MCFE Exam Questions and
Answers 100% Verified
How does AXIOM Process identify Encrypted files? - ANSWER - Using Passware
plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files?
- ANSWER - No
What does AXIOM Process search for when identifying Encryption / Anti -forensics
Tools artifacts? - ANSWER - Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? - ANSWER - To
help the examiner expedite their investigation by placing useful artifacts in one
category.
Explain the difference between the Google Searches and Parsed Search Queries
artifacts. - ANSWER - Google Searches is only for searched conducted on Google.
Parsed Search Queries is for all other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? - ANSWER - ONLY
Identifiers -People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. - ANSWER -
Any of the columns from either Identifiers -People or Identifier -s Devices will suffice.
If a keyword Search is conducted form the FILTERS bar, what parts of an EMAIL are
searched? - ANSWER - All Parts
Where is the content of a document displayed in AXIOM Examine? - ANSWER - The
Preview Card in the Details Pane.
, What resource lists the various artifacts search for by AXIOM and the meanings of
the column values? - ANSWER - The Artifact Reference, accessed from Help >
Documentation > Artifact Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the
content of SQLite databases be viewed in AXIOM Examine? - ANSWER - From the
SQLite Viewer within the File System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded
using Chrome. - ANSWER - Any of the columns from the Evidence Pane or Details
Pane will suffice.
What is Session Recovery data? - ANSWER - Information such as last opened tabs,
etc. This is the information that may be stored should the browser quit
unexpectedly, or crash.
Name the database that stores/tracks most of the artifacts generated by Edge and
Internet Explorer v10 and v11. - ANSWER - WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time
be viewed in AXIOM Examine ? - ANSWER - The Evidence Pane or the Details Pane.
What is the potential investigative value of EMAIL Headers? - ANSWER - Headers
main contain accurate timestamps from the email servers, IP addresses, true sender
information, and more.
How can EMAILS with attachments be quickly identified ? - ANSWER - Either by
viewing the Attachments column for data, or by accessing the Email Attachments
artifact category.
When viewing a document's DETAILS, what is the difference between the Created
Date/Time and the File System Created Date/Time? - ANSWER - The Created
Date/Time comes from the document metadata, whereas the File System Created
Date/Time comes from the filesystem itself.
Answers 100% Verified
How does AXIOM Process identify Encrypted files? - ANSWER - Using Passware
plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files?
- ANSWER - No
What does AXIOM Process search for when identifying Encryption / Anti -forensics
Tools artifacts? - ANSWER - Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? - ANSWER - To
help the examiner expedite their investigation by placing useful artifacts in one
category.
Explain the difference between the Google Searches and Parsed Search Queries
artifacts. - ANSWER - Google Searches is only for searched conducted on Google.
Parsed Search Queries is for all other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? - ANSWER - ONLY
Identifiers -People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. - ANSWER -
Any of the columns from either Identifiers -People or Identifier -s Devices will suffice.
If a keyword Search is conducted form the FILTERS bar, what parts of an EMAIL are
searched? - ANSWER - All Parts
Where is the content of a document displayed in AXIOM Examine? - ANSWER - The
Preview Card in the Details Pane.
, What resource lists the various artifacts search for by AXIOM and the meanings of
the column values? - ANSWER - The Artifact Reference, accessed from Help >
Documentation > Artifact Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the
content of SQLite databases be viewed in AXIOM Examine? - ANSWER - From the
SQLite Viewer within the File System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded
using Chrome. - ANSWER - Any of the columns from the Evidence Pane or Details
Pane will suffice.
What is Session Recovery data? - ANSWER - Information such as last opened tabs,
etc. This is the information that may be stored should the browser quit
unexpectedly, or crash.
Name the database that stores/tracks most of the artifacts generated by Edge and
Internet Explorer v10 and v11. - ANSWER - WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time
be viewed in AXIOM Examine ? - ANSWER - The Evidence Pane or the Details Pane.
What is the potential investigative value of EMAIL Headers? - ANSWER - Headers
main contain accurate timestamps from the email servers, IP addresses, true sender
information, and more.
How can EMAILS with attachments be quickly identified ? - ANSWER - Either by
viewing the Attachments column for data, or by accessing the Email Attachments
artifact category.
When viewing a document's DETAILS, what is the difference between the Created
Date/Time and the File System Created Date/Time? - ANSWER - The Created
Date/Time comes from the document metadata, whereas the File System Created
Date/Time comes from the filesystem itself.
