CYBR 7050
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside.
/etc/sendmail.cf
Most packet analyzers operate on layer 2 or ____ of the OSI model.
3
Search warrants are not required in which of the following circumstances in the US?
All of the above - stop-and-frisk - when evidence is being destroyed - when consent is provided
Select the folder below that is most likely to contain Dropbox files for a specific user:
C:\Users\username\AppData\Dropbox
Which of the following crimes do local law enforcement agencies investigate the least in the US?
Computer hacking
____ is a layered network defense strategy developed by the National Security Agency (NSA).
Defense in Depth
Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations.
E3:DS
It is not necessary to utilize write blockers when imaging a drive so as to ensure a forensically sound capture is made.
False
Law enforcement in the US can compel suspects to provide decryption keys in the event encrypted evidence is identified on their digital devices but there is no information present to suggest there is incriminating evidence present in those files.
False
Local police officers feel that cybercrimes are a major problem in their communities.
False
Remote applications are often easier because you're usually dealing with large volumes of data.
False
Similar to Linux, Windows also has built-in hashing algorithm tools for digital forensics.
False
The distribution of malware for economic gain could be considered an act of cyber-violence.
False
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
False
The validity and acceptability of the software tools EnCase and FTK have not been established or upheld in any court of law.
False
When intruders break into a network, they rarely leave a trail behind.
False
What phrase references the process of searching for files and extracting that data without considering the larger file systems?
File carving
Which of the following is not a part of the Daubert standard for the admissibility of scientific evidence?
Grant funding
Data ____ involves changing or manipulating a file to conceal information.
Hiding
By the early 1990s, the ____ introduced training on software for forensics investigations.
IACIS
____ compression compresses data by permanently discarding bits of information in the file.
Lossy
Metadata in a prefetch file contains an application's ____ times in UTC format and a counter of how many times the application has run since the prefetch file was created.
MAC
A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones.
Micro Systemation XRY
To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes.
NSRL
What US government agency operates the Computer Forensic Tool Testing Project?
National Institute of Standards and Technology (NIST)
For personal use, ____ have been replaced by iPods, iPads, and other mobile devices.
PDAs
____ recovery is becoming more common in digital forensic analysis.
Password
Attorneys can now submit documents electronically in many courts; the standard format in U.S. federal courts is ____.
Portable Document Format (PDF)
For labs using high-end ____ servers or a private cloud (such as Dell PowerEdger or Digital Intelligence FREDC), you must consider methods for restoring large data sets.
RAID
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?
Salesforce
____ has been used to protect copyrighted material by inserting digital watermarks into a file.
Steganography
____ is a data-hiding technique that uses host files to cover the contents of a secret message.
Steganography
A separate manual validation is recommended for all raw acquisitions at the time of analysis.
True
By using marketing to attract new customers or clients, you can justify future budgets for the lab's operation and staff.
True
Computing systems in a forensic lab should be able to process typical cases in a timely manner.
True
Cyberdeviance is defined as an activity that does not violate the law, but may go against local community standards.
True
Federal or national law enforcement agencies in most nations investigate transnational cybercrimes where offenders and victims reside in different nations.
True
Forensic linguistics encompasses civil cases, criminal cases, cyberterrorism cases, and other legal proceedings.
True
In 2010, both VMware and BlackBerry were thinking of developing type 2 hypervisors for mobile devices.
True
In Autopsy and many other forensics tools, raw format image files don't contain metadata.
True
The examination phase of investigation involves the recovery, extraction, .and analysis of digital data.
True
The use of anonymization tools like proxies and Tor reduce the likelihood of identification by law enforcement agencies.
True
When writing a report, style means the tone of language you use to address the reader.
True
A written report is frequently a(n) ____ or a declaration.
affidavit
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.
checkpoint
What is the term used to describe the stage in the forensic process where data is retrieved and preserved?
collection/acquisition
The files that provide helpful information to an e-mail investigation are log files and ____ files.
configuration
Any act that violates codified legal statutes is considered what?
crime
Computer hacking would be placed under which category in Wall's typology of cybercrime?
cyber-trespass
You can use the ____ to help your attorney learn the terms and functions used in digital forensics.
examination plan
It's the investigator's responsibility to write the affidavit, which must include ____ (evidence) that support the allegation to justify the warrant.
exhibits
Which of the following agencies have the primary responsibility for the investigation of transnational cybercrimes in the United States?
federal law enforcement
The file system for a SIM card is a ____ structure.
hierarchical
A written preliminary report is considered a ____ document because opposing counsel can demand discovery on it.
high-risk
Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
key escrow
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.
mbox
What is the name for the doctrine that allows police to search and seize evidence that may not be indicated in a search warrant but is in plain view of the officer and incriminating?
plain view
Your ____ as a digital investigation and forensics analyst is critical because it determines your credibility.
professional conduct
Which of the following levels of law enforcement in the US investigate crimes when jurisdictional conflicts exist between local agencies?
state police
What term is used to describe the period of time when forensic procedures and computer crime legislation began to harmonize?
structured phase
