Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a
laptop. Which of the following email clients can he use to analyze the DBX files?

When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request
all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and
obligates the ISP to preserve e-mail records?

Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged
500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of
picture is this file. What kind of picture is this file?

Which of the following statements is incorrect when preserving digital evidence?

What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever
the course of its lifetime?

Julia is a senior security analyst for Berber Consulting group. She is currently working on a contract for a small
accounting firm in Florid a. They have given her permission to perform social engineering attacks on the company to
see if their in-house training did any good. Julia calls the main number for the accounting firm and talks to the
receptionist. Julia says that she is an IT technician from the company\\’s main office in Iowa. She states that she needs
the receptionist\\’s network username and password to troubleshoot a problem they are having. Julia says that Bill
Hammond, the CEO of the company, requested this information. After hearing the name of the CEO, the receptionist
gave Julia all the information she asked for. What principal of social engineering did Julia use?

Sectors in hard disks typically contain how many bytes?

Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?

Volatile Memory is one of the leading problems for forensics. Worms such as code Red are memory resident and do
write themselves to the hard drive, if you turn the system off they disappear. In a lab environment, which of the following
options would you suggest as the most appropriate to overcome the problem of capturing volatile memory?

The MD5 program is used to:

If you plan to startup a suspect\\’s computer, you must modify the ___________ to ensure that you do not contaminate
or alter data on the suspect\\’s hard drive by booting to the hard drive.

When examining the log files from a Windows IIS Web Server, how often is a new log file created?