Digital Forensics CH11
Zombies
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.
PCAP
Most packet sniffer tools can read anything captured in ____ format.
3
Most packet sniffers operate on layer 2 or ____ of the OSI model.
Bootable Linux
Helix operates in two modes:Windows Live (GUI or command line) and ____.
SYN Flood
In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
chntpw
The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password.
PsKill
The PSTools ____ kills processes by name or process ID.
Honeynet
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.
False
When intruders break into a network, they rarely leave a trail behind.
Honeypot
A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.
Tcpdump
A common way of examining network traffic is by running the ____ program.
False
Network forensics is a fast, easy process.
True
PsList from PsTools allows you to list detailed information about processes.
True
With the Knoppix STD tools on a portable CD, you can examine almost any network system.
Packet Sniffers
____ are devices and/or software placed on a network to monitor traffic.
Helix
____ can be used to create a bootable forensic CD and perform a live acquisition.
Network Forensics
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.
Network
____ forensics is the systematic tracking of incoming and outgoing traffic on your network.
Layered Network Defense Strategies
____ hide the most valuable data at the innermost part of the network.
RegMon
____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.
Tcpslice
____ is a good tool for extracting information from large Libpcap files.
Snort
____ is a popular network intrusion detection system that performs packet capture and analysis in real time.
PsTools
____ is a suite of tools created by Sysinternals.
dcfldd
____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.
tethereal
____ is the text version of Ethereal, a packet sniffer tool.