Network Forensics Exam 2

According to the author, only active acquisition and not live acquisitions will modify network devices.

False

All evdeince stored on network devices are non-volitale and must always be collected while the system is not running.

False

The Secure Shell protocol (SSH) is a common way for network investigators to connect through the console port and gain command-line access to network-based evidence.

False

According to the author evidence lives in many places throughout a network and we may choose to gather evidence from network devices which includes

All of the above

What is the DHCP message when the client to server relinquishing the network address?

DHCPRELEASE

According to the author, both SSH and telnet implements the Secure Copy Protocol (SCP) designed to transfer files between networked systems.

False

According to the author, it is best to connect remotely to a network device rather than connecting directly to the console

False

The HTTP protocol uses ______ to perform operations.

Methods

The author states that HTTP operates according to a _______ and ________ model

Request and Response

By default, HTTP servers operate over the protocol of ___ and port number __.

TCP, 80

Tshark uses wireshark's protocol dissection code and the default output displays

The information produced by PSML

According to the author the HyperText Markup Language was developed by

Tim Berners-Lee

According to the author, the Hypertext Transfer Protocol (HTTP) was originally developed in the early's 1900s by

Tim Berners-Lee

According to the author the first web browser was developed by

Tim Berners-Lees

What is the acronym which the author indicates is a string used to specify the location of a resource?

URI

Wireshark displays packets in three (3) panels and the packet ________ shows packets that have been captured, one per line, with very brief details

list