Chapter 14

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Older versions of Internet Explorer stores web browsing information in a file called index.dat. True or False

True

The Windows Registry contains a list of USB devices that have been connected to the machine. True or False

True

The Windows Registry lists USB devices that have been connected to the machine. True or False

True

The chain of custody accounts for the handling of evidence from the moment of seizure until it is presented in court, and documents that handling. True or False

True

Windows logging can be turned on and off with a tool called auditpol.exe. True or False

True

Mahmoud is using a range of Windows utilities to extract information from a computer he is triaging. He has just used the Openfiles command. The command Openfiles shows what? a. Any shared files that are opened b. Any files that are opened c. Any files open with ADS d. Any system files that are opened

a. Any shared files that are opened

In Linux the command to set up a target forensics server to receive a copy of a drive is dd. True or False

False

Most Windows logs are turned on automatically. True or False

False

The Windows command fc lists all active sessions to the computer. True or False

False

netstat is a command you can use with a forensic copy of a machine to compare two files. True or False

False

Frequently the first responder to a computer crime is the network administrator. True or False

True

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? a. Chain of custody b. Policy of separation c. Rules of evidence d. Law of probability

a. Chain of custody

In Windows the log that contains events collected from remote computers is the ____________ log. a. Forwarded Events b. Application c. Applications and services d. System

a. Forwarded Events

Pedro is examining a Windows 7 computer. He has extracted the index.dat file and is examining that file. What is in the Index.dat file? a. General Internet history, file browsing history, and so on for a Windows machine b. All web history for Firefox c. General Internet history, file browsing history, and so on for a Linux machine d. Internet Explorer information

a. General Internet history, file browsing history, and so on for a Windows machine

Why should you note all cable connections for a computer you want to seize as evidence? a. In case other devices were connected b. To know what peripheral devices exist c. To know what outside connections existed d. To know what hardware existed

a. In case other devices were connected

If you fail to handle evidence properly ___________. a. It may be unusable in court. b. You will be part of crime. c. Law enforcement may not look at it. d. You may damage the hard drive.

a. It may be unusable in court.

Usually, the first thing you do to a computer to prevent further tampering is to _________. a. Take it offline b. Lock it in a secure room. c. Make a copy d. Make a backup

a. Take it offline

What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy? a. dd b. MD5 c. mcopy d. image

a. dd

Using Linux to backup your hard drive, if you want to create a hash, you would use the command-line command ___________. a. md5sum b. nd c. dd d. cc

a. md5sum

Ian is performing a forensic examination on a Linux server. He is trying to recover emails. Where does Linux store email server logs? a. /etc/log/mail.* b. /var/log/mail.* c. /mail/log/mail.* d. /server/log/mail.*

b. /var/log/mail.*

_______ is a free tool that can be used to recover Windows files. a. Outlook b. Disk Digger c. FileRecover d. SearchIt

b. Disk Digger

In Windows, the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log. a. ForwardedEvents b. System c. Applications and services d. Application

c. Applications and services

Documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the ________________. a. Hiking trail b. Audit trail c. Chain of custody d. Forensic trail

c. Chain of custody

"Interesting data" is what a. Pornography b. Documents, spreadsheets, and databases c. Data relevant to your investigation d. Schematics or other economic-based information

c. Data relevant to your investigation

You may use Linux to make a ______________ of the hard drive. a. New version b. Screen shot c. Forensically valid copy d. Bootable copy

c. Forensically valid copy

Using Linux to wipe the target drive, the command-line command would be ___ . a. cc b. nd c. dd d. md5sum

c. dd

Windows stores information on web address, search queries, and recently opened files in a file called___________. a. internet.txt b. default.dat c. index.dat d. explore.exe

c. index.dat

The Windows command to list any shared files that are currently open is ___________. a. fc b. ping c. opennfiles d. netstat

c. opennfiles

The Linux log file that contains activity related to the web server is ______. a. /var/log/kern.log b. /var/log/apport.log c. /var/log/lighttpd/* d. /var/log/apaches/*

d. /var/log/apaches/*

The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________. a. /var/log/kern.log b. /var/log/lighttpd/* c. /var/log/apache2/* d. /var/log/apport.log

d. /var/log/apport.log

Which of the following are important to the investigator regarding logging? a. The logging methods b. Log retention c. Location of stored logs d. All of the above

d. All of the above

_________ can include logs, portable storage, emails, tablets, and cell phones a. Security kit b. Network devices c. Ancillary hardware d. Computer evidence

d. Computer evidence

When cataloging digital evidence, the primary goal is to do what? a. Prohibit the computer from being turned off b. Avoid removing the evidence from the scene c. Make bitstream images of all hard drives. d. Preserve evidence integrity

d. Preserve evidence integrity

Frequently the first responder to a computer crime is ________. a. A law enforcement officer b. The news media c. College students d. The network administrator.

d. The network administrator.


Set pelajaran terkait

KF 인도네시아인을 위한 종합 한국어 1권 개정판 05과 하루 일과

View Set

Dichotomous Key practice questions

View Set

That Was Then, This Is Now Chapter 4

View Set

Study Guide for Module 6: Science: Geology

View Set