Final Exam 3

Question 1

MAC and OXS is built on what OP?

Answer 1

Unix Darwin

Question 2

Junk files:

Answer 2

Junk files are temporary files created by window during the execution of a task, but not deleted after the task has been performed

Question 3

Prefect files:

Answer 3

Are artifacts for forensics investigation. For example, prefect files are created in window for example when an application is run from a particular location for the very first time

Question 4

Right of ownership in criminal case is a warrant and a subpoena in civil case

Answer 4

in criminal case is a warrant and a subpoena in civil case

Question 5

Every email contains a header.

Answer 5

The transport header is read bottom up.

Question 6

Investigation Technique

Answer 6

preparation 
survey
preservation
Examination
Presentation

Question 7

Modus Operandi

Answer 7

refers to the behaviors that are engaged in by a criminal for the purpose of successfully completing an offense. A criminal’s MO reflects how he/she committed his/her crimes

Question 8

Modus Operandi-

Answer 8

Oriented behaviors are behaviors that were necessary to commit the crime

Question 9

motive- or signature-oriented

Answer 9

behavior are behaviors that were not necessary to commit the crime

Question 10

Right of ownership in civil case

Answer 10

is when a permission is given by owner to access evidence if not, a subpoena is needed.

Question 11

50. Right of ownership in criminal

Answer 11

is dictated by a warrant

Question 12

Where to find USB insert for MAC :

Answer 12

In the sidebar Plist

Question 13

Taking Physical image of an encrypted disk while system is running.

Answer 13

It would lead to getting encrypted image.

Question 14

Email protocol

Answer 14

is a method by which tow computers communicate and exchange an email.

Question 15

Mail server :

Answer 15

Stores the mail and let the receiving device access it and download when needed

Question 16

Mail Protocol:

Answer 16

POP 3, IMAP, SMTP for devices interconnected, HTTP for internet browser

Question 17

When investigation event log:

Answer 17

Do not rely on dates, look for log entries

Question 18

Windows Artifacts:

Answer 18

Windows file systems, registry, shortcut files, hibernation files, prefetch files, event logs, internet history Windows executable, metadata, recycle bin, drop box, print spooling, thumbnail images, and lists of recently used applications.

Question 19

Greatest challenge to digital forensics:

Answer 19

Encryption, cloud storage nature of acquisition, Hacking, network interface.

Question 20

SS7:

Answer 20

Signal that carrier use to pass voice from tower to tower. Can be used to eardrop communication.

Question 21

Biggest challenge to phone:

Answer 21

It’s encryption

Question 22

Fsventer:

Answer 22

Tracks the file system ‘s activities in Mac

Question 23

63. Mac artifacts :

Answer 23

History (Web, bookmarks, downloads and search terms)
Cookies
Web Logins
Archived History (Web History and search terms)
Bookmarks (This is in a non-SQLite format)

Question 24

64. Each apple device has unique UID

Answer 24

Each apple device has unique UID

Question 25

spot light index

Answer 25

index everything that is on the computer

Question 26

Where are metadata for files on FAT system stored

Answer 26

On Fat Directory entries and in the allocation table.