Computer Forensics
37. In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.
.pst
22. On a Linux computer, ____ represents file systems exported to remote hosts.
/etc/exports
50. You have a search warrant to seize a desktop computer. Put the steps in the correct order.
1. Take a photograph of the entrance to the room where the warrant is to be executed. 2. As you walk into the room, take photographs of your progress towards the evidence. 3. Photograph the computer from all angles, especially the cabling connections. 4. Attach an evidence tag to the device and fill out the top and first line of info. 5. If the computer is powered up, use forensics tools to copy the volatile memory contents.
15. In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.
1024
32. Most packet analyzers operate on layer 2 or ____ of the OSI model.
3
45. One of the pillars of cybersecurity is the CIA Triad. The 'A' stands for _________.
Availability
6. In the ____, you justify acquiring newer and better resources to investigate digital forensics cases.
Business Case
46. A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
Court order
4. A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.
Disaster Recovery
12. Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.
False
36. E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated.
False
42. Most basic phones use the same OSs as PCs.
False
30. Changing the extension on a file name does not change the file type in the _______.
File Header
43. The 3G standard was developed by the ____ under the United Nations.
International Telecommunications Union ITU
26. AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.
KFF
25. ____ compression compresses data by permanently discarding bits of information in the file.
Lossy
8. Autopsy uses ____ to validate an image.
MD5
44. Frequency-hopping is used by CDMA as both a security measure and to increase cell tower throughput. Frequency hopping was patented by _______.
None of the above is correct.
18. To complete a forensic disk analysis and examination, you need to create a ____.
Report
21. In macOS, w hen you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.
Resource
31. In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
SYN flood
29. ____ increases the time and resources needed to extract, analyze, and present evidence.
Scoop Creep
10. This device is called a ______ and is a non-conducting probe used to form, shape, guide, and separate fine computer wire terminals, telephone wires and cables.
Spudger
5. A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.
Steel
41. Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel.
Time Division Multiple Access
16. The type of file system an OS uses determines how data is stored on the disk.
True
17. After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.
True
19. Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories.
True
2. After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.
True
20. If a file contains information, it always occupies at least one allocation block.
True
23. Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.
True
24. If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.
True
28. Private-sector cases, such as employee abuse investigations, might not specify limitations in recovering data.
True
3. By the 1970s, electronic crimes were increasing, especially in the financial sector.
True
35. A challenge with using social media data in court is authenticating the author and the information.
True
38. Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
True
40. Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence.
True
47. In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.
True
48. Specially trained system and network administrators are often a CSP's first responders.
True
7. A separate manual validation is recommended for all raw acquisitions at the time of analysis.
True
9. Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.
True
11. A judge can exclude evidence obtained from a poorly worded warrant.
Ture
33. ____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage.
Type 1
14. A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.
VM
49. Which of the following is NOT a service level for the cloud?
Virtualization as a service
1. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
Warning Banner
13. Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.
Warrant
27. investigations are limited to finding data defined in the search ____.
Warrant
39. Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!
Zoho
34. ____ is a layered network defense strategy developed by the National Security Agency (NSA).
defense in depth
