Axiom Exam Study Guide Questions with Verified Answers.
2 views 0 purchase
Course
Axiom
Institution
Axiom
Axiom Exam Study Guide Questions with Verified Answers.Axiom Exam Study Guide Questions with Verified Answers.Axiom Exam Study Guide Questions with Verified Answers.
Axiom Exam Study Guide Questions with Verified
Answers.
When setting up a new case in Magnet AXIOM process, can you specify separate
locations for the case files and the evidence files? - Correct Answer Yes
Which types of devices can be imaged using Magnet AXIOM Process? - Correct
Answer Hard Drives, Thumb Drives, iOS Phones, Android phones
Is it possible to only scan Volume Shadow Copies from a drive? - Correct Answer Yes
Which option should be used when loading in data from an iOS or Android device? -
Correct Answer Mobile
Can Magnet AXIOM Process filter files via hash values? - Correct Answer Yes
What are the two main programs of the AXIOM forensics suite? - Correct Answer
Examine & Process
AXIOM will run natively on a Mac computer. - Correct Answer False
AXIOM Process and AXIOM Examine both can be run through a virtual machine. -
Correct Answer True
What are the three distinct steps of the forensic process? - Correct Answer Acquisition
or Extraction
Processing
Analysis
You are working a case and want to know if AXIOM supports extracting artifacts from
the app Yik Yak. What documentation can you view to determine if Yik Yak is
supported? - Correct Answer Artifact reference
What three licensing options are available for the user to license Magnet Forensics
AXIOM? - Correct Answer License Key, Network Server, Axiom USB
AXIOM Process allows the user to set up the data for Acquisition (imaging) and
Processing in the same single step. - Correct Answer True
When setting up an item of evidence for processing, what two options are available? -
Correct Answer Load Evidence
Acquire Evidence
During setup for processing, the user can specify the Search Type to be conducted on
an item of digital evidence. - Correct Answer True
,You can specify that keyword searches be run against either Artifacts or All Content. -
Correct Answer True
You suspect that a user has an encrypted mobile backup on their computer. You have a
list of ten possible passwords. How should you configure the options for processing the
computer to ensure that you get the information from the backups? - Correct Answer
Check "Search Mobile Backups" and then enter each password that you have in the
Mobile Backup Passwords box.
When using Magnet.AI to categorize chats, the AI analysis is based on individual
messages and not on the entire chat conversation. - Correct Answer False
The app Club Penguin is found on a suspect's phone. Through research, you determine
that AXIOM does not support the app and that the app stores information in a SQLite
database. What option can you select during processing to seek out the Club Penguin
database? - Correct Answer Dynamic App Finder
It is possible to add evidence to a case that has already been processed. - Correct
Answer True
If the option "Automatically Build Connections" is checked, connections will
automatically be built during the first processing of the case but will NOT be built if any
additional evidence is added to the case. - Correct Answer False
When in File System view, it is possible to view all sub-folders of the main folder that
you are clicked on? - Correct Answer Yes
From the Case Dashboard, you chose the option "Categorize pictures with Magnet.AI."
Which of the following options are available for categorization? - Correct Answer All
pictures
Which two hash formats does AXIOM use? - Correct Answer MD5 SHA1
You want to create a full image of a hard drive. Which two image formats are available
in AXIOM? - Correct Answer .E01 and .RAW
Since there are substantial differences between computer, mobile, and cloud artifacts,
separate AXIOM cases must be created for each type of evidence. - Correct Answer
False
Which type of scan is the slowest? - Correct Answer Sector Level Scan
During imaging, is it possible to break the image file created into segments? - Correct
Answer Yes
, When processing a case, you enable the option to Remove Duplicates. An identical
picture file is located in /Downloads and in /Documents/Pictures. Since processing
removed duplicates, only one of these files will be available to view in AXIOM Examine.
- Correct Answer False
When setting up Keyword Search Types for All Content, the user can specify the
Encoding used for each keyword list. - Correct Answer True
You process a case and begin reviewing the results. Upon doing so, you notice that
when you added the evidence, you entered the wrong Scan Information. Is it possible to
edit this information now that processing has completed? - Correct Answer False
You conduct a keyword search for All Content and there are hits located in unallocated
space that have no associated artifact. Where will these results be displayed? - Correct
Answer Keyword Snippets
Which of the following is not a method of compression used for .E01 images in AXIOM
Process? - Correct Answer Least
Which file would contain information indicating that a USB device was successfully
installed on a computer?
config.sys
index.dat
thumbs.db
setupapi.dev.log - Correct Answer setupapi.dev.log
What can be interpreted from the following line from an Internet
history?http://www.google.com/index.html&q=emperor+penguin. - Correct Answer A
search was conducted for "Emperor Penguin" using the search engine Google.
From a Windows PreFetch file, it is possible to determine when a program was run. -
Correct Answer True
While of the following locations would NOT contain information related to external
devices connected to a computer?
USBSTOR in the Windows registry
SAM in the Windows registry
NTUSER.DAT file in the Windows registry
setupapi.dev.log - Correct Answer SAM
What are the registry hives? - Correct Answer
Which of the following can be listed as paths in a .LNK file?
A local path such as C:\Program Files\Office\winword.exe.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Lectjoe. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.
