Computer Security Quiz 12
If you fail to handle evidence properly __________. --None of these. --Law enforcement may not look at it --You may damage the hard drive --It may be unusable in court
It may be unusable in court
T/F: Frequently, the first responder to a computer crime is the network administrator.
True
T/F: The Windows Registry contains a list of USB devices that have been connected to the machine.
True
T/F: The Windows Registry is organized into five sections referred to as hives.
True
T/F: The chain of custody documents the handling of evidence from the moment of seizure until it is presented in court.
True
T/F: Windows logging can be turned on and off with a tool called auditpol.exe.
True
T/F: Windows stores information such as web addresses, search queries, and recently opened files in a file called index.dat.
True
Use the Linux __________ command-line command to wipe the target drive in a forensics examination. --cc --dd --aa --md5sum
dd
The Linux log file that contains activity related to the web server is __________. --/var/log/lpr.log --/var/log/apache2/* --/var/log/apport.log --/var/log/kern.log
/var/log/apache2/*
T/F: In Linux, you use the dd command to set up a target forensics server to receive a copy of a drive.
False
T/F: Most Windows logs are turned on automatically.
False
T/F: The Windows fc command lists any active sessions connected to a computer.
False
T/F: You use the netstat command with a forensic copy of a machine to compare two files and show the differences.
False
Windows stores information on web addresses, search queries, and recently opened files in a file called__________. --explore.exe --default.dat --internet.txt --index.dat
index.dat
Use the Linux __________ command-line command to back up your hard drive if you want to create a hash. --dd --ac --md5sum --cc
md5sum
Documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the __________. --Forensic trail --Chain of custody --Inspection report --Audit trail
Chain of custody
__________ can include logs, portable storage devices, emails, tablets, and cell phones. --Network devices --Computer evidence --The Windows Registry --Ancillary hardware
Computer evidence
__________ is a free tool that can be used to recover Windows files. --SearchIt --FTK Imager --FileRecover --DiskDigger
DiskDigger
Which cell phone state identified by the U.S. National Institute of Standards is a dormant mode that conserves battery life while maintaining user data and performing other background functions? --Quiescent --Nascent/factory default --Semi-active --Active
Quiescent
Usually, the first thing you do to a computer to prevent further tampering is to __________. --Lock it in a secure room --Take it offline --Make a copy --Make a backup
Take it offline