MCFE EXAM QUESTIONS WITH ALL
CORRECT & VERIFIED ANSWERS
How does AXIOM Process identify Encrypted files? Correct answer-Using Passware plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files? Correct
answer-No
What does AXIOM Process search for when identifying Encryption / Anti -forensics Tools artifacts?
Correct answer-Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? Correct answer-To help the
examiner expedite their investigation by placing useful artifacts in one category.
Explain the difference between the Google Searches and Parsed Search Queries artifacts. Correct
answer-Google Searches is only for searched conducted on Google. Parsed Search Queries is for all
other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? Correct answer-ONLY Identifiers -
People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. Correct answer-Any of the
columns from either Identifiers -People or Identifier -s Devices will suffice.
What resource lists the various artifacts search for by AXIOM and the meanings of the column
values? Correct answer-The Artifact Reference, accessed from Help > Documentation > Artifact
Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the content of SQLite
databases be viewed in AXIOM Examine? Correct answer-From the SQLite Viewer within the File
System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded using Chrome.
Correct answer-Any of the columns from the Evidence Pane or Details Pane will suffice.
What is Session Recovery data? Correct answer-Information such as last opened tabs, etc. This is
the information that may be stored should the browser quit unexpectedly, or crash.
Name the database that stores/tracks most of the artifacts generated by Edge and Internet Explorer
v10 and v11. Correct answer-WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time be viewed in
AXIOM Examine ? Correct answer-The Evidence Pane or the Details Pane.
What is the potential investigative value of EMAIL Headers? Correct answer-Headers main contain
accurate timestamps from the email servers, IP addresses, true sender information, and more.
How can EMAILS with attachments be quickly identified ? Correct answer-Either by viewing the
Attachments column for data, or by accessing the Email Attachments artifact category.
CORRECT & VERIFIED ANSWERS
How does AXIOM Process identify Encrypted files? Correct answer-Using Passware plugins.
Does an Encrypted Files artifact display what program was used to encrypt the files? Correct
answer-No
What does AXIOM Process search for when identifying Encryption / Anti -forensics Tools artifacts?
Correct answer-Known executables and data structures.
What is the purpose of the REFINED RESULTS artifact categories? Correct answer-To help the
examiner expedite their investigation by placing useful artifacts in one category.
Explain the difference between the Google Searches and Parsed Search Queries artifacts. Correct
answer-Google Searches is only for searched conducted on Google. Parsed Search Queries is for all
other search engines, like Bing, Yahoo, etc.
What REFINED RESULTS artifacts are used to create a Profile? Correct answer-ONLY Identifiers -
People and Identifiers -Devices.
Name at least three sources of information for the Identifiers artifacts. Correct answer-Any of the
columns from either Identifiers -People or Identifier -s Devices will suffice.
What resource lists the various artifacts search for by AXIOM and the meanings of the column
values? Correct answer-The Artifact Reference, accessed from Help > Documentation > Artifact
Reference.
Firefox and Chrome store much of their data in SQLite databases. How can the content of SQLite
databases be viewed in AXIOM Examine? Correct answer-From the SQLite Viewer within the File
System Explorer.
Name three pieces of information displayed in AXIOM Examine for a file downloaded using Chrome.
Correct answer-Any of the columns from the Evidence Pane or Details Pane will suffice.
What is Session Recovery data? Correct answer-Information such as last opened tabs, etc. This is
the information that may be stored should the browser quit unexpectedly, or crash.
Name the database that stores/tracks most of the artifacts generated by Edge and Internet Explorer
v10 and v11. Correct answer-WebCacheV01.dat
Where can EMAIL specific information such as Subject, To, From, and Received Time be viewed in
AXIOM Examine ? Correct answer-The Evidence Pane or the Details Pane.
What is the potential investigative value of EMAIL Headers? Correct answer-Headers main contain
accurate timestamps from the email servers, IP addresses, true sender information, and more.
How can EMAILS with attachments be quickly identified ? Correct answer-Either by viewing the
Attachments column for data, or by accessing the Email Attachments artifact category.
