MCFE Exam Questions and Answers 100% VerifiedMCFE Exam Questions and Answers 100% VerifiedMCFE Exam Questions and Answers 100% VerifiedMCFE Exam Questions and Answers 100% VerifiedMCFE Exam Questions and Answers 100% Verified
How does AXIOM Process identify Encrypted files? - ANSWER - Using Passwa...
MCFE Exam Questions and
Answers 100% Verified
How does AXIOM Process identify Encrypted files? - ANSWER - Using Passware
plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files?
- ANSWER - No
What does AXIOM Process search for when identifying Encryption / Anti -forensics
Tools artifacts? - ANSWER - Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? - ANSWER - To
help the examiner expedite their investigation by placing useful artifacts in one
category.
Explain the difference between the Google Searches and Parsed Search Queries
artifacts. - ANSWER - Google Searches is only for searched conducted on Google.
Parsed Search Queries is for all other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? - ANSWER - ONLY
Identifiers -People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. - ANSWER -
Any of the columns from either Identifiers -People or Identifier -s Devices will suffice.
If a keyword Search is conducted form the FILTERS bar, what parts of an EMAIL are
searched? - ANSWER - All Parts
Where is the content of a document displayed in AXIOM Examine? - ANSWER - The
Preview Card in the Details Pane.
, What resource lists the various artifacts search for by AXIOM and the meanings of
the column values? - ANSWER - The Artifact Reference, accessed from Help >
Documentation > Artifact Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the
content of SQLite databases be viewed in AXIOM Examine? - ANSWER - From the
SQLite Viewer within the File System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded
using Chrome. - ANSWER - Any of the columns from the Evidence Pane or Details
Pane will suffice.
What is Session Recovery data? - ANSWER - Information such as last opened tabs,
etc. This is the information that may be stored should the browser quit
unexpectedly, or crash.
Name the database that stores/tracks most of the artifacts generated by Edge and
Internet Explorer v10 and v11. - ANSWER - WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time
be viewed in AXIOM Examine ? - ANSWER - The Evidence Pane or the Details Pane.
What is the potential investigative value of EMAIL Headers? - ANSWER - Headers
main contain accurate timestamps from the email servers, IP addresses, true sender
information, and more.
How can EMAILS with attachments be quickly identified ? - ANSWER - Either by
viewing the Attachments column for data, or by accessing the Email Attachments
artifact category.
When viewing a document's DETAILS, what is the difference between the Created
Date/Time and the File System Created Date/Time? - ANSWER - The Created
Date/Time comes from the document metadata, whereas the File System Created
Date/Time comes from the filesystem itself.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller NursingTutor1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.99. You're not tied to anything after your purchase.
