Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpt65

312-49v9 Questions and Answers

Question # 6

Email archiving is a systematic approach to save and protect the data contained in emails so that it can be accessed fast at a later date. There are two main archive types, namely Local Archive and Server Storage Archive. Which of the following statements is correct while dealing with local archives?

A.

Server storage archives are the server information and settings stored on a local system, whereas the local archives are the local email client information stored on the mail server

B.

It is difficult to deal with the webmail as there is no offline archive in most cases. So consult your counsel on the case as to the best way to approach and gain access to the required data on servers

C.

Local archives should be stored together with the server storage archives in order to be admissible in a court of law

D.

Local archives do not have evidentiary value as the email client may alter the message data

Full Access
Question # 7

Which of the following files store the MySQL database data permanently, including the data that had been deleted, helping the forensic investigator in examining the case and finding the culprit?

A.

mysql-bin

B.

mysql-log

C.

iblog

D.

ibdata1

Full Access
Question # 8

Which layer of iOS architecture should a forensics investigator evaluate to analyze services such as Threading, File Access, Preferences, Networking and high-level features?

A.

Core Services

B.

Media services

C.

Cocoa Touch

D.

Core OS

Full Access
Question # 9

What does the command “C:\>wevtutil gl ” display?

A.

Configuration information of a specific Event Log

B.

Event logs are saved in .xml format

C.

Event log record structure

D.

List of available Event Logs

Full Access
Question # 10

Sectors in hard disks typically contain how many bytes?

A.

256

B.

512

C.

1024

D.

2048

Full Access
Question # 11

When examining a file with a Hex Editor, what space does the file header occupy?

A.

the last several bytes of the file

B.

the first several bytes of the file

C.

none, file headers are contained in the FAT

D.

one byte at the beginning of the file

Full Access
Question # 12

When you carve an image, recovering the image depends on which of the following skills?

A.

Recognizing the pattern of the header content

B.

Recovering the image from a tape backup

C.

Recognizing the pattern of a corrupt file

D.

Recovering the image from the tape backup

Full Access
Question # 13

Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?

A.

Globally unique ID

B.

Microsoft Virtual Machine Identifier

C.

Personal Application Protocol

D.

Individual ASCII string

Full Access
Question # 14

You are assigned to work in the computer forensics lab of a state police agency. While working on a high profile criminal case, you have followed every applicable procedure, however your boss is still concerned that the defense attorney might question whether evidence has been changed while at the lab. What can you do to prove that the evidence is the same as it was when it first entered the lab?

A.

make an MD5 hash of the evidence and compare it with the original MD5 hash that was taken when the evidence first entered the lab

B.

make an MD5 hash of the evidence and compare it to the standard database developed by NIST

C.

there is no reason to worry about this possible claim because state labs are certified

D.

sign a statement attesting that the evidence is the same as it was when it entered the lab

Full Access
Question # 15

When investigating a potential e-mail crime, what is your first step in the investigation?

A.

Trace the IP address to its origin

B.

Write a report

C.

Determine whether a crime was actually committed

D.

Recover the evidence

Full Access
Question # 16

What will the following command accomplish?

A.

Test ability of a router to handle over-sized packets

B.

Test the ability of a router to handle under-sized packets

C.

Test the ability of a WLAN to handle fragmented packets

D.

Test the ability of a router to handle fragmented packets

Full Access
Question # 17

The offset in a hexadecimal code is:

A.

The last byte after the colon

B.

The 0x at the beginning of the code

C.

The 0x at the end of the code

D.

The first byte after the colon

Full Access
Question # 18

You are employed directly by an attorney to help investigate an alleged sexual harassment case at a large pharmaceutical manufacture. While at the corporate office of the company, the CEO demands to know the status of the investigation. What prevents you from discussing the case with the CEO?

A.

the attorney-work-product rule

B.

Good manners

C.

Trade secrets

D.

ISO 17799

Full Access
Question # 19

When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:

A.

Recycle Bin

B.

MSDOS.sys

C.

BIOS

D.

Case files

Full Access
Question # 20

Which of the following is a database in which information about every file and directory on an NT File System (NTFS) volume is stored?

A.

Volume Boot Record

B.

Master Boot Record

C.

GUID Partition Table

D.

Master File Table

Full Access
Question # 21

This type of testimony is presented by someone who does the actual fieldwork and does not offer a view in court.

A.

Civil litigation testimony

B.

Expert testimony

C.

Victim advocate testimony

D.

Technical testimony

Full Access
Question # 22

Heather, a computer forensics investigator, is assisting a group of investigators working on a large computer fraud case involving over 20 people. These 20 people, working in different offices, allegedly siphoned off money from many different client accounts. Heather responsibility is to find out how the accused people communicated between each other. She has searched their email and their computers and has not found any useful evidence. Heather then finds some possibly useful evidence under the desk of one of the accused.

In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then finds the same exact piece of plastic with holes at many of the other accused peoples desks. Heather believes that the 20 people involved in the case were using a cipher to send secret messages in between each other. What type of cipher was used by the accused in this case?

A.

Grill cipher

B.

Null cipher

C.

Text semagram

D.

Visual semagram

Full Access
Question # 23

When operating systems mark a cluster as used but not allocated, the cluster is considered as _________

A.

Corrupt

B.

Bad

C.

Lost

D.

Unallocated

Full Access
Question # 24

Which US law does the interstate or international transportation and receiving of child pornography fall under?

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

Full Access
Question # 25

Jack Smith is a forensics investigator who works for Mason Computer Investigation Services. He is investigating a computer that was infected by Ramen Virus.

He runs the netstat command on the machine to see its current connections. In the following screenshot, what do the 0.0.0.0 IP addresses signify?

 

A.

Those connections are established

B.

Those connections are in listening mode

C.

Those connections are in closed/waiting mode

D.

Those connections are in timed out/waiting mode

Full Access
Question # 26

Pagefile.sys is a virtual memory file used to expand the physical memory of a computer. Select the registry path for the page file:

A.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

B.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\System Management

C.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Device Management

D.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters

Full Access
Question # 27

Linux operating system has two types of typical bootloaders namely LILO (Linux Loader) and GRUB (Grand Unified Bootloader). In which stage of the booting process do the bootloaders become active?

A.

Bootloader Stage

B.

Kernel Stage

C.

BootROM Stage

D.

BIOS Stage

Full Access
Question # 28

Company ABC has employed a firewall, IDS, Antivirus, Domain Controller, and SIEM. The company’s domain controller goes down. From which system would you begin your investigation?

A.

Domain Controller

B.

Firewall

C.

SIEM

D.

IDS

Full Access
Question # 29

A small law firm located in the Midwest has possibly been breached by a computer hacker looking to obtain information on their clientele. The law firm does not have any on-site IT employees, but wants to search for evidence of the breach themselves to prevent any possible media attention. Why would this not be recommended?

A.

Searching for evidence themselves would not have any ill effects

B.

Searching could possibly crash the machine or device

C.

Searching creates cache files, which would hinder the investigation

D.

Searching can change date/time stamps

Full Access
Question # 30

What stage of the incident handling process involves reporting events?

A.

Containment

B.

Follow-up

C.

Identification

D.

Recovery

Full Access
Question # 31

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level. How long will the team have to respond to the incident?

A.

One working day

B.

Two working days

C.

Immediately

D.

Four hours

Full Access
Question # 32

To which phase of the Computer Forensics Investigation Process does the Planning and Budgeting of a Forensics Lab belong?

A.

Post-investigation Phase

B.

Reporting Phase

C.

Pre-investigation Phase

D.

Investigation Phase

Full Access
Question # 33

Which of the following Event Correlation Approach checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields?

A.

Rule-Based Approach

B.

Automated Field Correlation

C.

Field-Based Approach

D.

Graph-Based Approach

Full Access
Question # 34

What method of copying should always be performed first before carrying out an investigation?

A.

Parity-bit copy

B.

Bit-stream copy

C.

MS-DOS disc copy

D.

System level copy

Full Access
Question # 35

Which code does the FAT file system use to mark the file as deleted?

A.

ESH

B.

5EH

C.

H5E

D.

E5H

Full Access
Question # 36

When should an MD5 hash check be performed when processing evidence?

A.

After the evidence examination has been completed

B.

On an hourly basis during the evidence examination

C.

Before and after evidence examination

D.

Before the evidence examination has been completed

Full Access
Question # 37

Which of the following tool enables data acquisition and duplication?

A.

Colasoft’s Capsa

B.

DriveSpy

C.

Wireshark

D.

Xplico

Full Access
Question # 38

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents. The picture quality is not degraded at all from this process. What kind of picture is this file. What kind of picture is this file?

A.

Raster image

B.

Vector image

C.

Metafile image

D.

Catalog image

Full Access
Question # 39

What technique is used by JPEGs for compression?

A.

ZIP

B.

TCD

C.

DCT

D.

TIFF-8

Full Access
Question # 40

While searching through a computer under investigation, you discover numerous files that appear to have had the first letter of the file name replaced by the hex code byte 5h. What does this indicate on the computer?

A.

The files have been marked as hidden

B.

The files have been marked for deletion

C.

The files are corrupt and cannot be recovered

D.

The files have been marked as read-only

Full Access
Question # 41

Which rule requires an original recording to be provided to prove the content of a recording?

A.

1004

B.

1002

C.

1003

D.

1005

Full Access
Question # 42

What type of attack sends SYN requests to a target system with spoofed IP addresses?

A.

SYN flood

B.

Ping of death

C.

Cross site scripting

D.

Land

Full Access
Question # 43

Which of the following Event Correlation Approach is an advanced correlation method that assumes and predicts what an attacker can do next after the attack by studying the statistics and probability and uses only two variables?

A.

Bayesian Correlation

B.

Vulnerability-Based Approach

C.

Rule-Based Approach

D.

Route Correlation

Full Access
Question # 44

Which response organization tracks hoaxes as well as viruses?

A.

NIPC

B.

FEDCIRC

C.

CERT

D.

CIAC

Full Access
Question # 45

If you plan to startup a suspect's computer, you must modify the ___________ to ensure that you do not contaminate or alter data on the suspect's hard drive by booting to the hard drive.

A.

deltree command

B.

CMOS

C.

Boot.sys

D.

Scandisk utility

Full Access
Question # 46

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

A.

The registry

B.

The swap file

C.

The recycle bin

D.

The metadata

Full Access
Question # 47

Your company uses Cisco routers exclusively throughout the network. After securing the routers to the best of your knowledge, an outside security firm is brought in to assess the network security.

Although they found very few issues, they were able to enumerate the model, OS version, and capabilities for all your Cisco routers with very little effort. Which feature will you disable to eliminate the ability to enumerate this information on your Cisco routers?

A.

Border Gateway Protocol

B.

Cisco Discovery Protocol

C.

Broadcast System Protocol

D.

Simple Network Management Protocol

Full Access
Question # 48

At what layer of the OSI model do routers function on?

A.

4

B.

3

C.

1

D.

5

Full Access
Question # 49

Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?

A.

the Microsoft Virtual Machine Identifier

B.

the Personal Application Protocol

C.

the Globally Unique ID

D.

the Individual ASCII String

Full Access
Question # 50

When setting up a wireless network with multiple access points, why is it important to set each access point on a different channel?

A.

Multiple access points can be set up on the same channel without any issues

B.

Avoid over-saturation of wireless signals

C.

So that the access points will work on different frequencies

D.

Avoid cross talk

Full Access
Question # 51

When obtaining a warrant, it is important to:

A.

particularlydescribe the place to be searched and particularly describe the items to be seized

B.

generallydescribe the place to be searched and particularly describe the items to be seized

C.

generallydescribe the place to be searched and generally describe the items to be seized

D.

particularlydescribe the place to be searched and generally describe the items to be seized

Full Access
Question # 52

You are working in the security Department of law firm. One of the attorneys asks you about the topic of sending fake email because he has a client who has been charged with doing just that. His client alleges that he is innocent and that there is no way for a fake email to actually be sent. You inform the attorney that his client is mistaken and that fake email is possibility and that you can prove it. You return to your desk and craft a fake email to the attorney that appears to come from his boss. What port do you send the email to on the company SMTP server?

A.

10

B.

25

C.

110

D.

135

Full Access
Question # 53

You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so Quickly?

A.

Passwords of 14 characters or less are broken up into two 7-character hashes

B.

A password Group Policy change takes at least 3 weeks to completely replicate throughout a network

C.

Networks using Active Directory never use SAM databases so the SAM database pulled was empty

D.

The passwords that were cracked are local accounts on the Domain Controller

Full Access
Question # 54

Kimberly is studying to be an IT security analyst at a vocational school in her town. The school offers many different programming as well as networking languages. What networking protocol language should she learn that routers utilize?

A.

ATM

B.

UDP

C.

BPG

D.

OSPF

Full Access
Question # 55

Terri works for a security consulting firm that is currently performing a penetration test on First National Bank in Tokyo. Terri's duties include bypassing firewalls and switches to gain access to the network. Terri sends an IP packet to one of the company's switches with ACK bit and the source address of her machine set. What is Terri trying to accomplish by sending this IP packet?

A.

Trick the switch into thinking it already has a session with Terri's computer

B.

Poison the switch's MAC address table by flooding it with ACK bits

C.

Crash the switch with a DoS attack since switches cannot send ACK bits

D.

Enable tunneling feature on the switch

Full Access
Question # 56

Jason has set up a honeypot environment by creating a DMZ that has no physical or logical access to his production network. In this honeypot, he has placed a server running Windows Active Directory. He has also placed a Web server in the DMZ that services a number of web pages that offer visitors a chance to download sensitive information by clicking on a button. A week later, Jason finds in his network logs how an intruder accessed the honeypot and downloaded sensitive information. Jason uses the logs to try and prosecute the intruder for stealing sensitive corporate information. Why will this not be viable?

A.

Entrapment

B.

Enticement

C.

Intruding into a honeypot is not illegal

D.

Intruding into a DMZ is not illegal

Full Access
Question # 57

In the context of file deletion process, which of the following statement holds true?

A.

When files are deleted, the data is overwritten and the cluster marked as available

B.

The longer a disk is in use, the less likely it is that deleted files will be overwritten

C.

While booting, the machine may create temporary files that can delete evidence

D.

Secure delete programs work by completely overwriting the file in one go

Full Access
Question # 58

How many sectors will a 125 KB file use in a FAT32 file system?

A.

32

B.

16

C.

256

D.

25

Full Access
Question # 59

Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?

A.

18 U.S.C. 1029 Possession of Access Devices

B.

18 U.S.C. 1030 Fraud and related activity in connection with computers

C.

18 U.S.C. 1343 Fraud by wire, radio or television

D.

18 U.S.C. 1361 Injury to Government Property

E.

18 U.S.C. 1362 Government communication systems

F.

18 U.S.C. 1831 Economic Espionage Act

G.

18 U.S.C. 1832 Trade Secrets Act

Full Access
Question # 60

In what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing with evidence in a civil case?

A.

evidence must be handled in the same way regardless of the type of case

B.

evidence procedures are not important unless you work for a law enforcement agency

C.

evidence in a criminal case must be secured more tightly than in a civil case

D.

evidence in a civil case must be secured more tightly than in a criminal case

Full Access
Question # 61

This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.

A.

Master Boot Record (MBR)

B.

Master File Table (MFT)

C.

File Allocation Table (FAT)

D.

Disk Operating System (DOS)

Full Access
Question # 62

Which among the following files provides email header information in the Microsoft Exchange server?

A.

gwcheck.db

B.

PRIV.EDB

C.

PUB.EDB

D.

PRIV.STM

Full Access
Question # 63

Why is it still possible to recover files that have been emptied from the Recycle Bin on a Windows computer?

A.

The data is still present until the original location of the file is used

B.

The data is moved to the Restore directory and is kept there indefinitely

C.

The data will reside in the L2 cache on a Windows computer until it is manually deleted

D.

It is not possible to recover data that has been emptied from the Recycle Bin

Full Access
Question # 64

In Windows Security Event Log, what does an event id of 530 imply?

A.

Logon Failure – Unknown user name or bad password

B.

Logon Failure – User not allowed to logon at this computer

C.

Logon Failure – Account logon time restriction violation

D.

Logon Failure – Account currently disabled

Full Access
Question # 65

What type of equipment would a forensics investigator store in a StrongHold bag?

A.

PDAPDA?

B.

Backup tapes

C.

Hard drives

D.

Wireless cards

Full Access
Question # 66

NTFS has reduced slack space than FAT, thus having lesser potential to hide data in the slack space. This is because:

A.

FAT does not index files

B.

NTFS is a journaling file system

C.

NTFS has lower cluster size space

D.

FAT is an older and inefficient file system

Full Access
Question # 67

When investigating a wireless attack, what information can be obtained from the DHCP logs?

A.

The operating system of the attacker and victim computers

B.

IP traffic between the attacker and the victim

C.

MAC address of the attacker

D.

If any computers on the network are running in promiscuous mode

Full Access
Question # 68

Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?

A.

Cross Examination

B.

Direct Examination

C.

Indirect Examination

D.

Witness Examination

Full Access
Question # 69

In a Linux-based system, what does the command “Last -F” display?

A.

Login and logout times and dates of the system

B.

Last run processes

C.

Last functions performed

D.

Recently opened files

Full Access
Question # 70

Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?

A.

ff d8 ff

B.

25 50 44 46

C.

d0 0f 11 e0

D.

50 41 03 04

Full Access
Question # 71

Rusty, a computer forensics apprentice, uses the command nbtstat –c while analyzing the network information in a suspect system. What information is he looking for?

A.

Contents of the network routing table

B.

Status of the network carrier

C.

Contents of the NetBIOS name cache

D.

Network connections

Full Access
Question # 72

Select the data that a virtual memory would store in a Windows-based system.

A.

Information or metadata of the files

B.

Documents and other files

C.

Application data

D.

Running processes

Full Access
Question # 73

Which of the following is a tool to reset Windows admin password?

A.

R-Studio

B.

Windows Password Recovery Bootdisk

C.

Windows Data Recovery Software

D.

TestDisk for Windows

Full Access
Question # 74

Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses' testimony during federal legal proceedings?

A.

SWGDE & SWGIT

B.

IOCE

C.

Frye

D.

Daubert

Full Access
Question # 75

Which part of Metasploit framework helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

A.

Waffen FS

B.

RuneFS

C.

FragFS

D.

Slacker

Full Access
Question # 76

Which of the following attack uses HTML tags like ?

A.

Phishing

B.

XSS attack

C.

SQL injection

D.

Spam

Full Access
Question # 77

Which of the following setups should a tester choose to analyze malware behavior?

A.

A virtual system with internet connection

B.

A normal system without internet connect

C.

A normal system with internet connection

D.

A virtual system with network simulation for internet connection

Full Access
Question # 78

What is an investigator looking for in the rp.log file stored in a system running on Windows 10 operating system?

A.

Restore point interval

B.

Automatically created restore points

C.

System CheckPoints required for restoring

D.

Restore point functions

Full Access
Question # 79

James is dealing with a case regarding a cybercrime that has taken place in Arizona, USA. James needs to lawfully seize the evidence from an electronic device without affecting the user's anonymity. Which of the following law should he comply with, before retrieving the evidence?

A.

First Amendment of the U.S. Constitution

B.

Fourth Amendment of the U.S. Constitution

C.

Third Amendment of the U.S. Constitution

D.

Fifth Amendment of the U.S. Constitution

Full Access
Question # 80

Which of the following statements is true regarding SMTP Server?

A.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her designation before passing it to the DNS Server

B.

SMTP Server breaks the recipient's address into Recipient’s name and recipient’s address before passing it to the DNS Server

C.

SMTP Server breaks the recipient’s address into Recipient’s name and domain name before passing it to the DNS Server

D.

SMTP Server breaks the recipient’s address into Recipient’s name and his/her initial before passing it to the DNS Server

Full Access
Question # 81

Which of the following tool is used to locate IP addresses?

A.

SmartWhois

B.

Deep Log Analyzer

C.

Towelroot

D.

XRY LOGICAL

Full Access
Question # 82

You need to deploy a new web-based software package for your organization. The package requires three separate servers and needs to be available on the Internet. What is the recommended architecture in terms of server placement?

A.

All three servers need to be placed internally

B.

A web server and the database server facing the Internet, an application server on the internal network

C.

A web server facing the Internet, an application server on the internal network, a database server on the internal network

D.

All three servers need to face the Internet so that they can communicate between themselves

Full Access
Question # 83

Which of the following network attacks refers to sending huge volumes of email to an address in an attempt to overflow the mailbox or overwhelm the server where the email address is hosted so as to cause a denial-of-service attack?

A.

Email spamming

B.

Phishing

C.

Email spoofing

D.

Mail bombing

Full Access
Question # 84

Identify the term that refers to individuals who, by virtue of their knowledge and expertise, express an independent opinion on a matter related to a case based on the information that is provided.

A.

Expert Witness

B.

Evidence Examiner

C.

Forensic Examiner

D.

Defense Witness

Full Access
Question # 85

Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.

A.

DevScan

B.

Devcon

C.

fsutil

D.

Reg.exe

Full Access
Question # 86

James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?

A.

Cross Site Request Forgery

B.

Cookie Tampering

C.

Parameter Tampering

D.

Session Fixation Attack

Full Access
Question # 87

Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?

A.

PaaS model

B.

IaaS model

C.

SaaS model

D.

SecaaS model

Full Access
Question # 88

Examination of a computer by a technically unauthorized person will almost always result in:

A.

Rendering any evidence found inadmissible in a court of law

B.

Completely accurate results of the examination

C.

The chain of custody being fully maintained

D.

Rendering any evidence found admissible in a court of law

Full Access