C840/D431 - Digital Forensics Practice Questions

C840/D431 - Digital Forensics Practice Questions Leave the first rating Students also studied Terms in this set (72) Science Computer Science Computer Security and Reliability Save Certified in cybersecurity practice q...143 terms michaelblowPreview SNIFFING & SESSION HIJACKING

• terms

Alma2k17Preview Crypto Quiz 1 12 terms madninja15Preview

301 LOC

27 terms Luc Which law requires a free opt-out option?CAN-SPAM Act. The CAN-SPAM Act is a U.S. law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.Which law led to the creation of the Electronic Crimes Task Force?USA PATRIOT Act. The USA PATRIOT Act included provisions for the establishment of the ECTF to combat electronic crimes, including cyberterrorism and other computer-related offenses.Where would they find logs about connections to remote computers?The ForwardedEvents log is used to store events collected from remote computers. This has data in it only if event forwarding has been configured.A forensic specialist is getting ready to collect digital evidence. What should they do first?Review the Chain of Custody. The first step in collecting digital evidence is to carefully review and document the chain of custody. This involves documenting who has had access to the device or data, when it was accessed, and any changes made to it since the incident occurred. By carefully documenting the chain of custody, the specialist can ensure that the evidence is admissible in court and has not been tampered with.Which law suggests setting up forensic laboratories? US Patriot Act. The USA Patriot Act is a law passed by the US Congress in response to the 9/11 terrorist attacks. It includes provisions for the establishment and funding of forensic laboratories to assist law enforcement agencies in the investigation and prosecution of terrorism and other crimes. The Act also provides for the training and certification of forensic specialists and the development of standards and protocols for the collection and analysis of evidence.What is steganography used for?Steganography is the practice of concealing a message, image, or file within another message, image, or file in such a way that it is difficult to detect or decipher the hidden content.

What would be used to make a bit-by-bit copy of a windows 8 computer?FTK Imager can create a forensic disk image of a Windows 8 computer by creating a bit-by-bit copy of the entire hard drive or storage media, including any deleted or hidden data.What would be used to detect files leaving the network using steganography?FTK is likely to be most effective in detecting steganographically hidden files leaving the network.What's inside an email header?An email header is a section of an email message that contains metadata about the message, such as the sender and recipient information, date and time of sending, and information about the email server that handled the message.Which storage tech uses NAND?NAND is a type of flash memory technology commonly used in SSDs, USB drives, and memory cards.How does NAND work?Most SSDs use Negated AND (NAND) gate-based flash memory, which retains memory even without power.What is AFF?The Advanced Forensic Format (AFF) is a file format used in digital forensics to store disk images, file systems, and other digital evidence.What programs uses AFF file format?Autopsy and Sleuth Kit use the AFF format because it offers flexibility, scalability, compression, and encryption, which are important features for digital forensic investigations.What can be used to unlock an iPhone?XRY can be used to bruteforce iPhone devices it tries multiple pins to gain access to device.Which tool can do a workflow check of steganography? StegExpose is an open-source steganalysis tool that can detect hidden information in image files. It can detect a wide range of steganographic techniques, including JSteg, F5, and OutGuess.What's Data Doctor?Data Doctor Forensic Software is a powerful tool used in digital forensics investigations this product recovers all Inbox and Outbox data and all contact data.What does the command /var/log/lpr do?Linux Printer Log. /var/log/lpr is a directory on Linux/Unix systems where log files related to the Line Printer (lpr) service are stored, containing information about printing jobs submitted to the system via the lpr service.Where does windows store pw?Windows stores hashed passwords in the SAM (Security Accounts Manager).Law for being able to collect GPS location?The Wireless Communications and Public Safety Act of 1999.Where do deleted Apple iPhone/iPad files go?/.Trashes/501 Which type of data are the authorities allowed to get from service providers?In general, authorities may be allowed to obtain basic subscriber information such as the name, address, and phone number of an account holder. This information may be obtained without a warrant in some cases, depending on the specific circumstances and applicable laws.

What is Transactional Data and does it require a warrant? Transactional data such as call logs, text messages, and internet usage records may also be obtained by authorities in some cases, but typically require a warrant or court order. The specific requirements for obtaining this type of data will depend on the laws and regulations of the jurisdiction in question.What is CALEA?The Communications Assistance for Law Enforcement Act (CALEA) is a US law that requires telecommunications companies to make their networks and services accessible to law enforcement agencies for lawful interception and surveillance of electronic. (Wiretap) What is COPPA?The Children's Online Privacy Protection Act (COPPA) is a US law that requires website operators to obtain parental consent before collecting personal information from children under the age of 13.What is CSA?The Computer Security Act of 1987 was passed to improve the security and privacy of sensitive information in federal computer systems. The law requires the establishment of minimum acceptable security practices, creation of computer security plans, and training of system users or owners of facilities that house sensitive information.What is ECPA?The Electronic Communications Privacy Act (ECPA) is a US law that governs the interception of electronic communications, including email, voicemail, and other forms of digital communication.What is 8 US 2252B?This is a section of US law that deals with the production, distribution, and possession of child pornography, and imposes criminal penalties for these activities.What is 4th Amendment?The Fourth Amendment to the US Constitution protects citizens from unreasonable searches and seizures by the government. In the context of digital forensics, this means that law enforcement must obtain a warrant before conducting a search of digital devices or networks.What is SCA?The focus of Chapter 31 is the Stored Communications Act, 18 U.S.C. §§ 2701-12 ("SCA"). The SCA governs how investigators can obtain stored account records and contents from network service providers, including Internet service providers ("ISPs"), telephone companies, and cell phone service providers. SCA issues arise often in cases involving the Internet: when investigators seek stored information

concerning Internet accounts from providers of Internet service [source: DOJ-

Manual.pdf (clarkcunningham.org)] What is .pst? ( Outlook )PST stands for "Personal Storage Table". It is a file format used by Microsoft Outlook to store email, calendar, and contact information. It can be exported from Exchange Server for backup or archiving purposes.What is .ost?Offline Outlook Storage. OST stands for "Offline Storage Table". It is a file format used by Microsoft Outlook to store a synchronized copy of a user's mailbox on their local computer. The OST file allows users to access their mailbox even when they are not connected to the Exchange Server.What is .mbx or .dbx?File formats used by older versions of Microsoft Outlook Express to store email messages. They have largely been replaced by newer file formats like .pst and .ost

What is mbx?MBX is a file format used by Eudora email client to store email messages.What is .emi?EMI stands for "Exchange Message Interface". It is a proprietary file format used by Microsoft Exchange Server to store email messages and attachments.What is .edb?EDB stands for Exchange Database. It is a file format used by Microsoft Exchange Server to store mailbox data such as emails, calendar entries, contacts, and tasks What is .db?DB stands for Database. It is a generic file format used to store structured data in a database. The format may vary depending on the database management system (DBMS) being used.What is .odt?The OpenDocument Text (ODT) format is an open standard file format used for storing text documents. It is used by many word processing applications, including LibreOffice and OpenOffice.What is Internet Forensics?Internet forensics is the process of piecing together where and when a user has been on the internet. For example, you can use internet forensics to determine whether inappropriate internet content access and downloading were accidental What is the Wireless Communications and Public Safety Act of 1999?The Wireless Communications and Public Safety Act of 1999 allows for collection and use of "empty" communications, which means nonverbal and nontext communications, such as GPS information.What is The Sarbanes-Oxley Act of 2002?The Sarbanes-Oxley Act of 2002 contains many provisions about recordkeeping and destruction of electronic records relating to the management and operation of publicly held companies.Are warrants needed when evidence in plain sight? Warrants are not needed when evidence is in plain sight.What is the legal requirement for granting consent for a property, according to court rulings?Courts have held that only the actual owner of a property can grant consent, or someone who has legal guardianship of the owner.What are the five types of drive connections?Integrated Drive Electronics (IDE) [spoiler answer], Extended Integrated Drive Electronics (EIDE), Parallel Advanced Technology Attachment (PATA), Serial Advanced Technology Attachment (SATA), Serial SCSI.What type of memory technology is commonly used in SSDs, and what unique feature does it possess that allows it to retain memory even without power?Most SSDs use Negated AND (NAND) gate-based flash memory, which retains memory even without power.What is AFF?The Advanced Forensic Format (AFF) is a file format used in digital forensics to store disk images, file systems, and other digital evidence used by Sleuth Kit and Autopsy.What is Encase?This tool allows the examiner to connect an Ethernet cable or null modem cable to a suspect machine and to view the data on that machine.