CYBR 7050 -FINAL
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.
.pst
In a prefetch file, the application's last access date and time are at offset
0x90
An expert's opinion is governed by FRE, Rule ________, and the corresponding rule in many states.
705
In an e-mail address, everything after the _____ symbol represents the domain name
@
A verbal report is more structured than a written report
False
If you write a preliminary report, use words such as "preliminary copy", "draft copy," or "working draft"
False
Investigating crimes or policy violations involving e-mail is different than investigating other types of computer abuse and crimes.
False
The IoA will eventually include 4G smart devices, and 4G mobile networks.
False
When writing a report, use a formal, technical style.
False
The 3G standard was developed by the ______ under the United Nations
International Telecommunication Union
Metadata in a prefetch file contains an application's ______ times in UTC format and a counter of how many times the application has run since the prefect file was created
MAC
________ is a forensics software tool containing a built-in write blocker
MOBILedit
WinHex provides several hashing algorithms, such as MD5 and ______
SHA-1
In a(n) _________ attack, the attacker keeps asking your server to establish a connection
SYN flood
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and web site marketing?
Salesforce
If necessary, you can include _______ containing material such as raw data, figures not used in the body of the report, and anticipated exhibits
appendixes
Save broader generalizations and summaries for the report's _____
conclusion
Save broader generalizations and summaries for the report's _______
conclusion
A _______ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
court order
You can use the ______ to help your attorney learn t he terms and functions used in digital forensics
examination plan
E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated
false
For civil cases, including those involving digital forensics investigations, U.S district courts consider optional that expert witness submit written reports
false
Most organizations keep e-mail for longer than 90 days.
false
Network forensics is a fast, easy process
false
When intruders break into a network, they rarely leave a trail behind
false
autopsy for windows cannot analyze data files from other vendors
false
when viewingtwo files that look the same, but one has an invisible digital watermark, they appear to be the same file, expert for their sizes
false
The _______ Dropbox file store information on shared directories associated with a Dropbox user account and file transfer between Dropbox and the client's system
filecache.dbx
A written preliminary report is considered a __________ document because opposing counsel can demand discovery on it
high risk
The method for expressing an opinion is to have an attorney frame a ______ question based on available factual evidence
hypothetical
Many commercial encryption programs use a technology called _______, which is designed to recover encrypted data if users forget their passphrase or if the user key is corrupted after a system failure
key escrow
_______________ determines how long a piece of information last on system
order of volatility
____________ recovery is becoming more common in digital forensic analysis
password
To reduce the time it takes to start applications, Microsoft has created _______ files, which contain the DLL pathnames and metadata used by application
prefetch
______ alters hash values, which makes cracking passwords more difficult
salting passwords
To get a _____, a government entity must show that there's probable cause to believe the contents of a wire communication, an electronic communication, or other records are relevant to an ongoing criminal investigation.
search warrant
With cloud systems running in a virtual environment, _______ can give you valuable information before, during, and after an incident.
snapshots
Steganalysis tools are also called_______
steg tools
The term ________ comes from the greek word for "hidden writing"
steganography
________ has been used to protect copyrighted material by inserting digital watermarks into a file
steganograpy
__________ steganography replaces bits of the host file with other bits of data
substitution
_____________ can be programmed to examine TCP header to fin the SYN flag
tethereal
A challenge with using social media data in court is authenticating the author and the information
true
Bitmap images are collections of dots, or pixels, in a grid format that form a graphic
true
For digital, investigators, tracking intranet e-mail is easier because accounts use standard names the administrator established
true
Homomorphic encryption uses an "ideal lattice" mathematical formula to encrypt data
true
In network forensics, you have to restore the drive to see how malware that attackers have installed on the systems works
true
Research on wearable computers has been conducted at MIT labs for more than a decade, and these computers are now moving into working reality
true
The internet is the best source for learning more file format and their extension
true
Under copyright laws, maps and architectural plans may be registered as pictorial, graphic, and sculptural works
true
With many computer forensics tools, you can open files with external viewers
true
_________ are based on mathematical instructions that define line, curves, text, ovals, and other geometric shapes
vector graphic
Criminal investigations are limited to finding data defines in the search _________
warrant
The _______ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack
FROST
Which of the following is not a valid source for cloud forensics training?
A+ Security
________ provide additional resource material not included in the body of the report
Appendixes
Select the folder below that is most likely to contain dropbox files a specific user
C:\User\username\Dropbox
Where is the snapshot database created by google drive located in Windows?
C:\Users\username\AppData\Local\Google\Drive\user_default
______ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.
Circular logging
The _______ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Cloud Security Alliance
The _____ network is a digital version of the original analog standard for cell phones.
D-AMPS
Paraben Software, a vendor of mobile forensics software, often several tools, such as ____, for mobile device investigations
E3:DS
The _____ digital network, a faster version of GSM, is designed to deliver data.
EDGE
Typically, phones store system data in ______, which enables services providers to reprogram phones without having to access memory chips physically
EEPROM
Marking bad clusters data-hiding technique is more common with _______ file systems
FAT
To view e-mail headers on Yahoo! click the ____ list arrow, and click view raw message.
More
Attorneys can now submit documents electronically in many courts; the standard format in U.S federal courts is _______
Portable Document Format (PDF)
Exchange logs information about change to its data in a(n) _____ log.
Transaction
Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM
True
For static acquisitions, remove the original drive from the computer, if practical, and then check the date and time values in the system's CMOS.
True
In 2010, both VMWARE and blackberry were thinking of developing type 2 hypervisors for mobile devices
True
Signpost assist readers in scanning the text quickly by highlighting the main points and logical development of information
True
The defense for full discovery of digital evidence applies only to criminal cases in the United States
True
Cellebrite includes ______ a mobile forensics tool that's often used by law enforcement and the military.
UFED Reader
Intel _______ has responded to the need for security and performance by producing different CPU designs
Virtualization Technology (VT)
Then ________ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03
XIF
