Digital Forensics Final

What digital network technology was developed during World War II? a. TDMA b. CDMA c. GSM d. iDEN

b

Where is the snapshot database created by Google Drive located in Windows a. C:/Program Files/Google/Drive b.C:/Users/username/AppData/Local//Google/Drive c. C:/Users/username/Google/Google drive d. C:/Google/drive

b

Which of the following is not a valid source for cloud forensics training a. Sans Cloud Forensics with F-Response b. A+ Security c. INFOSEC Intitute d. (ISC)2 Certified Cyber Forensics Professional

b

____ questions can give you the factual structure to support and defend your opinion. a. rapid-fire b. hypothetical c. setup d. compound

b

​Before allowing an attorney to describe any case details, determine who the parties are to reduce the possibility of a _______________. a. collaboration b. conflict c. mistrial d. contradiction

b

​In what court case did the court summarize the process of determining whether an expert should be disqualified because of previous contact with an opposing party? a. Tidemann v. Toshiba Corp b. Wang Laboratories, Inc v. Toshiba Corpc c. Tidemann v. Nadler Golf Car Sales, Inc d. Hewlett-Pachard v. EMC Corp

b

​The ___________________ technology is designed for GSM and Universal Mobile Telecommunications Systems (UMTS) technology, supports 45 Mbps to 144 Mbps transmission speeds. a. WiMAX b. LTE c. MIMO d. UMB

b

​What organization is responsible for the creation of the requirements for carriers to be considered 4G? a. IEEE b. ITU-R c. ISO d. TIA

b

Computer forensics examiners have two roles: scientific/technical witness and ____ witness.

Expert

____ questions can give you the factual structure to support and defend you opinion.

Hypothetical

____ are the experts who testify most often.

Medical Professionals

The ABA's ____ contains provisions limiting the fees experts can receive for their services.

Model Code

Attorneys search ____ for information on expert witnesses. a. cross-examination banks b. examination banks c. deposition banks d. disqualification banks

c

The ??? Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system a. read_filejournal b. filetx.log c. filecache.dbx d. filecache.dll

c

The ??? is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more a. OpenStack Framework Alliance b. vCluod Security Advisory Panel c. Cloud Security Alliance d. Cloud Architecture Group

c

The most important laws applying to attorneys and witnesses are the ____. a. professional ethics b. rules of ethics c. rules of evidence d. professional codes of conduct

c

What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing a. Amazon EC2 b. IBM Cloud c. Salesforce d. HP Helion

c

What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds a. HP Helion b. Amazon EC2 c. XenServer and XenCenter Windows Management Console d. Cisco Cloud Computing

c

What standard introduced sleep mode to enhance battery life, and is used with TDMA?​ a. IS-99 b. IS-140 c. IS-136 d. IS-95

c

Which is not a valid method of deployment for a cloud a. community b. public c. targeted d. private

c

Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis? ​a. Chip-off b. Manual extraction c. Hex dumping d. Micro read

c

Which of the following is NOT a service level for the cloud a. Platform as a service b. Infrastructure as a service c. Virtualization as a service d. Software as a service

c

​Where is the OS stored on a smartphone? a. RAM b. Microprocessor c. ROM d. Read/write flash

c

​​Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA). a. TS-95 b. 802.11 c. IS-95 d. IS-136

c

FRE ____ describes whether the expert is qualified and whether the expert opinion can be helpful.

702

FRE ____ describes whether basis for the testimony is adequate.

703

The ___ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients.

ABA

The ____ Ethics Code cautions psychologists about the limitations of assessment tools.

APA's

_____ offers the most comprehensive regulations of any professional organization and devote an entire section to forensics activities.

APA's Ethics Code

Attorneys search ____ for information on expert witnesses.

Deposition Banks

A ??? is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities a. court order b. temporary restraining order c. warrant d. subpoena

a

A consultant who doesn't testify can earn a ____________________ for locating testifying experts or investigative leads. ​a. contingency fee b. retainer c. stake in a case d. reprimand

a

FRE ____ describes whether the expert is qualified and whether the expert opinion can be helpful. a. 702 b. 703 c. 704 d. 705

a

The ________________ technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and supports transmission speeds of 12 Mbps ​a. WiMAX b. CDMA c. UMB d. MIMO

a

What type of mobile forensics method listed by NIST guidelines involves looking at a device's content page by page and taking pictures? a. Manual extraction b. Chip-off c. Micro read d. Logical extraction

a

Which of the following options would represent a valid retainer?​ a. 2 to 8 hours of your usual billable rate b. a verbal agreement c. complete discussion of an ongoing case d. dissemination of evidence

a

Within NIST guidelines for mobile forensics methods, the ______________ method requires physically removing flash memory chips and gathering information at the binary level.​ a. Chip-off b. Logical extraction c. Micro read d. Manual extraction

a

A ??? is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface a. configuration manager b. management plane c. backdoor d. programming language

b

At what offset is a prefetch file's create date & time located a. 0x88 b. 0x80 c. 0x98 d. 0x90

b

Currently, expert witnesses testify in more than __ percent of trials. a. 55 b. 80 c. 92 d. 78

b

GSM refers to mobile phones as "mobile stations" and divides a station into two parts, the __________ and the mobile equipment (ME). ​a. antenna b. SIM card c. radio d. transceiver

b

People who fear having their ______________ acts revealed feel as though they must protest the ________________ acts of others being revealed. a. legal b. improper c. secret d. public

b

The ??? tool can be used by bypass a virtual machine's hypervisor, and can by used with OpenStack a. Openforensics b. FROST c. WinHex d. ARC

b

The Google drive file ??? contains a detailed list of a user's cloud transactions a. loggedtransactions.log b. sync_log.log c. transact_user.db d. history.db

b

The purpose of requesting the ________________ is to deter attorneys from communicating with you solely for the purpose of disqualifying you. a. case b. retainer c. juror list d. evidence

b

Select below the option that is not a typical feature of smartphones on the market today: a. Microprocessor b. Flash c. ROM d. Hard drive

d

Select the folder below that is most likely to contain Dropbox files for a specific user a. C:/User/username/AppData/Dropbox b. C:/Dropbos c. C:/Users/Dropbox d. C:/Users/username/Dropbox

d

The ____ has stated that, unlike attorneys, expert witnesses do not owe a duty of loyalty to their clients. a. HTCIA b. IACIS c. ISFCE d. ABA

d

The _______________ component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; sometimes referred to as a "cell phone tower".​ a. Vase station controller (BSC) b. Mobile switching center (MSC) c. Base transceiver controller (BTC) d. Base transceiver station (BTS)

d

To reduce the time it takes to start applications, Microsoft has created ??? files, which contain the DLL pathnames and metadata used by application a. temp b. cache c. config d. prefetch

d

What frequencies can be used by GSM with the TDMA technique a. 1200 to 1500 MHz b. 2.4 GHz to 5.0 GHZ c. 600 to 1000 MHz d. 800 to 1000 MHZ

d

What information blow is not something recorded in Google Drive's snapshot.db file a. modified and created times b. URL pathnames c. file access records d. file SHA values and sizes

d

Which component of cell communication is used to route digital packets for the network and relies on a database to support subscribers?​ a. Base station controller (BSC) b. Base transceiver station (BTS) c. Base transceiver controller (BTC) d. Mobile switching center (MSC)

d

Which of the following is not a type of peripheral memory card used in PDAs?​ a. Secure Digital (SD) b. Compact Flash (CF) c. Multimedia Card (MMC) d. RamBus (RB)

d

Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider a. search warrants b. subpoenas c. court orders d. seizure order

d

With cloud systems running in a virtual environment, ??? can give you valuable information before, during, and after an incident a. carving b. live acquisition c. RAM d. snapshot

d

____ offers the most comprehensive regulations of any professional organization and devote an entire section to forensics activities. a. AMA's law b. ABA's model rule c. ABA's model codes d. APA's ethics code

d

​What digital network technology is a digital version of the original analog standard for cell phones? a. GSM b. CDMA c. iDEN d. D-AMPS

d

The most important laws applying to attorneys and witness are the ____.

Rules of Evidence

On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures? a. Android b. Blackberry c. Windows RT d. iPhone

d

Computer forensics examiners have two roles: fact witness and ____ witness. a. professional b. direct c. discovery d. expert

d

FRE ____ describes whether basis for the testimony is adequate. a. 700 b. 701 c. 702 d. 703

d

In a prefetch file, the application's last access date and time are at offset ??? a. 0x80 b. 0x88 c. 0xD4 d. 0x90

d

Metadata in a prefetch file contains an application's ??? times in UTC format and a counter of how many times the application has run since the prefect file was created a. startup / access b. log event c. ACL d. MAC

d

Nonvolatile memory on a mobile device can contain OS files and stored user data, such as a __________________ and backed-up files. a. Professional Data Holder b. Personal Assistant Organizer c. Personal Data Manager d. Personal Information Manager

d