The chief executive officer (CEO) of a small computer company has identified a potential hacking attack from an outside competitor.
Which type of evidence should a forensics investigator use to identify the source of the hack?
How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene?
A computer involved in a crime is infected with malware. The computer is on and connected to the company's network. The forensic investigator arrives at the scene.
Which action should be the investigator's first step?
Which method is used to implement steganography through pictures?
An employee sends an email message to a fellow employee. The message is sent through the company's messaging server.
Which protocol is used to send the email message?
Which description applies to the Advanced Forensic Format (AFF)?
Which operating system (OS) uses the NTFS (New Technology File System) file operating system?
What are the three basic tasks that a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation?
An organization has identified a system breach and has collected volatile data from the system.
Which evidence type should be collected next?
An employee is suspected of using a company Apple iPhone 4 for inappropriate activities.
Which utility should the company use to access the iPhone without knowing the passcode?
An organization believes that a company-owned mobile phone has been compromised.
Which software should be used to collect an image of the phone as digital evidence?
Which technique allows a cybercriminal to hide information?
Thomas received an email stating he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account.
Which digital evidence should be considered to determine how Thomas' account information was compromised?
How is the Windows swap file, also known as page file, used?
A company has identified that a hacker has modified files on one of the company's computers. The IT department has collected the storage media from the hacked computer.
Which evidence should be obtained from the storage media to identify which files were modified?
Which directory contains the system's configuration files on a computer running Mac OS X?
Which tool should be used with sound files, video files, and image files?
Which storage format is a magnetic drive?
Which law or guideline lists the four states a mobile device can be in when data is extracted from it?
A forensic investigator needs to identify where email messages are stored on a Microsoft Exchange server.
Which file extension is used by Exchange email servers to store the mailbox database?
Which file system is supported by Mac?
A forensic scientist is examining a computer for possible evidence of a cybercrime.
Why should the forensic scientist copy files at the bit level instead of the OS level when copying files from the computer to a forensic computer?
A police detective investigating a threat traces the source to a house. The couple at the house shows the detective the only computer the family owns, which is in their son's bedroom. The couple states that their son is presently in class at a local middle school.
How should the detective legally gain access to the computer?