How does AXIOM Process identify Encrypted files? - Answer- Using Passware plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files? - Answer- No
What does AXIOM Process search for when identifying Encryption / Anti -forensics Tools artifacts? - Answer- Know...
MCFE EXAM QUESTIONS AND ANSWERS
How does AXIOM Process identify Encrypted files? - Answer- Using Passware plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files? -
Answer- No
What does AXIOM Process search for when identifying Encryption / Anti -forensics
Tools artifacts? - Answer- Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? - Answer- To help
the examiner expedite their investigation by placing useful artifacts in one category.
Explain the difference between the Google Searches and Parsed Search Queries
artifacts. - Answer- Google Searches is only for searched conducted on Google. Parsed
Search Queries is for all other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? - Answer- ONLY
Identifiers -People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. - Answer- Any of
the columns from either Identifiers -People or Identifier -s Devices will suffice.
What resource lists the various artifacts search for by AXIOM and the meanings of the
column values? - Answer- The Artifact Reference, accessed from Help >
Documentation > Artifact Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the content
of SQLite databases be viewed in AXIOM Examine? - Answer- From the SQLite Viewer
within the File System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded
using Chrome. - Answer- Any of the columns from the Evidence Pane or Details Pane
will suffice.
What is Session Recovery data? - Answer- Information such as last opened tabs, etc.
This is the information that may be stored should the browser quit unexpectedly, or
crash.
Name the database that stores/tracks most of the artifacts generated by Edge and
Internet Explorer v10 and v11. - Answer- WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time
be viewed in AXIOM Examine ? - Answer- The Evidence Pane or the Details Pane.Powered by TCPDF (www.tcpdf.org)
1 / 1
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Greaterheights. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.59. You're not tied to anything after your purchase.
