Computer Forensics Final Review

Ace your homework & exams now with Quizwiz!

A secure storage container or cabinet should be made of ____ and include an internal cabinet lock or external padlock.

.steel

A ____ enables you to run another OS on an existing physical computer (known as the host computer) by emulating a computer's hardware environment.

.virtual machine

On a Linux computer, ____ represents file systems exported to remote hosts

/etc/exports

In the NTFS MFT, all files and folders are stored in separate records of ____ bytes each

1024

Most packet analyzers operate on layer 2 or ____ of the OSI model.

3

One of the pillars of cybersecurity is the CIA Triad. The 'A' stands for _________.

Availability

____ is a layered network defense strategy developed by the National Security Agency (NSA).

Defense in Depth

Corporate investigators always have the authority to seize all computer equipment during a corporate investigation.

False

E-mail crimes and violations rarely depend on the city, state, and country in which the e-mail originated.

False

Most basic phones use the same OSs as PCs.

False

Changing the extension on a file name does not change the file type in the _______.

File Header

The 3G standard was developed by the ____ under the United Nations.

International Telecommunications Union

AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.

KFF

____ compression compresses data by permanently discarding bits of information in the file.

Lossy

Autopsy uses ____ to validate an image

MD5

Frequency-hopping is used by CDMA as both a security measure and to increase cell tower throughput. Frequency hopping was patented by _______.

None of the above

To complete a forensic disk analysis and examination, you need to create a ____.

Report

In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

SYN flood

.____ increases the time and resources needed to extract, analyze, and present evidence.

Scope creep

. This device is called a ______ and is a non-conducting probe used to form, shape, guide, and separate fine computer wire terminals, telephone wires and cables.

Spudger

Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel.

Time Division Multiple Access

A challenge with using social media data in court is authenticating the author and the information.

True

A judge can exclude evidence obtained from a poorly worded warrant

True

A separate manual validation is recommended for all raw acquisitions at the time of analysis

True

After a judge approves and signs a search warrant, it's ready to be executed, meaning you can collect evidence as defined by the warrant.

True

After retrieving and examining evidence data with one tool, you should verify your results by performing the same tasks with other similar forensics tools.

True

Because bring your own device (BYOD) has become a business standard, investigators must consider how to keep employees' personal data separate from case evidence.

True

Before OS X, the Hierarchical File System (HFS) was used, in which files are stored in directories (folders) that can be nested in other directories.

True

Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.

True

By the 1970s, electronic crimes were increasing, especially in the financial sector.

True

If a file contains information, it always occupies at least one allocation block.

True

If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.

True

In 1999, Salesforce.com developed a customer relationship management (CRM) Web service that applied digital marketing research to business subscribers so that they could do their own market analysis; this service eventually led the way to the cloud.

True

Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.

True

Private-sector cases, such as employee abuse investigations, might not specify limitations in recovering data.

True

Some acquisition tools don't copy data in the host protected area (HPA) of a disk drive.

True

Specially trained system and network administrators are often a CSP's first responders.​

True

The type of file system an OS uses determines how data is stored on the disk.

True

____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage.

Type 1

Which of the following is NOT a service level for the cloud?

Virtualization as a service

. A ____ usually appears when a computer starts or connects to the company intranet, network, or virtual private network (VPN) and informs end users that the organization reserves the right to inspect computer systems and network traffic at will.

Warning Banner

Criminal investigations are limited to finding data defined in the search ____.

Warrant

Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!

Zoho

In the ____, you justify acquiring newer and better resources to investigate digital forensics cases.

business case

A ____ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.

court order

A ____ plan specifies how to rebuild a forensic workstation after it has been severely contaminated by a virus from a drive you're analyzing.

disaster recovery

In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.

pst

In macOS, w hen you're working with an application file, the ____ fork contains additional information, such as menus, dialog boxes, icons, executable code, and controls.

resource

Law enforcement investigators need a(n) ____ to remove computers from a crime scene and transport them to a lab.

warrant


Related study sets

Chapter 9 Textbook: Cognition and Perception

View Set

Quiz - Ch. 6A: GDP and the Measurement of Progress

View Set

Business Statistics - Chapter 5: Discrete Probability Distributions Quiz

View Set