Review Answers

                   1.  A – Section 2 – Port Scanning:  The
                   Identification phase of a cloud forensics
                   investigation involves processing data
                   through manual and automated methods to
                   determine whether or not said data can be
                   used in a legal investigation.
                   2.  C – Section 2 – Port Scanning:  No response.
                   This is often due to a firewalled ports being
                   filtered, or possibly the packets being lost due
                   to network congestion.

                   3.  D – Section 4 – Countermeasures:  Standard
                   Framework – Establishing frameworks of
                   trust on an employee/personnel level.

                   4.  D – Section 4 – Countermeasures:
                   Scrutinizing Information – Identifying which
                   information is sensitive and evaluating its
                   exposure to social engineering and
                   breakdowns in security systems.
                   5.  C – Section 4 – Countermeasures:  Security
                   Protocols – Establishing security protocols,
                   policies, and procedures for handling sensitive
                   information.
                   6.  B – Section 4 – Countermeasures:  Training
                   to Employees – Training employees in security
                   protocols relevant to their position.
                   7.  C – Section 5 – Banner Grabbing:  ID Serve –
                   can be used to identify the make, model and



                                                               429