Final Review
In Linux most system configuration files are stored in the ____ directory.
/boot
In Linux, most applications and commands are in the ____ directory or its subdirectories bin and sbin.
/usr
If you're examining a forensic NTFS image from a Windows 7 or older system, you'll see two attribute ____: one for the short filename and one for the long filename.
0x30
In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each.
1024
For Windows XP, 2000, and NT servers and workstations, RAID 0 or ____ is available.
3
In general, forensics workstations can be divided into ____ categories.
3
Most packet analyzers operate on layer 2 or ____ of the OSI model.
3
FRE ____ describes whether the expert is qualified and whether the expert opinion can be helpful.
702
FRE ____ describes whether basis for the testimony is adequate.
703
In an e-mail address, everything after the ____ symbol represents the domain name.
@
Based on the incident or crime, the complainant makes a(n) ____, an accusation or supposition of fact that a crime has been committed.
Allegation
Select the folder below that is most likely to contain Dropbox files for a specific user:
C:/Users/username/Dropbox
Developed during WWII, this technology,____, was patented by Qualcomm after the war.
CDMA
Confidential business data included with the criminal evidence are referred to as ____ data.
Commingled
A ____ is a column of tracks on two or more disk platters.
Cylinder
There are two types of depositions: ____ and testimony preservation.
Discovery
Certain files, such as the ____ and Security log in Windows, might lose essential network activity records if power is terminated without a proper shutdown.
Event log
The software that runs virtual machines is called a ____.
Host
Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.
Key escrow
Metadata in a prefetch file contains an application's ____ times in UTC format and a counter of how many times the application has run since the prefect file was created.
MAC
Autopsy uses ____ to validate an image.
MD5
Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values.
MD5
Microsoft created SkyDrive as a cloud service that later became?
OneDrive
For personal use, ____ have been replaced by iPods, iPads, and other mobile devices.
PDA
A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.
Steel
Steganalysis tools are also called ____.
Steg tools
In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover.
Subpoenas
Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military.
UFED Reader
In what court case did the court summarize the process of determining whether an expert should be disqualified because of previous contact with an opposing party?
Wang Laboratories, Inc. v. Toshiba Corp
A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.
Warning banner
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!
Zoho
Most digital photographs are stored in the ____ format.
bitmap
Recovering fragments of a file is called ____.
carving
Sometimes opposing attorneys ask several questions inside one question; this practice is called a ____ question.
compound
A ____ is where you conduct your investigations, store evidence, and do most of your work.
digital forensics lab
In Windows 2000 and later, the ____ command shows you the file owner if you have multiple users on the system or network.
dir
The ____ is the most important part of testimony at a trial.
direct examination
A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.
disaster recovery
A(n) ____ is a person using a computer to perform routine tasks other than systems administration.
end user
Forensics examiners have two roles: fact witness and ____ witness.
expert
A(n) ____ should include all the tools you can afford to take to the field.
extensive-response field kit
Validate your tools and verify your evidence with ____ to ensure its integrity.
hashing algorithms
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.
honeynet
Current distributions of Linux include two hashing algorithm utilities: md5sum and ____.
sha1sum
The Google drive file ____ contains a detailed list of a user's cloud transactions.
sync_log.log
A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.
virtual machine
