Final review
Which of the following rules or laws requires an expert to prepare and submit a report?
FRCP 26
In which cloud service level can customers rent hardware and install whatever OSs and applications they need?
Infrastructure as a Service
Which of the following is the standard format for reports filed electronically in federal courts?
A(n) ________________________ is a contract between a CSP and the customer that describes what services are being provided and at what level.
Service level agreement
What is destroying a report before the final resolution of a case called?
Spoliation
Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? (Choose all that apply.)
Subpoenas, search warrants, court orders.
A CSP's incident response team typically consists of which staff?
System and Network Administrators
If you were a lay witness at a previous trial, you shouldn't list that case in your written report. True or False?
True
SIM card readers can alter evidence by showing that a message has been read when you view it. True or False?
True
The multitenancy nature of cloud environments means conflicts in privacy laws can occur. True or False?
True
To see Google Drive synchronization files, you need a SQL viewer. True or False?
True
Most SIM cards allow ___________ access attempts before locking you out.
3
SD cards have a capacity up to which of the following?
64 GB
Which of the following is an example of a written report?
An affidavit
Which of the following categories of information is stored on a SIM card? (Choose all that apply.)
Call data, service-related data.
What's the most commonly used cellular network worldwide?
China Mobile
List two peripheral memory cards used with PDAs.
Compact Flash, Secure Digital Cards.
When writing a report, what's the most important aspect of formatting?
Consistency
What are the two states of encrypted data in a secure cloud?
Data in motion and data at rest.
The term TDMA refers to which of the following? (Choose all that apply.)
Dividing radio frequency so multiple people can share the channel, specific cellular network standard.
Automated tools help you collect and report evidence, but you're responsible for doing which of the following?
Explain the significance of evidence.
Any text editor can be used to read Dropbox files. True or False?
False
Commingled data isn't a concern when acquiring cloud data. True or False?
False
When acquiring a mobile device at an investigation scene, you should leave it connected to a laptop or tablet so that you can observe synchronization as it takes place. True or False?
False
What capabilities should a forensics tool have to acquire data from a cloud? (Choose all that apply.)
Identify and acquire data from the cloud, expand and contract data storage capabilites, examine virtual systems.
An expert witness can give an opinion in which of the following situations?
If she or he has special skills or knowledge, is a true expert or if testifies to certaninty about opinion or conclusion.
List four places where mobile device information might be stored.
Internal memory, SIM card, external memory, system server.
Which of the following statements about the legal-sequential numbering system in report writing is true?
It does not mean the relative importance of information.
Which of the following relies on a central database that tracks account data, location data, and subscriber information?
MSC - Mobile Switching Center
Describe two ways you can isolate a mobile device from incoming signals.
Paint cans, eight layers of anti-static bags.
Which of the following cloud deployment methods typically offers no security?
Public cloud
What can be included in report appendixes?
Raw data, figures not used in the body of the report. Anticipated exhibits.
Remote wiping of a mobile device can result in which of the following? (Choose all that apply.)
Removing account information, restoring to factory settings, deleting contacts.
In which of the following cases did the U.S. Supreme Court require using a search warrant to examine the contents of mobile devices?
Riley v California
Evidence of cloud access found on a smartphone usually means which cloud service level was in use?
Saas
For what purpose have hypothetical questions traditionally been used in litigation?
To form the true picture of creating an expert witnesses's opinion.
Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True or False?
True
Typically, you need a search warrant to retrieve information from a service provider. True or False?
True
When investigating social media content, evidence artifacts can vary, depending on the social media channel and the device. True or False?
True
When should a temporary restraining order be requested for cloud environments?
When a search warrant requires seizing a CSP's hardware and software used by other parties
What are the three levels of cloud services defined by NIST?
infrastructure (IaaS), platform (PaaS), and software as-a-service (SaaS)
GSM divides a mobile station into _______
the SIM card and the mobile equipment
