forensic ch 13-16
CH 13 Quiz A search warrant can be used in any kind of case, either civil or criminal T/F
False
CH 13 Quiz The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect. T/F
False
CH 13 Review Any text editor can be used to read Dropbox files. True/False
False
CH 13 Review Commingled data isn't a concern when acquiring cloud data. True/False
False
CH 13 Quiz In the United State, the Electronic Communications Privacy Act (ECPA) describes 5 mechanisms the government can use to get electronic information from a provider T/F
True
CH 13 Quiz Specially trained system and network administrators are often a CSP's first responders T/F
True
CH 16 Quiz FRE ____ describes whether basis for the testimony is adequate. a. 700 b. 701 c. 702 d. 703
d. 703
CH 16 Quiz What Unicode value is used to identify the Latin alphabet? a. 0x00 b. 0xF8 c. 0xAB d. 0x01
pg 578 a. 0x00
CH 14 Quiz Expert witnesses are not required to submit a written report for civil cases. a. true b. false
b. false
CH 14 Quiz Lawyers may request _________________ of previous testimony by their own potential experts to ensure that the experts haven't previously testified to a contrary position. a. warrants b. transcripts c. subpoenas d. evidence
b. transcripts
CH 16 Review Contingency fees can be used to compensate an expert under which circumstances? a. When the expert is too expensive to compensate at the hourly rate b. When the expert is willing to accept a contingency fee arrangement c. When the expert is acting only as a consultant, not a witness d. All of the above
c. When the expert is acting only as a consultant, not a witness
CH 13 Quiz What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds a. HP Helion b. Amazon EC2 c. XenServer and XenCenter Windows Management Console d. Cisco Cloud Computing
c. XenServer and XenCenter Windows Management Console
CH 15 Quiz Regarding a trial, the term ____ means rejecting potential jurors. a. voir dire b. rebuttal c. strikes d. venireman
c. strikes
CH 13 Quiz Which is not a valid method of deployment for a cloud a. community b. public c. targeted d. private
c. targeted
CH 13 Quiz In a prefetch file, the application's last access date and time are at offset ??? a. 0x80 b. 0x88 c. 0xD4 d. 0x90
d. 0x90
CH 16 Review Ethical obligations are duties that you owe only to others. True or False?
False
CH 13 Quiz The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET) T/F
True
CH 13 Review Amazon was an early provider of Web-based services that eventually developed into the cloud concept. True/False
True
CH 13 Review To see Google Drive synchronization files, you need a SQL viewer. True/False
True
CH 14 Review If you were a lay witness at a previous trail. You shouldn't list that case in your written report. True/False
True
CH 15 Review Voir dire is the process of qualifying a witness as an expert. True or False?
True
CH 14 Quiz An expert's opinion is governed by ________________ and the corresponding rule in many states. a. FRE, Rule 705 b. FRE, Rule 507 c. FRCP 26 d. FRCP 62
a. FRE, Rule 705
CH 14 Quiz __________________ means the tone of language you use to address the reader. a. Style b. Format c. Outline d. Prose
a. Style
CH 15 Review Which of the following describes expert witness testimony? (Choose all that apply.) a. Testimony designed to assist the jury in determining matters beyond the ordinary person's scope of knowledge b. Testimony that defines issues of the case for determination by the jury c. Testimony resulting in the expression of an opinion by a witness with scientific, technical, or other professional knowledge or experience. d. Testimony designed to raise doubt about facts or witnesses' credibility
a. Testimony designed to assist the jury in determining matters beyond the ordinary person's scope of knowledge c. Testimony resulting in the expression of an opinion by a witness with scientific, technical, or other professional knowledge or experience.
CH 14 Review For what purpose have hypothetical questions traditionally been used in litigation? a. To frame the factual context of rendering an expert witness's opinion. b. To define the case issues for the finder of fact to determine c. To stimulate discussion between consulting expert and expert witnesses d. To deter a witness from expanding the scope of his or her investigation beyond the case requirements. e. All of the above
a. To frame the factual context of rendering an expert witness's opinion.
CH 15 Quiz ____ from both plaintiff and defense is an optional phase of the trial. Generally, it's allowed to cover an issue raised during cross-examination. a. rebuttal b. plaintiff c. closing arguments d. opening statements
a. rebuttal
CH 14 Quiz Specially trained system and network administrators are often a CSP's first responders. a. true b. false
a. true
CH 14 Quiz Technical terms, if included in a report, should be defined in ordinary language such that lawyers, judges, and jurors can understand them. a. true b. false
a. true
CH 14 Quiz When using the PassMark software to find forensic information in e-mails, messages that appear to be suspicious should be flagged __________. a. yellow b. green c. red d. orange
a. yellow
CH 13 Quiz The ??? tool can be used by bypass a virtual machine's hypervisor, and can be used with OpenStack a. Openforensics b. FROST c. WinHex d. ARC
b. FROST
CH 14 Quiz The report generator in ProDiscover defaults to ______________________, which can be opened by most word processors. a. HyperText Markup Language (HTML) b. Rich Text Format (RTF) c. Extensible Markup Language (XML) d. Microsoft Word document format
b. Rich Text Format (RTF)
CH 16 Review All expert witnesses must be members of associations that license them. True or False?
False
CH 16 Review Codes of professional conduct or responsibility set the highest standards for professional's expected performance. True or False?
False
CH 13 Review The multitenancy nature of cloud environments means conflicts in private laws can occur. True/False
True
CH 16 Review In the United States, no state or national licensing body specifically licenses computer forensics examiners. True or False?
True
CH 15 Quiz When cases go to trial, you as a forensics examiner can play one of ____ roles. a. 2 b. 3 c. 4 d. 5
a. 2
CH 16 Quiz Which of the following options would represent a valid retainer? a. 2 to 8 hours of your usual billable rate b. a verbal agreement c. complete discussion of an ongoing case d. dissemination of evidence
a. 2 to 8 hours of your usual billable rate
CH 16 Quiz FRE ____ describes whether the expert is qualified and whether the expert opinion can be helpful. a. 702 b. 703 c. 704 d. 705
a. 702
CH 15 Review Your curriculum vitae is which of the following? (Choose all that apply) a. A necessary tool to be an expert witness b. A generally required document to be made available before your testimony c. A detailed record of your experience, education, and training d. Focused on your skills as they apply to the current case
a. A necessary tool to be an expert witness b. A generally required document to be made available before your testimony c. A detailed record of your experience, education, and training
CH 15 Review Before testifying, you should do which of the following? (Choose all that apply) a. Create an examination plan with your attorney. b. Make sure you've been paid for your services and the estimated fee for the deposition or trial. c. Get a haircut d. Type all the draft notes you took during your investigation
a. Create an examination plan with your attorney. b. Make sure you've been paid for your services and the estimated fee for the deposition or trial.
CH 14 Review Which of the following rules or laws requires an expert to prepare and submit a report? a. FRCP 26 b. FRE 801 c. Neither d. Both
a. FRCP 26
CH 15 Review What should you do if you realize you have made a mistake or misstatement during a deposition? (Choose all that apply) a. If the deposition is still in session, refer back to the error and correct it. b. Decide weather the error is minor, and if so, ignor it c. If the deposition if over, make the correction on the corrections page of the copy provided for your signature d. Call the opposing attorney and inform him of your mistake or misstatement e. Request an opportunity to make the correction at trial.
a. If the deposition is still in session, refer back to the error and correct it. c. If the deposition if over, make the correction on the corrections page of the copy provided for your signature
CH 16 Review Externally enforced ethical rules, with sanctions that can restrict a professional's practice, are more accurately, described as which of the following? a. Laws b. Objectives c. A higher calling d. All of the above
a. Laws
CH 15 Review During your cross-examination, you should do which of the following? (Choose all that apply) a. Maintain eye contact with the jury b. Pay close attention to what your attorney is objecting to. c. Help the attorneys, judge, and jury in understanding the case, even if you have to go a bit beyond the scope of your expertise d. Pay close attention to opposing counsel's questions. e. Answer opposing counsel's questions as briefly as is practical
a. Maintain eye contact with the jury b. Pay close attention to what your attorney is objecting to. d. Pay close attention to opposing counsel's questions. e. Answer opposing counsel's questions as briefly as is practical
CH 15 Review When using graphics while testing, which of the following guidelines applies? (Choose all that apply) a. Make sure the jury can see your graphics b. Practice using charts for courtroom testimony c. Your exhibits must be clear and easy to understand d. Make sure you have plenty of extra graphics, in case you have to explain more complex supporting issues.
a. Make sure the jury can see your graphics b. Practice using charts for courtroom testimony c. Your exhibits must be clear and easy to understand
CH 15 Review Which of the following describes fact testimony? a. Scientific or technical testimony describing information recovered during an examination b. Testimony by law enforcement officers c. Testimony based on observations by lay witnesses d. None of the above
a. Scientific or technical testimony describing information recovered during an examination
CH 13 Review Which of the following is a mechanism the ECPA describes for the government to get electronic information from a provider? (Choose all that apply) a. Subpoenas with prior notice b. Temporary restraining orders c. Search warrants d. Court orders
a. Subpoenas with prior notice c. Search warrants d. Court orders
CH 15 Quiz Discuss any potential problems with your attorney ____ a deposition. a. before b. after c. during d. during direct examination at
a. before
CH 16 Quiz A consultant who doesn't testify can earn a ____________________ for locating testifying experts or investigative leads. a. contingency fee b. retainer c. stake in a case d. reprimand
a. contingency fee
CH 13 Quiz A ??? is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities a. court order b. temporary restraining order c. warrant d. subpoena
a. court order
CH 15 Quiz You provide ____ testimony when you answer questions from the attorney who hired you. a. direct b. cross c. examination d. rebuttal
a. direct
CH 15 Quiz Validate your tools and verify your evidence with ____ to ensure its integrity. a. hashing algorithms b. watermarks c. steganography d. digital certificates
a. hashing algorithms
CH 15 Quiz When you give ____ testimony, you present this evidence and explain what it is and how it was obtained. a. technical/scientific b. expert c. lay witness d. deposition
a. technical/scientific
CH 14 Quiz A report can provide justification for collecting more evidence and be used at a probable cause hearing. a. true b. false
a. true
CH 15 Quiz As a standard practice, collect evidence and record the tools you used in designated file folders or evidence containers. a. true b. false
a. true
CH 15 Quiz As an expert witness, you have opinions about what you have found or observed. a. true b. false
a. true
CH 15 Quiz Part of what you have to deliver to the jury is a person they can trust to help them figure out something that's beyond their expertise. a. true b. false
a. true
CH 16 Quiz Experts should be paid in full for all previous work and for the anticipated time required for testimony. a. true b. false
a. true
CH 16 Quiz In the United States, there's no state or national licensing body for computer forensics examiners. a. true b. false
a. true
CH 16 Quiz People need ethics to help maintain their balance, especially in difficult and contentious situations. a. true b. false
a. true
CH 13 Quiz At what offset is a prefetch file's create date & time located a. 0x88 b. 0x80 c. 0x98 d. 0x90
b. 0x80
CH 15 Quiz If your CV (curriculum vitae) is more than ____ months old, you probably need to update it to reflect new cases and additional training. a. 2 b. 3 c. 4 d. 5
b. 3
CH 16 Quiz Currently, expert witnesses testify in more than __ percent of trials. a. 55 b. 80 c. 92 d. 78
b. 80
CH 13 Quiz Which of the following is not a valid source for cloud forensics training a. Sans Cloud Forensics with F-Response b. A+ Security c. INFOSEC Intitute d. (ISC)2 Certified Cyber Forensics Professional
b. A+ Security
CH 14 Review Which of the following is an example of a written report? a. A search warrant b. An affidavit c. Voir Dire d. Any of the above
b. An affidavit
CH 15 Review When working for a prosecutor, what should you do if the evidence you found appears to be exculpatory and isn't being released to the defense? a. Keep the information on file for later review b. Bring the information to the attention of the prosecutor, then his or her supervisor and finally to the judge (the court) c. Destroy the evidence d. Five the evidence to the defense attorney
b. Bring the information to the attention of the prosecutor, then his or her supervisor and finally to the judge (the court)
CH 15 Quiz For forensics specialists, keeping the ____ updated and complete is crucial to supporting your role as an expert and showing that you're constantly enhancing your skills through training, teaching, and experience. a. testimony b. CV (curriculum vitae) c. examination plan d. deposition
b. CV (curriculum vitae)
CH 14 Review Automated tools help you collect and report evidence, but you're responsible for doing which of the following? a. Explaining your formatting choices b. Explaining the significance of the evidence c. Explaining in detail how the software works d. All of the above
b. Explaining the significance of the evidence
CH 15 Review The most reliable way to ensure that jurors recall testimony is to do which of the following? a. Present evidence using oral testimony supported by hand gestures and facial expressions b. Present evidence combining oral testimony and graphics that support the testimony c. Wear bright colored clothing to attract juror's attention d. Emphasize your points with humorous anecdotes e. Memorize your testimony carefully
b. Present evidence combining oral testimony and graphics that support the testimony
CH 13 Review Which of the following cloud deployment methods typically offers no security? a. Hybrid Cloud b. Public Cloud c. Community cloud d. Private Cloud
b. Public Cloud
CH 15 Review What expressions are acceptable to use in testimony to respond to a question for which you have no answer? (Choose all that apply) a. No Comment b. That's beyond the scope of my expertise c. I don't want to answer that questino d. I was not requested to investigate that e. That is beyond the scope of my investigation
b. That's beyond the scope of my expertise d. I was not requested to investigate that e. That is beyond the scope of my investigation
CH 15 Review In answering a question about the size of a hard drive, which of the following responses is appropriate? (Choose all that apply.) a. It's a very large hard drive b. The technical data sheet indicates it's a 3 terabyte hard drive. c. It's a 3 terabyte hard drive configured with 2.78 terabytes of accessible storage. d. I was unable to determine the drive size because it was so badly damaged
b. The technical data sheet indicates it's a 3 terabyte hard drive. c. It's a 3 terabyte hard drive configured with 2.78 terabytes of accessible storage. d. I was unable to determine the drive size because it was so badly damaged
CH 16 Quiz In what court case did the court summarize the process of determining whether an expert should be disqualified because of previous contact with an opposing party? a. Tidemann v. Toshiba Corp b. Wang Laboratories, Inc v. Toshiba Corpc c. Tidemann v. Nadler Golf Car Sales, Inc d. Hewlett-Pachard v. EMC Corp
b. Wang Laboratories, Inc v. Toshiba Corpc
CH 15 Review At trial as a fact or expert witness, what must you always remember about your testimony? a. You're responsible for the outcome of the case b. Your duty is to report your technical or scientific findings or render an honest opinion c. Avoid mentioning how much you were paid for your services d. All of the above
b. Your duty is to report your technical or scientific findings or render an honest opinion
CH 14 Quiz If a report is long and complex, you should include a(n) _____________. a. appendix b. abstract c. glossary d. table of contents
b. abstract
CH 14 Quiz The ________________ section of a report starts by referring to the report's purpose, states the main points, draws conclusions, and possibly renders an opinion. a. body b. conclusion c. appendix d. reference
b. conclusion
CH 16 Quiz Before allowing an attorney to describe any case details, determine who the parties are to reduce the possibility of a _______________. a. collaboration b. conflict c. mistrial d. contradiction
b. conflict
CH 15 Quiz The ____ is the most important part of testimony at a trial. a. cross-examination b. direct examination c. rebuttal d. motions in limine
b. direct examination
CH 15 Quiz There are two types of depositions: ____ and testimony preservation. a. examination b. discovery c. direct d. rebuttal
b. discovery
CH 14 Quiz An ___________________ is a document that serves as a guideline for knowing what questions to expect when you're testifying. a. testimony procedure b. examination plan c. planned questionnaire d. testimony excerpt
b. examination plan
CH 14 Quiz An expert's opinion is governed by FRCP, Rule 26, and the corresponding rule in many states. a. true b. false
b. false
CH 15 Quiz Like a job resume, your CV (curriculum viate) should be geared for a specific trial. a. true b. false
b. false
CH 15 Quiz You should create a formal checklist of your procedures that's applied to all your cases or include such a checklist in your report. a. true b. false
b. false
CH 16 Quiz Expert opinions cannot be presented without stating the underlying factual basis. a. true b. false
b. false
CH 16 Quiz The American Bar Association (ABA) is a licensing body. a. true b. false
b. false
CH 16 Quiz ____ questions can give you the factual structure to support and defend your opinion. a. rapid-fire b. hypothetical c. setup d. compound
b. hypothetical
CH 16 Quiz People who fear having their ______________ acts revealed feel as though they must protest the ________________ acts of others being revealed. a. legal b. improper c. secret d. public
b. improper
CH 13 Quiz A ??? is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface a. configuration manager b. management plane c. backdoor d. programming language
b. management plane
CH 15 Quiz Generally, the best approach your attorney can take in direct examination is to ask you ____ questions and let you give your testimony. a. setup b. open-ended c. compound d. repid-fire
b. open-ended
CH 16 Quiz The purpose of requesting the ________________ is to deter attorneys from communicating with you solely for the purpose of disqualifying you. a. case b. retainer c. juror list d. evidence
b. retainer
CH 14 Quiz If a preliminary report is written, destroying the preliminary report after the final report is complete could be considered ______________. a. proper data security b. spoliation c. beneficial d. necessary
b. spoliation
CH 13 Quiz The Google drive file ??? contains a detailed list of a user's cloud transactions a. loggedtransactions.log b. sync_log.log c. transact_user.db d. history.db
b. sync_log.log
CH 14 Quiz How you format _____________ is less important than being consistent in applying formatting. a. words b. text c. paragraphs d. sections
b. text
CH 13 Quiz Where is the snapshot database created by Google Drive located in Windows a. C:/Program Files/Google/Drive b.C:/Users/username/AppData/Local//Google/Drive c. C:/Users/username/Google/Google drive d. C:/Google/drive
b.C:/Users/username/AppData/Local//Google/Drive
CH 14 Quiz How many words should be in the abstract of a report? a. 50 to 100 words b. 100 to 150 words c. 150 to 299 words d. 200 to 250 words
c. 150 to 299 words
CH 15 Review What is the motion in limine? a. A motion to discuss the case b. THe movement of molecules in a random fashion c. A pretrial motion for the purpose of excluding certain evidence d. A pretrial motion to revise the case schedule
c. A pretrial motion for the purpose of excluding certain evidence
CH 13 Quiz The ??? is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more a. OpenStack Framework Alliance b. vCluod Security Advisory Panel c. Cloud Security Alliance d. Cloud Architecture Group
c. Cloud Security Alliance
CH 14 Quiz _______________ is the process of opposing attorneys seeking information from each other. a. Subpoena b. Warranting c. Discovery d. Digging
c. Discovery
CH 15 Review What kind of information do fact witnesses provide during testimony? (Choose all that apply) a. Their professional opinion on the significance of evidence b. Definitions of issues to be determined bu the founder of the fact c. Facts only d. Observations of the results of tests they performed.
c. Facts only d. Observations of the results of tests they performed.
CH 14 Quiz The rule that states that testimony is inadmissible unless it is "testimony deduced from a well-recognized scientific principle or discovery; the thing from which the deduction is made must be sufficiently established to have gained general acceptance in the particular field in which it belongs", was established in what court case? a. Daubert v. Merrell Dow Pharmaceuticals, Inc b. Smith v. United States c. Frye v. United States d. Dillon v. United States
c. Frye v. United States
CH 16 Review What purpose does making your own recording during a deposition serve? a. It shows the court reporter that you do not trust him or her b. It assists you with reviewing the transcript of the deposition c. It allows you to review your testimony with your attorney during breaks. d. It prevents opposing counsel from intimidating you.
c. It allows you to review your testimony with your attorney during breaks.
CH 14 Review Which of the following statements about the legal-sequential numbering system in report writing is true? a. It's favorable because it's easy to organize and understand b. It's most effective for shorter reports c. It doesn't indicate the relative importance of information d. It's required for reports submitted in federal court
c. It doesn't indicate the relative importance of information
CH 14 Review Which of the following is the standard format for filed reports in electronically in federal courts? a. Word b. Excel c. PDF d. HTML e. Any of the above
c. PDF
CH 13 Quiz What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing a. Amazon EC2 b. IBM Cloud c. Salesforce d. HP Helion
c. Salesforce
CH 15 Review If you're giving an answer that you think your attorney should follow up on, what should you do? a. Change the tone of your voice b. Argue with the attorney who asked the question c. Use an agreed-on expression to alert the attorney to follow up on the question d. Try to include as much information in your answer as you can.
c. Use an agreed-on expression to alert the attorney to follow up on the question
CH 13 Quiz Which of the following is NOT a service level for the cloud a. Platform as a service b. Infrastructure as a service c. Virtualization as a service d. Software as a service
c. Virtualization as a service
CH 16 Review What are some risks of using tools you have created yourself? a. The tool might not perform reliably b. The judge might be suspicious of the validity of the results c. You might have to share the tool's source code with opposing counsel for review d. The tool doesn't generate the reports in a standard format
c. You might have to share the tool's source code with opposing counsel for review
CH 15 Quiz Sometimes opposing attorneys ask several questions inside one question; this practice is called a ____ question. a. leading b. hypothetical c. compound d. rapid-fire
c. compound
CH 14 Quiz A report using the _________________ system divides material into sections and restarts numbering with each main section. a. numerically ordered b. hierarchical c. decimal numbering d. number formatted
c. decimal numbering
CH 16 Quiz Attorneys search ____ for information on expert witnesses. a. cross-examination banks b. examination banks c. deposition banks d. disqualification banks
c. deposition banks
CH 13 Quiz The ??? Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system a. read_filejournal b. filetx.log c. filecache.dbx d. filecache.dll
c. filecache.dbx
CH 14 Quiz The _________________ numbering system is often used in legal pleadings. Each Roman numeral represents a major aspect of the report, and each Arabic numeral is an important piece of supporting information. a. decimal b. ordered-sequential c. legal-sequential d. reverse-order
c. legal-sequential
CH 14 Quiz When writing a report, group related ideas and sentences into ___________________, a. chapters b. sections c. paragraphs d. separate reports
c. paragraphs
CH 16 Quiz The most important laws applying to attorneys and witnesses are the ____. a. professional ethics b. rules of ethics c. rules of evidence d. professional codes of conduct
c. rules of evidence
CH 15 Quiz Leading questions such as "Isn't it true that forensics experts always destroy their handwritten notes?" are referred to as ____ questions. a. hypothetical b. attorney c. setup d. nested
c. setup
CH 14 Quiz In addition to opinions and exhibits, the ______________ must specify fees paid for the expert's services and list all other civil or criminal cases in which the expert has testified. a. verbal report b. informal report c. written report d. preliminary report
c. written report
CH 15 Quiz Jurors typically average just over ____ years of education and an eighth-grade reading level. a. 9 b. 10 c. 11 d. 12
d. 12
CH 15 Quiz If a microphone is present during your testimony, place it ____ to eight inches from you. a. 3 b. 4 c. 5 d. 6
d. 6
CH 16 Quiz The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients. a. HTCIA b. IACIS c. ISFCE d. ABA
d. ABA
CH 16 Quiz ____ offers the most comprehensive regulations of any professional organization and devote an entire section to forensics activities. a. AMA's law b. ABA's model rule c. ABA's model codes d. APA's ethics code
d. APA's ethics code
CH 14 Review An expert witness can give an opinion in which the following situations. a. The opinion, inferences, or conclusions depend on a special knowledge, skills, or training not within the ordinary experience of lay people b. The witness is shown to be qualified as a true expert in the field c. The witness testifies to a reasonable degree of certainty (probability) about his or her opinion, inference, or conclusion. d. All of the above
d. All of the above
CH 13 Quiz Select the folder below that is most likely to contain Dropbox files for a specific user a. C:/User/username/AppData/Dropbox b. C:/Dropbos c. C:/Users/Dropbox d. C:/Users/username/Dropbox
d. C:/Users/username/Dropbox
CH 14 Review When writing a report, what's the most important aspect of formatting? a. A neat appearance b. Size of the font c. Clear use of symbols and abbreviations d. Consistency
d. Consistency
CH 13 Review What are the two states of encrypted data in a secure cloud? a. RC4 and RC5 b. CRC-32 and UTF-16 c. Homomorphic and AES d. Data in motion and data at rest
d. Data in motion and data at rest
CH 13 Quiz Metadata in a prefetch file contains an application's ??? times in UTC format and a counter of how many times the application has run since the prefect file was created a. startup / access b. log event c. ACL d. MAC
d. MAC
CH 16 Review When you begin a conversation with an attorney about a specific case, what should you do? (Choose all that apply) a. Ask to meet with the attorney b. Answer his or her questions in as much detail as possible c. Ask who the parties in the case are d. Refuse to discuss details until a retainer agreement is returned
d. Refuse to discuss details until a retainer agreement is returned
CH 13 Review Evidence of cloud access found on a smartphone usually means which cloud service level was in use? a. IaaS b. HaaS c. PaaS d. SaaS
d. SaaS
CH 14 Quiz Which type of report typically takes place in an attorney's office? a. Examination Plan b. Written Report c. Preliminary Report d. Verbal Report
d. Verbal Report
CH 13 Review When should a temporary restraining order be requested for cloud environment? a. When cloud customers need immediate access to their data b. To enforce a court order c. When anti-forensics techniques are suspected d. When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case.
d. When a search warrant requires seizing a CSP's hardware and software used by other parties not involved in the case.
CH 14 Quiz As with any research paper, write the ___________________ last. a. appendix b. body c. acknowledgements d. abstract
d. abstract
CH 15 Quiz ___ is an attempt by opposing attorneys to prevent you from serving on an important case. a. conflict of interest b. warrant c. deposition d. conflicting out
d. conflicting out
CH 15 Quiz A ____ differs from a trial testimony because there is no jury or judge. a. rebuttal b. plaintiff c. civil case d. deposition
d. deposition
CH 15 Quiz ____ evidence is evidence that exonerates or diminishes the defendant's liability. a. rebuttal b. plaintiff c. inculpatory d. exculpatory
d. exculpatory
CH 16 Quiz Computer forensics examiners have two roles: fact witness and ____ witness. a. professional b. direct c. discovery d. expert
d. expert
CH 13 Quiz What information blow is not something recorded in Google Drive's snapshot.db file a. modified and created times b. URL pathnames c. file access records d. file SHA values and sizes
d. file SHA values and sizes
CH 15 Quiz ____ is a written list of objections to certain testimony or exhibits. a. defendant b empanelling the jury c. plaintiff d. motion in limine
d. motion in limine
CH 13 Quiz To reduce the time it takes to start applications, Microsoft has created ??? files, which contain the DLL pathnames and metadata used by application a. temp b. cache c. config d. prefetch
d. prefetch
CH 14 Quiz What rule of the Federal Rules of Civil Procedure requires that parties who anticipate calling an expert witness to testify must provide a copy of the expert's written report that includes all opinions, the basis for the opinions, and the information considered in coming to those opinions? a. rule 24 b. rule 35 c. rule 36 d. rule 26
d. rule 26
CH 13 Quiz Which of the following is NOT one of the five mechanisms the government can use to get electronic information from a provider a. search warrants b. subpoenas c. court orders d. seizure order
d. seizure order
CH 13 Quiz With cloud systems running in a virtual environment, ??? can give you valuable information before, during, and after an incident a. carving b. live acquisition c. RAM d. snapshot
d. snapshot
CH 16 Quiz What do the last 8 bits of a Unicode value represent? a. language identification b. character hexadecimal values c. file type identification d. font selection
pg 578 a. language identification
CH 16 Quiz On NTFS drives, Unicode values are how many bits in length? a. 8 bits b. 32 bits c. 16 bits d. 64 bits
pg 578 c. 16 bits
CH 16 Quiz What are the first 8 bits of a Unicode value used for? a. file type identification b. font selection c. character hexadecimal values d. language identification
pg 578 c. character hexadecimal values
CH 16 Quiz When converting plain text to hexadecimal for use with ProDicsover, you need to place ??? between each character's hexadecimal values. a. space (A0) values b. blank (00) values c. null (FF) values d. null (00) values
pg 578 d. null (00) values