a private company and is regulated to only business-related practices. The email address' username is also linked directly to the company. Moreover, emails may be closely monitored by the company and their is little or no privacy. Internet email servers are more open to the public, with some restrictions, and individuals are free to open their own accounts.

What should you do if you can't open a graphics file in an image viewer?

Examine the file header to see whether it matches the header in a known good file. If the header doesn't match, you must insert the correct hexadecimal values manually with a hex editor.

Automated tools help you collect and report evidence, but you're responsible for doing which of the following?

Explaining the significance of the evidence

Which of the following rules or laws requires an expert to prepare and submit a report?

FRCP 26

What are some special cyber forensics tools that can be combined for cloud forensics?

FROST for OpenStack cloud IaaS platforms and F-Response's cloud server utility.

An Internet e-mail server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company.​

False

Any text editor can be used to read Dropbox files.

False

Cloud forensics is not considered a subset of network forensics.

False

Committing crimes with e-mail is uncommon, and investigators are not generally tasked with linking suspects to e-mail.​

False

Copyright laws don't apply to Web sites.

False

Graphics files stored on a computer can't be recovered after they are deleted.

False

In an e-mail address, everything before the @ symbol represents the domain name.​

False

When acquiring a mobile device at an investigation scene, you should leave it connected to a laptop or tablet so that you can observe synchronization as it takes place.

False

When investigating graphics files, you should convert them into one standard format.

False

​Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.

Fookes Aid4Mail

Vector graphics

Graphics based on mathematical instructions to form lines, curves, text, and other geometric shapes.

Metafile graphics

Graphics files that are combinations of bitmap and vector images.

Which of the following is the standard format for reports filed electronically in federal courts?

HTML

personal digital assistants (PDAs)

Handheld electronic devices that typically contain personal productivity applications used for calendaring, contact management, and note taking. Unlike smartphones, PDAs don't have telephony capabilities.

voir dire

In this qualification phase of testimony, your attorney asks you questions to establish your credentials as an expert witness. It is also the process of qualifying jurors.

List four places where mobile device information might be stored.

Internal memory SIM card Removable or external memory cards Network provider

What methods are used for digital watermarking?

Invisible modification of the LSBs in the file. Layering visible symbols on top of the image.

Remote wiping of a mobile device can result in which of the following?

It can erase all contacts, the calendar, and other personal information, such as photos, stored on the device. In some instances, it also restores the device to the original factory settings.

What is the purpose of Role Management?

It defines the duties of CSP staff and customers, such as who's the data owner, who's in charge of identity protection, who are the users, and who allows user account access to the CSP. A digital forensics examiner needs this information to determine where data is stored and the impact of its loss to the CSP and customers.

What happens if a cyber incident response team is absent in the event of an intrusion?

It's up to the digital forensics examiner to develop a plan for responding to the incident.

Nonstandard graphics file formats

Less common graphics file formats, including proprietary formats, newer formats, formats that most image viewers don't recognize, and old or obsolete formats.

Deposition Banks

Libraries of previously given testimony that law firms can access.

A JPEG file uses which type of compression?

Lossy Compression

Prefetch files, which help speed applications' startups, contain what kind of content?

Metadata on the last date and time an application was run and how many times it has run since being installed. Interpreting this metadata requires a hex editor or forensics tool.

Exchange uses an Exchange database and is based on the _______________________, which uses several files in different combinations to provide e-mail service.​

Microsoft Extensible Storage Engine (ESE)

Which of the following relies on a central database that tracks account data, location data, and subscriber information?

Mobile switching center (MSC)

smartphones

Mobile telephones with more features than a traditional phone has, including a camera, an e-mail client, a Web browser, a calendar, contact management software, an instant-messaging program, and more.

What type of Facebook profile is usually only given to law enforcement with a warrant?​

Neoprint profile

When you appear in a federal court as an expert witness, Federal Rules of Civil Procedure (FRCP) 26 (2) (B) requires that you provide the following information:

Other cases in which you have testified as an expert at a trial or in a deposition in the preceding four years Ten years of any published writings Previous compensation you received when giving testimony

Describe two ways you can isolate a mobile device from incoming signals.

Place the device in airplane mode, if this feature is available. Place the device in a paint can, preferably one that previously contained radio wave-blocking paint, or use the Paraben Wireless StrongHold Bag (www.paraben.com/stronghold-bags.html), which conforms to Faraday wire cage standards. Turn the device off.

When you carve a graphics file, recovering the image depends on which of the following skills?

Recognizing the pattern of the data content.

subscriber identity module (SIM) cards

Removable cards in GSM phones that contain information for identifying subscribers. They can also store other information, such as messages and call history.

In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices?

Riley v. California

How can routers be used to determine the path of an e-mail?

Routers have regulations that direct email traffic based on the destination of the IP address. They can keep a record of where the email is sent from and who was it sent to. Network managers can even modify routers to block spam from entering a protected server.

Security and digital forensics training for clouds are sponsored by organizations such as

SANS, ISC2, the INFOSEC Institute, and the National Institute of Justice.

GSM divides a mobile station into :::::::_ and :::::::::_.

SIM card and the mobile equipment (ME)

Five mechanisms are used to collect digital evidence under the U.S. Electronic Communications Privacy Act (ECPA):

Search warrants, subpoenas, subpoenas with prior notice to the subscriber or customer, court orders, and court orders with prior notice to the subscriber or customer.

You can retrieve quite a bit of data from a SIM card, depending on whether the phone is GSM or CDMA. The information that can be retrieved falls into four categories:

Service-related data, such as identifiers for the SIM card and subscriber. Call data, such as numbers dialed. Message information. Location information.

Pixels

Small dots used to create images; the term comes from "picture element."

Evidence of cloud access found on a smartphone usually means which cloud service level was in use?

Software as a Service (SaaS)

Closing arguments

Statements that organize the evidence and state the applicable law. The plaintiff's attorney goes first and gets a rebuttal opportunity at the end, which should be limited to issues raised by the defense's attorney.

Jury instructions

The attorneys propose instructions to the jury on how to consider the evidence, and then the judge approves or disapproves; if the instructions are approved, the judge reads them to the jury.

fourth-generation (4G)

The current generation of mobile phone standards, with technologies that improved speed and accuracy.

Resolution

The density of pixels displayed onscreen, which governs image quality.

Most Significant Bit (MSB)

The highest bit value in a byte.

Least Significant Bit (LSB)

The lowest bit value in a byte. In Microsoft OSs, bits are displayed from right to left, so the rightmost bit is the LSB. OSs that read bits from right to left are called "little endian." OSs that display the LSB from left to right are called "big endian."

discovery deposition

The opposing attorney sets the deposition and often conducts the equivalent of both direct and cross-examination. A discovery deposition is considered part of the discovery process. See also deposition.

conflicting out

The practice of opposing attorneys trying to prevent you from testifying by claiming you have discussed the case with them and, therefore, have a conflict of interest.

third-generation (3G)

The preceding generation of mobile phone standards and technology; had more advanced features and faster data rates than the older analog and personal communications service (PCS) technologies.

Data Compression

The process of coding data from a larger form to a smaller form.

Demosaicing

The process of converting raw picture data to another format, such as JPEG or TIF.

Carving or salvaging

The process of recovering file fragments that are scattered across a disk.

False positives

The results of keyword searches that contain the correct match but aren't relevant to the investigation.

What information is not typically included in an e-mail header? ​

The sender's physical location

Time Division Multiple Access (TDMA)

The technique of dividing a radio frequency into time slots, used by GSM networks; also refers to a cellular network standard covered by Interim Standard (IS) 136. See also Global System for Mobile Communications (GSM).

Describe the two different types of Facebook profiles.

The two different types of Facebook profiles are basic subscriber info and extended subscriber info, also called NeoPrint. Basic subscriber info informs the viewer the last time an individual logged onto their account and provides the user's phone number number and email. Neoprint info provides content on the number of followers, videos posted on their page, and any undeleted pictures.

Impaneling the jury

This process includes voir dire of venireman (questioning potential jurors to see whether they're qualified), strikes (rejecting potential jurors), and seating of jurors.

fact witness

This type of testimony reports only the facts (findings of an investigation); no opinion is given in court.

Expert Witness

This type of testimony reports opinions based on experience and facts gathered during an investigation.

Digital pictures use data compression to accomplish which of the following goals?

To compact data and reduce file size.

Why do attorneys use deposition banks?

To research expert witnesses' previous testimony and to learn more about expert witnesses hired by opposing counsel.

​Exchange servers maintain message logs in the ________________ log file.

Tracking

A graphics file contains a header with instructions for displaying the image.

True

Amazon was an early provider of Web-based services that eventually developed into the cloud concept.

True

CSPs typically have incident response teams consisting of system administrators, network administrators, and legal advisors.

True

CSPs use servers on distributive networks or mainframes that allow elasticity of resources for customers.

True

Cloud investigations are necessary in cases involving cyberattacks, policy violations, data recovery, and fraud complaints.

True

Each type of graphics file has a unique header containing information that distinguishes it from other types of graphics files.

True

In a digital forensics investigation involving graphics files, you need to locate and recover all graphics files on a drive and determine which ones are pertinent to your case.

True

Lzip is a lossy compression utility.

True

Most graphics file formats, including GIF and JPEG, compress data to save disk space and reduce transmission time.

True

Procedures for acquiring cloud evidence include examining network and firewall logs, performing disk acquisitions of a cloud system's OS, and examining data storage devices.

True

SIM card readers can alter evidence by showing that a message has been read when you view it.

True

The multitenancy nature of cloud environments means conflicts in privacy laws can occur.

True

To see Google Drive synchronization files, you need a SQL viewer. True or False?

True

When investigating social media content, evidence artifacts can vary, depending on the social media channel and the device.

True

When viewing a file header, you need to include hexadecimal information to view the image.

True

When you use a graphics editor or an image viewer, you can open a file in one of many graphics file formats.

True

​The DomainKeys Identified Mail service is a way to verify the names of domains a message is flowing through and was developed as a way to cut down on spam.

True

cloud service providers (CSPs)

Vendors that provide on-demand network access to a shared pool of resources (typically remote data storage or Web applications).

When should a temporary restraining order be requested for cloud environments?

When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case

Some widely used lossless compression utilities include

WinZip, PKZip, Stufflt, and FreeZip.

infrastructure as a service (IaaS)

With this cloud service level, an organization supplies its own OS, applications, databases, and operations staff, and the cloud provider is responsible only for selling or leasing the hardware.

Software as a Service (SaaS)

With this cloud service level, typically a Web hosting service provides applications for subscribers to use.

How can you reconstruct a file header that's partially overwritten?

You must reconstruct the header to make it readable again by comparing the hexadecimal values of known graphics file formats to the pattern of the file header you found. After you identify fragmented data, you can use a forensics tool to recover the fragmented file.

Some legal actions generate interest from the news media, but you should avoid contact with news media, especially during a case, for the following reasons:

Your comments could harm the case and create a record that can be used against you. You have no control over the context of the information a journalist publishes. You can't rely on a journalist's promises of confidentiality.

Data in clouds can be encrypted in two states:

at rest and in motion.

A graphics program creates and saves one of three types of graphics files:

bitmap, vector, and metafile.

There are three types of subpoenas:

government agency, non-government and civil litigation, and court orders.

The two major techniques for Steganography?

insertion and substitution

Many web-based e-mail providers offer _______________ services, such as Yahoo! Messenger and Google Talk.

instant messaging

What command below could be used on a UNIX system to help locate log directories?​

locate .log

Graphics files and most compression tools use one of two data compression schemes:

lossless or lossy.

In JPEG files, what's the starting offset position for the JFIF label?

offset 6

The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.​

scanpst.exe

Syslog is generally configured to put all e-mail related log information into what file?​

sendmail.cf

Most SIM cards allow :::::: access attempts before locking you out.

three attempts

Similar to ARIN, the ____________ can be used to find a domain's IP address and point of contact.​

www.internic.com

​In what state is sending unsolicited e-mail illegal?

​Washington

E-mail administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.​

​circular logging


Ensembles d'études connexes

7th grade Vocabulary Workshop Unit 6 definitions

View Set

Foundation for Living | T / F 🌀

View Set

Chapter 16: Personal Selling and Sales Promotion

View Set

Google Ads Certificate Questions

View Set

Module 3 Introduction to Computer Software

View Set

Chapter 13 Review & Lab Questions

View Set

Finance 8 Personal Finance - Ch 4 Financial Services: Savings Plans and Payment Accounts - Focus on Personal Finance - McGraw Hill 5 edition

View Set

LS1 Week 2 Chapter 31-Assessment and Management of Pt With HTC

View Set