MCFE Exam Questions

Term
1 / 45
How does AXIOM Process identify Encrypted files?
Click the card to flip 👆
Terms in this set (45)
How does AXIOM Process identify Encrypted files?
Using Passware plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files?
No
What does AXIOM Process search for when identifying Encryption / Anti -forensics Tools artifacts?
Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories?
To help the examiner expedite their investigation by placing useful artifacts in one category.
Explain the difference between the Google Searches and Parsed Search Queries artifacts.
Google Searches is only for searched conducted on Google. Parsed Search Queries is for all other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile?
ONLY Identifiers -People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts.
Any of the columns from either Identifiers -People or Identifier -s Devices will suffice.
What resource lists the various artifacts search for by AXIOM and the meanings of the column values?
The Artifact Reference, accessed from Help > Documentation > Artifact Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the content of SQLite databases be viewed in AXIOM Examine?
From the SQLite Viewer within the File System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded using Chrome.
Any of the columns from the Evidence Pane or Details Pane will suffice.
What is Session Recovery data?Information such as last opened tabs, etc. This is the information that may be stored should the browser quit unexpectedly, or crash.Name the database that stores/tracks most of the artifacts generated by Edge and Internet Explorer v10 and v11.WebCacheV01.datWhere can EMAIL specific information such as Subject, To, From, and Received Time be viewed in AXIOM Examine ?The Evidence Pane or the Details Pane.What is the potential investigative value of EMAIL Headers?Headers main contain accurate timestamps from the email servers, IP addresses, true sender information, and more.How can EMAILS with attachments be quickly identified ?Either by viewing the Attachments column for data, or by accessing the Email Attachments artifact category.If a keyword Search is conducted form the FILTERS bar, what parts of an EMAIL are searched?All PartsWhere is the content of a document displayed in AXIOM Examine?The Preview Card in the Details Pane.When viewing a document's DETAILS, what is the difference between the Created Date/Time and the File System Created Date/Time?The Created Date/Time comes from the document metadata, whereas the File System Created Date/Time comes from the filesystem itself.Name three document formats searched for and categorized by AXIOM.One could utilize the Artifact Reference and list any three here, examples include Word documents, Excel documents, Hangul Word Processor, and others.Will a keyword search conducted across the DOCUMENTS artifact category find a word within a PDF document?Yes in the flat -text preview, and an examiner may use the OCR functionality to process those PDF documents.If a user is suspected of watching a video from an external drive connected to the host system, what OPERATING SYSTEM artifacts can help the examiner identify the name of the file, path for the file, and application used to watch the video?Prefetch, LNK files, Jump Lists, and User Assist can all aid the examiner in identifying those artifacts.The Windows Prefetch service provides examiners with which three key pieces of information ?Name of the application, run count, and times.What AXIOM Examine feature allows examiners to quickly identify the most relevant Windows Event Log entries ?Filtering and sorting.What types of data are categorized within the MEDIA artifact categories within AXIOM Examine?Using the Artifact Reference, there are many, including but not limited to: Pictures, videos, and audio files.What two PREVIEWS are available to help examiners quickly review VIDEO artifacts?The actual video preview, and the filmstrip preview.At what percentage of a VIDEO file does AXIOM Process take still frames to create the filmstrip preview?Every 10%Magnet.AI can search for and categorize pictures within the case. Name five of the current categories searched for.Process > Categorize Pictures with Magnet.AI: Possible weapons, Possible drugs, Militants, Vehicles, Human faces, etc.Which keyboard button can be used to grade all visible uncategorized images?The + key. The - key will remove a category from one image.Name two different types of information that may be entered in the OPTIONS in AXIOM Process to help decrypt Chat data.Reviewing different applications will produce different answers but some examples are the application password and email address.What free Magnet AXIOM tool can help you discover user information to gain access to otherwise encrypted data ?The AXIOM Wordlist Generator, which can be downloaded from the Magnet support portal.What two Magnet.AI features can be enabled for searching chat artifacts?Sex -related chats, and Grooming/Luring chats.What is the name of the view in the Artifacts Explorer that displays chat messages in a threaded format ?Conversation viewWhat is the name of the Your Phone database that provides most of the artifacts in AXIOM?Phone.dbWhat built in AXIOM tool is available in the File System Explorer to assist with viewing databases?SQLite ViewerList some of the cloud platforms that AXIOM Cloud can collect data from.Instagram, Twitter, Snapchat, Apple, and Google. There are a few others.What two authentication methods can AXIOM Cloud use to access data from a cloud account ?Passwords and/or TokensWhen collecting Facebook data, are the messages sent via Facebook Messenger available for review? If so, what is the artifact named?Yes - Cloud Facebook Messenger MessagesWhen obtaining data form a Google account and the Gmail Messages are collected, are any message attachments available to be viewed ?Yes - there is an Attachments card in the Cloud Gmail Messages artifact.True/False. Exporting in AXIOM can be performed from the Registry View.FalseWhat option from the File System Explorer allows a user to export artifact details from the case ?Right -click, Export detailsWhat is the file format for a Project VIC 1.3/2.0 export?JSONFrom the File System Explorer, what are the options available for saving files from a case ?Save file / folder to... Save file / folder to ZIPWhen a non -licensed user wants to open a portable case, what file can they use to launch the case in AXIOM Examine?OpenCase.batWhat is the name of the HTML file that will launch the case report?Report.htmlIn the HTML version of the case report, what features can assist the viewer in managing the listed artifacts?