comp forensics final

In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.

.pst

Most packet analyzers operate on layer 2 or ____ of the OSI model.

3

Which of the following is not a valid source for cloud forensics training?

A+ Security

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

BestCrypt

____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity.

Digital forensics tools, hexadecimal editors

Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations.

E3:DS

Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically.

EEPROM

Investigating crimes or policy violations involving e-mail is different than investigating other types of computer abuse and crimes.

False

Magnet AXIOM Cloud can retrieve information from Skype, Instagram, Twitter, iCloud, but not from Facebook Messenger.

False

TDMA refers to the ____ standard, which introduced sleep mode to enhance battery life.

IS-136

The SIM file structure begins with the root of the system (____).

MF

____ is a forensics software tool containing a built-in write blocker.

MOBILedit!

In a Windows environment, BitPim stores files in ____ by default.

My Documents\BitPim

The ____ digital network divides a radio frequency into time slots.

TDMA

If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.

True

The platform as a service cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure.

True

____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

Vector graphics

The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03.

XIF

In Facebook the ____ info simply tells you the last time a person logged on.

basic subscriber

____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.

brute-force

Recovering fragments of a file is called ____.

carving

____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.

circular logging

A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.

court order

One way to hide partitions is with the Windows disk partition utility, ____.

diskpart

A honeywall is a computer set up to look like any other machine on your network, but it lures the attacker to it.

false

All e-mail servers use databases that store multiple users' e-mails.

false

Remote acquisitions are often easier because you're usually dealing with large volumes of data.

false

Steganography cannot be used with file formats other than image files.

false

The IoA will eventually include 4G smart devices, and 4G mobile networks.

false

You use ____ to create, modify, and save bitmap, vector, and metafile graphics.

graphics editors

If you can't open a graphics file in an image viewer, the next step is to examine the file's ____.

header data

Data ____ involves changing or manipulating a file to conceal information.

hiding

The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes.

jpeg

____ compression compresses data by permanently discarding bits of information in the file.

lossy

A ____ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.

management plane

Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.

mbox

Mandiant ____ lists all open network sockets, including those hidden by rootkits.

memoryze

____ recovery is becoming more common in digital forensic analysis.

password

To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The "Internet headers" text box at the bottom of the dialog box contains the message header.

properties

Mobile devices can range from simple phones to ____.

smartphones

With cloud systems running in a virtual environment, ____ can give you valuable information before, during, and after an incident.

snapshot

____ is a good tool for extracting information from large Libpcap files.

tcpslice

Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel.

time division multiple access

Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM.

true

E-mail programs either save e-mail messages on the client computer or leave them on the server.

true

Evidence artifacts vary depending on the social media channel and the device.

true

Forensic linguistics encompasses civil cases, criminal cases, cyberterrorism cases, and other legal proceedings.

true

Homomorphic encryption uses an "ideal lattice" mathematical formula to encrypt data.

true

The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).

true

Criminal investigations are limited to finding data defined in the search ____.

warrant