ISCS 377 Final Chapter 13
In a prefetch file, the app's last access date and time are at offset
0x90
___________ are written by judges to compel someone to do or not do something, such as a CSP producing user logon activities
Court Orders
A feature of FROST is that it requires a virtual machine's hypervisor to run T/F
False
A search warrant can be used in any kind of case, Civil and Criminal T/F
False
Magnet AXIOM cloud can retrieve information from Skype, etc. but not from facebook Messenger T/F
False
The _________ is used to identify, label, record and acquire data from the cloud
Forensic data collection tool
______ is used to get information when it is believed there is a danger of death or serious physical injury or for the National Center for Missing and Exploited Children
Government agency subpoenas
With this cloud service level, an organization supplies its own OS
Infrastructure as a Service IaaS
A ___________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly
Management Plan
_______ in the cloud covers data owners, identity protection, users, access controls, and so forth
Role Management
What cloud app offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing
Salesforce
With this cloud service level. applications are delivered via the internet
Software as a Service
Destroying, altering, hiding or failing to preserve evidence
Spoliation
Which of the following is NOT one of the challenges in conducting cloud forensics
incident third responders
To reduce the time it takes to start applications, Microsoft has created __________ files, which contain the DLL pathnames and metadata used by applications.
prefetch
The ___________ script converts DropBox's config.bd into a readable text file.
read_config.py
To get a _______ a government entity must show that theres a probable cause to believe the contents of a .....
search warrant
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider
seizure order
Digital forensics examiners could be held liable when conducting an investigation involving cloud data T/F
true
Homomorphic encryption uses an "ideal lattice" mathematical formula to encrypt data T/F
true
Specially trained system and network administrators are often a CSP's first responders T/F
true
The internet is the successor of the ARPANET T/F
true
The _______- tool can be used to bypass a VMs hypervisor and can be used with OpenStack
FROST
Select the folder below that is most likely to contain Dropbox files for a specific user
C:\Users\username\Dropbox
The _________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires and more
Cloud Security Alliance
Deallocating cloud resources that were assigned to a user or an organization
Deprovisioning
With this cloud service level, an OS can be installed on a cloud server
Platform as a Service PaaS
Allocating cloud resources, such as additional disk space
Provisioning
Anti-Forensics is used in cloud and other network environments T/F
True
Specially trained system and network administrators are often CSP's first responders T/F
True
The CSP's business continuity and disaster recovery plans are helpful in recovering and analyzing data for the investigation T/F
True
Which of the following is NOT a service level for the cloud?
Virtualization as a Service
