Final for Computers in Forensics
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /etc/var/log/maillog /var/log/maillog /etc/sendmail.cf
/etc/sendmail.cf
___ provide additional resource material not included in the body of the report. Conclusion References Appendixes Discussion
Appendixes
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size. Automatic logging Server logging Circular logging Continuous logging
Circular logging
Save broader generalizations and summaries for the report's ____. appendixes discussion conclusion introduction
Conclusion
You can use the ____ to help your attorney learn the terms and functions used in digital forensics. final report preliminary report examination plan verbal report
Examination plan
Gaming consoles such as the Sony PlayStation and Xbox are safe because they don't contain information hackers might try to intercept and collect. True False
False
____ hide the most valuable data at the innermost part of the network. Firewalls Layered network defense strategies Protocols NAT
Layered network defense strategies
Most packet analyzers operate on layer 2 or ____ of the OSI model. 1 5 7 3
NOT 5
____ are devices or software placed on a network to monitor traffic. Honeypots Packet analyzers Bridges Hubs
Packet analyzers
___ cards are usually found in GSM devices and consist of a microprocessor and internal memory. SDD SIM SD MMC
SIM
Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence. False True
True
Signposts assist readers in scanning the text quickly by highlighting the main points and logical development of information. False True
True
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture
client/server architecture
Before allowing an attorney to describe any case details, determine who the parties are to reduce the possibility of a ____. mistrial collaberation contradiction conflict
conflict
Forensics examiners have two roles: fact witness and ____ witness. discovery expert direct professional
expert
A search warrant can be used in any kind of case, either civil or criminal. True False
false
Remote acquisitions are often easier because you're usually dealing with large volumes of data. True False
false
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect. True False
false
Type 1 hypervisors are usually the ones you find loaded on a suspect machine. False True
false
Like a job resume, your CV should be geared for a specific trial. False True
false-
A written preliminary report is considered a ____ document because opposing counsel can demand discovery on it. low-risk no-risk high-risk middle-risk
high risk
____ questions can give you the factual structure to support and defend your opinion. Rapid-fire Hypothetical Compound Setup
hypothetical
Mobile devices can range from simple phones to ____. feature phones flip phones PDAs smartphones
smart phones
Regarding a trial, the term ____ means rejecting potential jurors. venireman strikes voir dire rebuttal
strikes
When you give ____ testimony, you present this evidence and explain what it is and how it was obtained. technical/scientific lay witness expert deposition
technical/scientific
Exchange logs information about changes to its data in a(n) ____ log. checkpoint transaction communication tracking
transaction
As an expert witness, you have opinions about what you have found or observed. False True
true
In the United States, there's no state or national licensing body for digital forensics examiners. True False
true
The platform as a service cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure. True False
true
____ is a way to verify the names of domains a message is flowing through. www.dkim.org www.google.com www.juno.com www.whatis.com
www.dkim.org
