A software company suspects that employees have set up automatic corporate email forwarding to their personal inboxes against company policy. The company
... [Show More] hires forensic investigators to identify the employees violating policy, with the intention of issuing warnings to them.
Which type of cybercrime investigation approach is this company taking?
A Civil
B Criminal
C Administrative
D Punitive Correct answer- C
Which model or legislation applies a holistic approach toward any criminal activity as a criminal operation?
A Enterprise Theory of Investigation
B Racketeer Influenced and Corrupt Organizations Act
C Evidence Examination
D Law Enforcement Cyber Incident Reporting Correct answer- A
What does a forensic investigator need to obtain before seizing a computing device in a criminal case?
A Court warrant
B Completed crime report
C Chain of custody document
D Plaintiff's permission Correct answer- A
Which activity should be used to check whether an application has ever been installed on a computer?
A Penetration test
B Risk analysis
C Log review
D Security review Correct answer- C
Which characteristic describes an organization's forensic readiness in the context of cybercrimes?
A It includes moral considerations.
B It includes cost considerations.
C It excludes nontechnical actions.
D It excludes technical actions. Correct answer- B
A cybercrime investigator identifies a Universal Serial Bus (USB) memory stick containing emails as a primary piece of evidence.
Who must sign the chain of custody document once the USB stick is in evidence?
A Those who obtain access to the device
B Anyone who has ever used the device
C Recipients of emails on the device
D Authors of emails on the device Correct answer- A
Which type of attack is a denial-of-service technique that sends a large amount of data to overwhelm system resources?
A Phishing
B Spamming
C Mail bombing
D Bluejacking Correct answer- C
Which computer crime forensics step requires an investigator to duplicate and image the collected digital information?
A Securing evidence
B Acquiring data
C Analyzing data
D Assessing evidence Correct answer- B
What is the last step of a criminal investigation that requires the involvement of a computer forensic investigator?
A Analyzing the data collected
B Testifying in court
C Assessing the evidence
D Performing search and seizure Correct answer- B
How can a forensic investigator verify an Android mobile device is on, without potentially changing the original evidence or interacting with the operating system?
A Check to see if it is plugged into a computer
B Tap the screen multiple times
C Look for flashing lights
D Hold down the power button Correct answer- C
What should a forensic investigator use to protect a mobile device if a Faraday bag is not available?
A Aluminum foil
B Sturdy container
C Cardboard box
D Bubble wrap Correct answer- A
Which criterion determines whether a technology used by government to obtain information in a computer search is considered innovative and requires a search warrant?
A Availability to the general public
B Dependency on third-party software
C Implementation based on open source software
D Use of cloud-based machine learning Correct answer- A
Which situation allows a law enforcement officer to seize a hard drive from a residence without obtaining a search warrant?
A The computer is left unattended.
B The front door is wide open.
C The occupant is acting suspicious.
D The evidence is in imminent danger. Correct answer- D
Which legal document contains a summary of findings and is used to prosecute?
A Investigation report
B Search warrant
C Search and seizure
D Chain of custody Correct answer- A
What should an investigator use to prevent any signals from reaching a mobile phone?
A Faraday bag
B Dry bag
C Anti-static container
D Lock box Correct answer- A
A forensic investigator is called to the stand as a technical witness in an internet payment fraud case.
Which behavior is considered ethical by this investigator while testifying?
A Providing and explaining facts found during the investigation
B Interpreting the findings and offering a clear opinion to the jury
C Helping the jury arrive at a conclusion based on the facts
D Assisting the attorney in compiling a list of essential questions Correct answer- A
A government agent is testifying in a case involving malware on a system.
What should this agent have complied with during search and seizure?
A Fourth Amendment
B Stored Communications Act
C Net Neutrality Bill
D Federal Rules of Evidence Correct answer- A
Which path should a forensic investigator use to look for system logs in a Mac?
A /var/log/cups/access_log
B /var/log/
C /var/audit/
D /var/log/install.log Correct answer- B
Which tool should a forensic investigator use to view information from Linux kernel ring buffers?
A arp
B dmesg
C fsck
D grep Correct answer- B
A forensic investigator makes a bit-stream copy of a Windows hard drive that has been reformatted. The investigator needs to locate only the Adobe PDF files on the hard drive.
Which tool should this investigator use?
A Quick Recovery
B Handy Recovery
C EaseUS Data Recovery
D Stellar Data Recovery Correct answer- C
Which hexadecimal value should an investigator search for to find JPEG images on a device?
A 0x424D
B 0xD0CF11E0A1B11AE1
C 0x504B030414000600
D 0xFFD8 Correct answer- D
Which type of steganography allows the user to physically move a file but keep the associated files in their original location for recovery?
A Whitespace
B Folder
C Image
D Web Correct answer- B
An employee steals a sensitive text file by embedding it into a PNG file. The employee then sends this file via an instant chat message to an accomplice.
Which type of steganography did this employee use?
A Document
B Image
C Text
D Web Correct answer- B
Which method is used when an investigator has access to the plaintext and an image file with the hidden information?
A Stego-only
B Known-stego
C Known-message
D Chosen-message Correct answer- C
Which method is used when an investigator takes a plaintext message, uses various tools against it, and finds the algorithm used to hide information?
A Stego-only
B Known-stego
C Known-message
D Chosen-message Correct answer- D
Which operating system is targeted by the DaveGrohl password cracker?
A Linux
B OS X
C UNIX
D Windows Correct answer- B
Which password cracker is used to recover passwords on an OS X operating system?
A Cain and Abel
B DaveGrohl
C L0phtCrack
D Ophcrack Correct answer- B
Which tool allows a forensic investigator to process Transmission Control Protocol (TCP) streams for analysis of malicious traffic?
A Kibana
B OSSEC
C Syslog-ng
D Wireshark Correct answer- D
Which tool allows an investigator to review or process information in a Windows environment but does not rely on the Windows API?
A EnCase
B netstat
C dd
D LogMeister Correct answer- A
A computer forensic investigator finds an unauthorized wireless access point connected to an organization's network switch. This access point's wireless network has a random name with a hidden service set identifier (SSID).
What is this set-up designed to do?
A Create a backdoor that a perpetrator can use by connecting wirelessly to the network
B Jam the wireless signals to stop all legitimate traffic from using the wireless network
C Activate the wireless cards in the laptops of victims to gain access to their data and network
D Transmit high-power signals that force users to connect to the rogue wireless network Correct answer- A
Which web-based application attack corrupts the execution stack of a web application?
A Buffer overflow
B Cookie poisoning
C SQL injection
D Denial-of-service Correct answer- A
An employee is accused of sending a threatening email through Microsoft Exchange.
Which file extension should the investigator search for to find the archived message on the server?
A .DB
B .NSF
C .PST
D .EDB Correct answer- D
Investigators do not have physical access to the computer of the victim of an email crime.
Which task should these investigators instruct the victim to perform in order to identify the sending email server?
A Provide the email body
B Provide the email header
C Run Aid4Mail Email Forensics
D Run Email Address Verifier Correct answer- B
Which tool should a forensic investigator use on a Windows computer to locate all the data on a computer disk, protect evidence, and create evidentiary reports for use in legal proceedings?
A Wireshark
B OmniPeek
C ProDiscover
D Capsa Correct answer- C
What is the purpose of hashing tools during data acquisition?
A Dumping the original RAM contents to a forensically sterile removable device
B Enabling write protection on the original media to preserve the original evidence
C Validating the collected digital evidence by comparing the original and copied file message digests
D Creating a replica of the original source to prevent the inadvertent alteration of the original Correct answer- C
Which software-based tool is used to prevent writes to storage devices on a computer?
A CRU WiebeTech
B ILook Investigator
C SAFE Block
D USB WriteBlocker Correct answer- C [Show Less]