A forensic examiner is reviewing a laptop running OS X which has been compromised. The examiner wants to know if any shell commands were executed by any of the accounts.

Which log file or folder should be reviewed?

Which operating system (OS) uses the NTFS (New Technology File System) file operating system?

A forensic investigator is acquiring evidence from an iPhone.

What should the investigator ensure before the iPhone is connected to the computer?

A victim of Internet fraud fell for an online offer after using a search engine to find a deal on an expensive software purchase. Once the victim learned about the fraud, he contacted a forensic investigator for help.

Which digital evidence should the investigator collect?

Which U.S. law criminalizes the act of knowingly using a misleading domain name with the intent to deceive a minor into viewing harmful material?

Which rule is used for conducting electronic surveillance?

After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a forensics expert is hired to investigate the crime and collect evidence.

Which digital evidence should be collected?

The following line of code is an example of how to make a forensic copy of a suspect drive:

dd if=/dev/mem of=/evidence/image.memory1

Which operating system should be used to run this command?

Where is the default location for 32-bit programs installed by a user on a 64-bit version of Windows 7?

The chief information officer of an accounting firm believes sensitive data is being exposed on the local network.

Which tool should the IT staff use to gather digital evidence about this security vulnerability?

While collecting digital evidence from a running computer involved in a cybercrime, the forensic investigator makes a list of items that need to be collected.

Which piece of digital evidence should be collected first?

Which tool should be used with sound files, video files, and image files?

Tom saved a message using the least significant bit (LSB) method in a sound file and uploaded this sound to his own website.

What is the carrier in this example?

A forensic scientist is examining a computer for possible evidence of a cybercrime.

Why should the forensic scientist copy files at the bit level instead of the OS level when copying files from the computer to a forensic computer?

Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives?

A digital forensic examiner receives a computer used in a hacking case. The examiner is asked to extract information from the computer's Registry.

How should the examiner proceed when obtaining the requested digital evidence?

An organization has identified a system breach and has collected volatile data from the system.

Which evidence type should be collected next?

Which description applies to the Advanced Forensic Format (AFF)?

Thomas received an email stating he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account.

Which digital evidence should be considered to determine how Thomas' account information was compromised?

Which directory contains the system's configuration files on a computer running Mac OS X?

Which Windows component is responsible for reading the boot.ini file and displaying the boot loader menu on Windows XP during the boot process?

Which information is included in an email header?

What is one purpose of steganography?