Answers
Plaso's pinfo command (choose all that apply):
Is a command-line interface (CLI) tool.
Filters, sorts and conducts analysis on the plaso database file.
Extracts and processes events in a single step.
Displays infromation about the plaso database file.
Exports file content from a device, media image, or forensic image. - answer- a, d
The regular expression CO*IS will return (instances separated by spaces):
SIOC ISOC SICO COSI
CIS COIS COOIS COOOIS
IS COIS COCOIS COCOCOIS
COAIS COBIS COCIS CODIS
CO IS COI OIS - answer- b
Timeline analysis:
Places the artefact within the context of user and system activity.
Requires an accurate stopwatch.
Is independent of the context of user and system activity.
Is an unimportant component of digital forensic investigations.
Is best used when you are looking to exonerate the suspect. - answer- a
MAC times refer to:
Modified, accessed and created times that are records created by the filesystem as
files are created, edited, or accessed.
Times found on an Apple device.
Modified, accessed and created times that are records created by the operating
system as files are created, edited, or accessed.
Modified, accessed and corrupted times that are records created by the filesystem
as files are created, edited, or accessed.
Made, accessed and created times that are records created by the operating system
as files are created, edited, or accessed. - answer- a