What kind of graphics file combines bitmap and vector graphics types?
GSM refers to mobile phones as “mobile stations” and divides a station into two parts, the __________ and the mobile equipment (ME).
Which type of report typically takes place in an attorney’s office?
The _______________ utility can be used to repair .ost and .pst files, and is included with Microsoft Outlook.
The Internet is the successor to the Advanced Research Projects Agency Network (ARPANET).
What format was developed as a standard for storing metadata in image files?
What command below could be used on a UNIX system to help locate log directories?
Which of the following is not a type of peripheral memory card used in PDAs?
A ____ differs from a trial testimony because there is no jury or judge.
When you give ____ testimony, you present this evidence and explain what it is and how it was obtained.
The Google drive file _________________ contains a detailed list of a user’s cloud transactions.
from both plaintiff and defense is an optional phase of the trial. Generally, it’s allowed to cover an issue raised during crossexamination.
The LempelZivWelch (LZW) algorithm is used in _____________ compression.
When writing a report, group related ideas and sentences into ___________________,
The __________________ Dropbox file stores information on shared directories associated with a Dropbox user account and file transfers between Dropbox and the client’s system.
On a UNIX system, where is a user’s mail stored by default?
The DomainKeys Identified Mail service is a way to verify the names of domains a message is flowing through and was developed as a way to cut down on spam.
The _________________ numbering system is often used in legal pleadings. Each Roman numeral represents a major aspect of the report, and each Arabic numeral is an important piece of supporting information.
Generally, the best approach your attorney can take in direct examination is to ask you ____ questions and let you give your testimony.
The use of smart phones for illicit activities is becoming more prevalent.
What file type starts at offset 0 with a hexidecimal value of FFD8?
Lawyers may request _________________ of previous testimony by their own potential experts to ensure that the experts haven’t previously testified to a contrary position.
evidence is evidence that exonerates or diminishes the defendant’s liability.
In simple terms, _____________ compression discards bits in much the same way rounding off decimal values discards numbers.
In an email address, everything before the @ symbol represents the domain name.
The Suni Munshani v. Signal Lake Venture Fund II, LP et al case is an example of a case that involves email
For forensics specialists, keeping the ____ updated and complete is crucial to supporting your role as an expert and showing that you’re constantly enhancing your skills through training, teaching, and experience.
Specially trained system and network administrators are often a CSP’s first responders.
The _______________ component is made up of radio transceiver equipment that defines cells and communicates with mobile phones; sometimes referred to as a “cell phone tower”.
Which email recovery program below can recover files from VMware and VirtualPC virtual machines, as well as ISOs and other types of file backups?
In a prefetch file, the application’s last access date and time are at offset _______________.
The first 3 bytes of an XIF file are exactly the same as a TIF file.
How many words should be in the abstract of a report?
What information below is not something recorded in Google Drive’s db file?
The ___________________ technology is designed for GSM and Universal Mobile Telecommunications Systems (UMTS) technology, supports 45 Mbps to 144 Mbps transmission speeds.
What method below is not an effective method for isolating a mobile device from receiving signals?
If a microphone is present during your testimony, place it ____ to eight inches from you.
Committing crimes with email is uncommon, and investigators are not generally tasked with linking suspects to email.
In older versions of exchange, what type of file was responsible for messages formatted with Messaging Application Programming Interface, and served as the database file?
What rule of the Federal Rules of Civil Procedure requires that parties who anticipate calling an expert witness to testify must provide a copy of the expert’s written report that includes all opinions, the basis for the opinions, and the information considered in coming to those opinions?
Which is not a valid method of deployment for a cloud?
As with any research paper, write the ___________________ last.
Select below the utility that is not a lossless compression utility:
is a written list of objections to certain testimony or exhibits.
Regarding a trial, the term ____ means rejecting potential jurors.
What cloud application offers a variety of cloud services, including automation and CRM, cloud application development, and Web site marketing?
Because mobile phones are seized at the time of arrest, a search warrant is not necessary to examine the device for information.
means the tone of language you use to address the reader.
How many different colors can be displayed by a 24 bit colored pixel?
The _____________ format is a proprietary format used by Adobe Photoshop.
Where does the Postfix UNIX mail server store email?
A report using the _________________ system divides material into sections and restarts numbering with each main section.
Within NIST guidelines for mobile forensics methods, the ______________ method requires physically removing flash memory chips and gathering information at the binary level.
Metadata in a prefetch file contains an application’s _____________ times in UTC format and a counter of how many times the application has run since the prefect file was created.
When using the PassMark software to find forensic information in emails, messages that appear to be suspicious should be flagged
What organization is responsible for the creation of the requirements for carriers to be considered 4G?
is the process of opposing attorneys seeking information from each other.
For EXIF JPEG files, the hexadecimal value starting at offset 2 is _____________.
Which of the following is not a type of graphic file that is created by a graphics program?
In the United States, the Electronic Communications Privacy Act (ECPA) describes 5 mechanisms the government can use to get electronic information from a provider.
Email administrators may make use of _________________, which overwrites a log file when it reaches a specified size or at the end of a specified time frame.
When you decompress data that uses a lossy compression algorithm, you regain data lost by compression.
Which of the following is NOT a service level for the cloud?
What service below can be used to map an IP address to a domain name, and then find the domain name’s point of contact?
If a report is long and complex, you should include a(n)
One of the most noteworthy email scams was 419, otherwise known as the
Each graphics file type has a unique header value.
What type of mobile forensics method listed by NIST guidelines involves looking at a device’s content page by page and taking pictures?
You provide ____ testimony when you answer questions from the attorney who hired you.
As a standard practice, collect evidence and record the tools you used in designated file folders or evidence containers.
Search and seizure procedures for mobile devices are as important as procedures for computers.
Where is the OS stored on a smartphone?
All TIF files start at offset 0 with what 6 hexadecimal characters?
While travelling internationally with a GSM phone, you can pop in a SIM card for the country you’re currently in, rather than get a new phone.
What kind of files are created by Exchange while converting binary data to readable text in order to prevent loss of data?
If your CV is more than ____ months old, you probably need to update it to reflect new cases and additional training.
Discuss any potential problems with your attorney ____ a deposition.
How you format _____________ is less important than being consistent in applying formatting.
In order to retrieve logs from exchange, the PowerShell cmdlet _______________________ can be used.
An expert’s opinion is governed by FRCP, Rule 26, and the corresponding rule in many states.
Referred to as a digital negative, the _______ is typically used on many higherend digital cameras.
Select the folder below that is most likely to contain Dropbox files for a specific user:
To reduce the time it takes to start applications, Microsoft has created __________ files, which contain the DLL pathnames and metadata used by applications.
If a preliminary report is written, destroying the preliminary report after the final production could be considered
What act defines precisely how copyright laws pertain to graphics?
Leading questions such as “Isn’t it true that forensics experts always destroy their handwritten notes?” are referred to as ____ questions.
You should create a formal checklist of your procedures that’s applied to all your cases or include such a checklist in your report.
Select the program below that can be used to analyze mail from Outlook, Thunderbird, and Eudora.
A search warrant can be used in any kind of case, either civil or criminal.
Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis?
A report can provide justification for collecting more evidence and be used at a probable cause hearing.
The __________________________ is an organization that has developed resource documentation for CSPs and their staff. It provides guidance for privacy agreements, security measures, questionnaires, and more.
Which of the following is not considered to be a nonstandard graphics file format?
What type of Facebook profile is usually only given to law enforcement with a warrant?
Which service below does not put log information into /var/log/maillog?
What cloud service listed below provides a freeware type 1 hypervisor used for public and private clouds?
On what mobile device platform does Facebook use a SQLite database containing friends, their ID numbers, and phone numbers as well as files that tracked all uploads, including pictures?
An ___________________ is a document that serves as a guideline for knowing what questions to expect when you’re testifying.
Most Code Division Multiple Access networks conform to IS95. The systems are referred to as CDMAOne, and when they went to 3G service, they became CDMAThree.
How many bits are required to create a pixel capable of displaying 65,536 different colors?
An Internet email server is generally part of a local network, and is maintained and managed by an administrator for internal use by a specific company.
Which of the following is not one of the five mechanisms the government can use to get electronic information from a provider?
Nonvolatile memory on a mobile device can contain OS files and stored user data, such as a __________________ and backedup files.
What digital network technology was developed during World War II?
As an expert witness, you have opinions about what you have found or observed.
The ____ is the most important part of testimony at a trial.
A _________________ is a tool with application programming interfaces (APIs) that allow reconfiguring a cloud on the fly; it’s accessed through the application’s Web interface.
Like a job resume, your CV should be geared for a specific trial.
The law requires search warrants to contain specific descriptions of what’s to be seized. For cloud environments, the property to be seized usually describes physical hardware rather than data, unless the CSP is a suspect.
When looking at a byte of information in binary, such as 11101100, what is the first bit on the left referred to as?
The ________________ section of a report starts by referring to the report’s purpose, states the main points, draws conclusions, and possibly renders an opinion.
For all JPEG files, the ending hexadecimal marker, also known as the end of image (EOI), is
With cloud systems running in a virtual environment, _______________ can give you valuable information before, during, and after an incident.
The sys file on a computer can contain message fragments from instant messaging applications.
There are two types of depositions: ____ and testimony preservation.
The ________________ technology uses the IEEE 802.16e standard and Orthogonal Frequency Division Multiple Access (OFDMA) and supports transmission speeds of 12 Mbps
Most Code Division Multiple Access (CDMA) networks conform to ____________ , created by the Telecommunications Industry Association (TIA).
Syslog is generally configured to put all email related log information into what file?
Which option below is the correct path to the sendmail configuration file?
Specially trained system and network administrators are often a CSP’s first responders.
At what offset is a prefetch file’s create date & time located?
Jurors typically average just over ____ years of education and an eighthgrade reading level.
Which graphics file format below is rarely compressed?
A ________________ is written by a judge to compel someone to do or not do something, such as a CSP producing user logon activities.
In what state is sending unsolicited email illegal?
The rule that states that testimony is inadmissible unless it is “testimony deduced from a well recognized scientific principle or discovery; the thing from which the deduction is made must be sufficiently established to have gained general acceptance in the particular field in which it belongs”, was established in what court case?
is an attempt by opposing attorneys to prevent you from serving on an important case.
Sometimes opposing attorneys ask several questions inside one question; this practice is called a ____ question.
The ______________ tool can be used to bypass a virtual machine’s hypervisor, and can be used with OpenStack.
Part of what you have to deliver to the jury is a person they can trust to help them figure out something that’s beyond their expertise.
How do vector graphics differ from bitmap and raster images?
Discuss the four different types of cloud deployment methods.
Compare and contrast email services on Internet and an intranet.
Describe how the Forensic OpenStack Tools (FROST) bypasses a virtual machine’s hypervisor.
List and briefly describe some of the technologies that can be used to create 4G networks.
Briefly describe judicial hearings.
Describe the two major forms of steganography.
What is Exchange, and what information within Exchange is most valuable to investigations?
What are some of the reasons to avoid contact with news media during a case?
As an expert witness, what basic conditions must be met for you to be able to testify to an opinion or a conclusion?