Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 13: Cell Phone and Mobile Device Forensics

Full screen (f)
exit full mode
Question
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
Use Space or
up arrow
down arrow
to flip the card.
Question
In the United States, the Electronic Communications Privacy Act (ECPA) describes 5 mechanisms the government can use to get electronic information from a provider.​
Question
In a prefetch file, the application's last access date and time are at offset _______________.​

A)​0x80
B)​0x88
C)0x90
D)0xD4
Question
The ______________ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack.

A)​OpenForensics
B)​FROST
C)WinHex
D)ARC
Question
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?​

A)IBM Cloud​
B)​Amazon EC2
C)Salesforce
D)HP Helion
Question
A _________________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.​

A)​programming language
B)​management plane
C)backdoor
D)configuration manager
Question
​The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).​
Question
Where is the snapshot database created by Google Drive located in Windows?​

A)​C: \Program Files\Google\Drive
B)​C: \ Users\​username​\AppData\Local\\Google\Drive
C)C: \ Users\​username​\Google\Google Drive
D)C: \Google\Drive
Question
The Google drive file _________________ contains a detailed list of a user's cloud transactions.​

A)​loggedtransactions.log
B)​sync_log.log
C)transact_user.db
D)history.db
Question
​At what offset is a prefetch file's create date & time located?

A)​0x80
B)​0x88
C)0x90
D)0x98
Question
The __________________________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.​

A)​OpenStack Framework Alliance
B)​Cloud Security Alliance
C)Cloud Architecture Group
D)vCloud Security Advisory Panel
Question
The __________________ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system.​

A)​filecache.dbx
B)​read_filejournal
C)filetx.log
D)filecache.dll
Question
A ________________ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.​

A)court order
B)​subpoena
C)warrant
D)temporary restraining order
Question
Which is not a valid method of deployment for a cloud?​

A)​public
B)​private
C)community
D)targeted
Question
Which of the following is not a valid source for cloud forensics training??

A)?(ISC)2Certified Cyber Forensics Professional
B)?INFOSEC Intitute
C)Sans Cloud Forensics with F-Response
D)A+ Security
Question
A search warrant can be used in any kind of case, either civil or criminal.​
Question
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?​

A)search warrants
B)​subpoenas
C)court orders
D)seizure order
Question
Specially trained system and network administrators are often a CSP's first responders.​
Question
Which of the following is NOT a service level for the cloud?​ ​

A)​Software as a service
B)​Virtualization as a service
C)Platform as a service
D)Infrastructure as a service
Question
Metadata in a prefetch file contains an application's _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created.​

A)​MAC
B)​ACL
C)startup ​/ access
D)log event
Question
Math each item with a statement below

-A principle of software architecture in which a single installation of a program runs on a server accessed by multiple entities (tenants). when software is access by tenants in multiple jurisdictions, conflicts in copyright and licensing laws might result.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
Math each item with a statement below

-A shared cloud service that provides access to common or shared data.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
The _____________ ​cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure.
Question
The __________________ file contains cid (client ID), clientType, clientVersion, device, deviceID, and timeUtc values relevant to OneDrive.
Question
Math each item with a statement below

-A cloud service dedicated to a single organization.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
Math each item with a statement below

-?With this cloud service level, an organization supplies its own OS, applications, databases, and operations staff, and the cloud provider is responsible only for selling or leasing the hardware.

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
Math each item with a statement below

-A cloud service that's available to the general public.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
Describe the role of incident first responders, and discuss some factors that should be addressed with first responders.
Question
Math each item with a statement below

-Destroying, altering, hiding, or failing to preserve evidence, whether it's intentional or a result of negligence.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
A _____________ is a contract between a CSP and a customer that describes what services are being provided and at what level.​
Question
The ________________ script converts Dropbox's config.db into a readable text file.?
Question
Math each item with a statement below

-A cloud deployment model that combines public, private, or community cloud services under one cloud. Segregation of data is used to protect private cloud storage and applications.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
Math each item with a statement below

-Deallocating cloud resources that were assigned to a user or an organization.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
What information below is not something recorded in Google Drive's snapshot.db file?​

A)​file access records
B)​URL pathnames
C)modified and created times
D) file SHA values and sizes
Question
Math each item with a statement below

-Allocating cloud resources, such as additional disk space.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
?With cloud systems running in a virtual environment, _______________ can give you valuable information before, during, and after an incident.

A)?RAM
B)?snapshot
C)live acquisition
D)carving
Question
Math each item with a statement below

-?Vendors that provide on-demand network access to a shared pool of resources (typically remote data storage or Web applications)

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Question
__________________ uses an "ideal lattice" mathematical formula to encrypt data.
a.​cloud service providers (CSPs)
Question
To reduce the time it takes to start applications, Microsoft has created __________ files, which contain the DLL pathnames and metadata used by applications.​

A)cache​
B)​prefetch
C)config
D)temp
Question
What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds?​

A)​Cisco Cloud Computing
B)​Amazon EC2
C)XenServer and XenCenter Windows Management Console
D)HP Helion
Question
What capabilities should a forensic tool have to handle acquiring data from the cloud?
Question
Describe how the Forensic Open-Stack Tools (FROST) bypasses a virtual machine's hypervisor.​
Question
Explain what a government agency subpoena is, and describe how it is used.
Question
Explain what non-government and civil litigation subpoenas are, and describe how they work.
Question
Explain what "anti-forensics" is, and provide detail on some anti-forensics tactics.
Question
Explain what a service level agreement is.
Question
Discuss the four different types of cloud deployment methods.?
Question
Explain why digital forensics examiners should be most concerned with restrictions applied to customers and security measures.​
Question
Explain what a court order is, and describe how it is used.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/49
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 13: Cell Phone and Mobile Device Forensics
1
The law requires search warrants to contain specific descriptions of what's to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
False
2
In the United States, the Electronic Communications Privacy Act (ECPA) describes 5 mechanisms the government can use to get electronic information from a provider.​
True
3
In a prefetch file, the application's last access date and time are at offset _______________.​

A)​0x80
B)​0x88
C)0x90
D)0xD4
C
4
The ______________ tool can be used to bypass a virtual machine's hypervisor, and can be used with OpenStack.

A)​OpenForensics
B)​FROST
C)WinHex
D)ARC
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
5
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?​

A)IBM Cloud​
B)​Amazon EC2
C)Salesforce
D)HP Helion
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
6
A _________________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it's accessed through the application's Web interface.​

A)​programming language
B)​management plane
C)backdoor
D)configuration manager
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
7
​The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
8
Where is the snapshot database created by Google Drive located in Windows?​

A)​C: \Program Files\Google\Drive
B)​C: \ Users\​username​\AppData\Local\\Google\Drive
C)C: \ Users\​username​\Google\Google Drive
D)C: \Google\Drive
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
9
The Google drive file _________________ contains a detailed list of a user's cloud transactions.​

A)​loggedtransactions.log
B)​sync_log.log
C)transact_user.db
D)history.db
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
10
​At what offset is a prefetch file's create date & time located?

A)​0x80
B)​0x88
C)0x90
D)0x98
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
11
The __________________________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.​

A)​OpenStack Framework Alliance
B)​Cloud Security Alliance
C)Cloud Architecture Group
D)vCloud Security Advisory Panel
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
12
The __________________ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client's system.​

A)​filecache.dbx
B)​read_filejournal
C)filetx.log
D)filecache.dll
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
13
A ________________ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.​

A)court order
B)​subpoena
C)warrant
D)temporary restraining order
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
14
Which is not a valid method of deployment for a cloud?​

A)​public
B)​private
C)community
D)targeted
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is not a valid source for cloud forensics training??

A)?(ISC)2Certified Cyber Forensics Professional
B)?INFOSEC Intitute
C)Sans Cloud Forensics with F-Response
D)A+ Security
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
16
A search warrant can be used in any kind of case, either civil or criminal.​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?​

A)search warrants
B)​subpoenas
C)court orders
D)seizure order
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
18
Specially trained system and network administrators are often a CSP's first responders.​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
19
Which of the following is NOT a service level for the cloud?​ ​

A)​Software as a service
B)​Virtualization as a service
C)Platform as a service
D)Infrastructure as a service
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
20
Metadata in a prefetch file contains an application's _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created.​

A)​MAC
B)​ACL
C)startup ​/ access
D)log event
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
21
Math each item with a statement below

-A principle of software architecture in which a single installation of a program runs on a server accessed by multiple entities (tenants). when software is access by tenants in multiple jurisdictions, conflicts in copyright and licensing laws might result.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
22
Math each item with a statement below

-A shared cloud service that provides access to common or shared data.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
23
The _____________ ​cloud service is most likely found on a desktop or a server, although it could also be found on a company network or the remote service provider's infrastructure.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
24
The __________________ file contains cid (client ID), clientType, clientVersion, device, deviceID, and timeUtc values relevant to OneDrive.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
25
Math each item with a statement below

-A cloud service dedicated to a single organization.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
26
Math each item with a statement below

-?With this cloud service level, an organization supplies its own OS, applications, databases, and operations staff, and the cloud provider is responsible only for selling or leasing the hardware.

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
27
Math each item with a statement below

-A cloud service that's available to the general public.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
28
Describe the role of incident first responders, and discuss some factors that should be addressed with first responders.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
29
Math each item with a statement below

-Destroying, altering, hiding, or failing to preserve evidence, whether it's intentional or a result of negligence.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
30
A _____________ is a contract between a CSP and a customer that describes what services are being provided and at what level.​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
31
The ________________ script converts Dropbox's config.db into a readable text file.?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
32
Math each item with a statement below

-A cloud deployment model that combines public, private, or community cloud services under one cloud. Segregation of data is used to protect private cloud storage and applications.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
33
Math each item with a statement below

-Deallocating cloud resources that were assigned to a user or an organization.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
34
What information below is not something recorded in Google Drive's snapshot.db file?​

A)​file access records
B)​URL pathnames
C)modified and created times
D) file SHA values and sizes
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
35
Math each item with a statement below

-Allocating cloud resources, such as additional disk space.?

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
36
?With cloud systems running in a virtual environment, _______________ can give you valuable information before, during, and after an incident.

A)?RAM
B)?snapshot
C)live acquisition
D)carving
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
37
Math each item with a statement below

-?Vendors that provide on-demand network access to a shared pool of resources (typically remote data storage or Web applications)

A)cloud service providers (CSPs)
B)community cloud
C)deprovisioning
D)hybrid cloud
E)infrastructure as a service (IaaS)
F)multitenancy
G)private cloud
H)provisioning
I)public cloud
J)spoliation
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
38
__________________ uses an "ideal lattice" mathematical formula to encrypt data.
a.​cloud service providers (CSPs)
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
39
To reduce the time it takes to start applications, Microsoft has created __________ files, which contain the DLL pathnames and metadata used by applications.​

A)cache​
B)​prefetch
C)config
D)temp
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
40
What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds?​

A)​Cisco Cloud Computing
B)​Amazon EC2
C)XenServer and XenCenter Windows Management Console
D)HP Helion
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
41
What capabilities should a forensic tool have to handle acquiring data from the cloud?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
42
Describe how the Forensic Open-Stack Tools (FROST) bypasses a virtual machine's hypervisor.​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
43
Explain what a government agency subpoena is, and describe how it is used.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
44
Explain what non-government and civil litigation subpoenas are, and describe how they work.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
45
Explain what "anti-forensics" is, and provide detail on some anti-forensics tactics.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
46
Explain what a service level agreement is.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
47
Discuss the four different types of cloud deployment methods.?
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
48
Explain why digital forensics examiners should be most concerned with restrictions applied to customers and security measures.​
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
49
Explain what a court order is, and describe how it is used.
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 49 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree