Another example of anti-forensics is using a tool like MACE which randomly changes all the timestamps of the files and folders on your hard drive - thus making it nearly impossible for the investigator to perform an time line analysis.

True

False

QUESTION 2

In electronic discovery, if you have to preserve something then you should:

a Preserve EVERYTHING! BE SAFE!

b Perserve the BARE MININUM!

c Preserve unique, relevant evidence that might be useful to an adversary including what it knows, or reasonably should know, is relevant in the action, is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery and/or is the subject of a pending discovery request.

QUESTION 23

What would you describe a strategy that ensures end users do not send sensitive or critical information outside the corporate network? The term is also used to describe software products that help a network administrator control what data end users can transfer.

a Data loss protection (DLP)

b Incident Response

QUESTION 4

What is this principle?

If you are dealing with computer that are turned off or powered down then probably not so much of a concern.

But with computers that are running (live) then you want to be concerned about what information might be lost in the computers memory if its shutdown. Another example, might be active connections to a suspect machine like network share drives. That could be lost if the computer is powered down.

a Chain of custody

b Fragility

c Chain of evidence

d Authenication

4 points

QUESTION 5

What is this principle?

This refers to the ability to certify that the evidence is what it claimed to be, was gathered in a reliable manner, and how chain of custody was handled.

a Authentication

b Chain of custody

c Fragility

d Covering your rear end