Digital Forensics Quiz 9-12
" "PDAs
For personal use, ____ have been replaced by iPods, iPads, and other mobile devices. SDHCs MMCs CFs PDAs
" "zombies
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack. ISPs soldiers zombies pawns
" "Memoryze
Mandiant ____ lists all open network sockets, including those hidden by rootkits. R-Tools Knoppix EnCase Memoryze
" "key escrow
Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure. key escrow password backup steganography key splitting
" "MD5
Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values. AES SSH SSL MD5
" "FAT
Marking bad clusters data-hiding technique is more common with ____ file systems. HFS FAT NTFS Ext2fs
" "smartphones
Mobile devices can range from simple phones to ____. smartphones flip phones PDAs feature phones
" "Order of volatility
____ determines how long a piece of information lasts on a system. Continuity level Order of volatility Liveness Longevity
" "Digital forensics tools, hexadecimal editors
____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity. HTML editors, hexadecimal editors Digital forensics tools, hexadecimal editors Hexadecimal editors, digital forensics tools High-level languages, assembler
"Layered network defense strategies
____ hide the most valuable data at the innermost part of the network. Protocols Firewalls NAT Layered network defense strategies
" "Type 1
____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage. Type 4 Type 3 Type 1 Type 2
" "Scope creep
____ increases the time and resources needed to extract, analyze, and present evidence. Investigation plan Litigation path Court order for discovery Scope creep
" "MOBILedit
____ is a forensics software tool containing a built-in write blocker. GSMCon SIMedit 3GPim MOBILedit
" "tcpslice
____ is a good tool for extracting information from large Libpcap files. tcpslice memfetch john oinkmaster
" "Defense in Depth
____ is a layered network defense strategy developed by the National Security Agency (NSA). Order of volatility Anti-Rootkit Defense in Depth PsShutdown
" "Argus
____ is a session data probe, collector, and analysis tool. Nmap Pcap TCPcap Argus
" "Etherape
____ is a tool for viewing network traffic graphically. john Etherape Ethereal Tcpdump
" "www.dkim.org
____ is a way to verify the names of domains a message is flowing through. www.google.com www.juno.com www.dkim.org www.whatis.com
" "Steganography
____ is defined as hiding messages in such a way that only the intended recipient knows the message is there. Marking bad clusters Encryption Steganography Bit shifting
" "Password
____ recovery is becoming more common in digital forensic analysis. Image Data Password Partition
" "Forensic linguistics
____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question. Email trafficking Email forensics Forensic linguistics Communication forensics
" "Netdude
____ was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files. Tcpdump Netdude Etherape Ethertext
" "client/server architecture
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture
" "transaction
Exchange logs information about changes to its data in a(n) ____ log. tracking transaction checkpoint communication
" "MF
The SIM file structure begins with the root of the system (____). EF MF DF DCS
" "Honeynet
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. Honeyweb Honeypot Honeywall Honeynet
" "TDMA
The ____ digital network divides a radio frequency into time slots. TDMA EDGE FDMA CDMA
" "EDGE
The ____ digital network, a faster version of GSM, is designed to deliver data. TDMA D-AMPS EDGE iDEN
" "D-AMPS
The ____ network is a digital version of the original analog standard for cell phones. EDGE TDMA D-AMPS CDMA
" "bit-shifting
The data-hiding technique ____ changes data from readable code to data that looks like binary executable code. partition-shifting partition hiding bit-shifting marking bad clusters
" "hierarchical
The file system for a SIM card is a ____ structure. hierarchical volatile circular linear
" "configuration
The files that provide helpful information to an e-mail investigation are log files and ____ files. .rts scripts batch configuration
" "hypervisor
The software that runs virtual machines is called a ____. computer server hypervisor host
" "steganography
The term ____ comes from the Greek word for "hidden writing." hashing escrow steganography creep
" "Tcpdump
A common way of examining network traffic is by running the ____ program. Coredump Slackdump Netdump Tcpdump
" "Micro Systemation XRY
A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones. MOBILedit Forensic Micro Systemation XRY DataPilor BitPim
" "KFF
AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data. NSRL KFF PKFT NTI
" "Notepad+
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____. vim Notepad+ Nano TextEdit
" "3G
By the end of 2008, mobile phones had gone through three generations: analog, digital personal communications service (PCS), and ____. D-AMPS CDMA OFDM 3G
" "UFED Reader
Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military. BitPim MOBILedit Forensics UFED Reader DataPilot
" "warrant
Criminal investigations are limited to finding data defined in the search ____. order warrant rule scope
" "hiding
Data ____ involves changing or manipulating a file to conceal information. integrity recovery hiding creep
" "CDMA
Developed during WWII, this technology,____, was patented by Qualcomm after the war. GSM iDEN CDMA EDGE
" "Time Division Multiple Access
Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel. Time Division Multiple Access Orthogonal Frequency Division Multiplexing Enhanced Data GSM Environment Code Division Multiple Access
" "checkpoint
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. temporary checkpoint milestone tracking
" "basic subscriber
In Facebook the ____ info simply tells you the last time a person logged on. Neoprint extended subscriber basic subscriber advanced subscriber
" ".edb
In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI. .edb .cfg .mbx .mapi
" ".pst
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. .msg .eml .pst .ost
" "My Documents\BitPim
In a Windows environment, BitPim stores files in ____ by default. My Documents\BitPim My Documents\BitPim\Files My Documents\BitPim\Forensics Files My Documents\Forensics Files\BitPim
" "SYN flood
In a(n) ____ attack, the attacker keeps asking your server to establish a connection. brute-force attack ACK flood PCAP attack SYN flood
" "@
In an e-mail address, everything after the ____ symbol represents the domain name. - # . @
" "subpoenas
In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover. investigation plans subpoenas scope creeps risk assessment reports
" "Virtualization Technology (VT)
Intel ____ has responded to the need for security and performance by producing different CPU designs. Parallels Virtualization Hyper-V KVM Virtualization Technology (VT)
" "Telecommunications Industry Association
Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____. Telecommunications Industry Association Global System Communications Industry International Telecommunications Union Global Telecommunications Association
" "Pcap
Most packet analyzer tools can read anything captured in ____ format. Pcap DOPI AIATP SYN
" "3
Most packet analyzers operate on layer 2 or ____ of the OSI model. 1 3 5 7
" "diskpart
One way to hide partitions is with the Windows disk partition utility, ____. diskpart Norton DiskEdit System Commander PartitionMagic
" "E3:DS
Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations. DataPilot MOBILedit! BitPim E3:DS
" "BestCrypt
People who want to hide data can also use advanced encryption programs, such as PGP or ____. FTK PRTK BestCrypt NTI
" "mbox
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. SMTP POP3 mbox MIME
" "Zoho
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo! Twitter Greatmail Zoho Facebook
" "IS-136
TDMA refers to the ____ standard, which introduced sleep mode to enhance battery life. IS-136 IS-195 IS-236 IS-361
" "International Telecommunications Union
The 3G standard was developed by the ____ under the United Nations. International Telecommunications Union Global System Communications Industry Global Telecommunications Association Telecommunications Industry Association
" "NSRL
To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes. NSRL NRP YAFF UFSL
" "Properties
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The ""Internet headers"" text box at the bottom of the dialog box contains the message header. Options Properties Message Source Details
" "Show original
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____. More options Show original Message properties Options
" "More
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message. Advanced Message Properties More General Preferences
" "/var/log
Typically, UNIX installations are set to store logs in the ____ directory. /log /etc/var/log /etc/Log /var/log
" "EEPROM
Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically. ROM EEPROM EROM PROM
" " SHA-1
WinHex provides several hashing algorithms, such as MD5 and ____. CRC SHA-1 AES RC4
" "GUI
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive. command-line GUI prompt-based shell-based
" "investigation plan
You begin a digital forensics case by creating a(n) ____. risk assessment report investigation report investigation plan evidence custody form
" "Circular logging
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size. Circular logging Automatic logging Server logging Continuous logging
" "Salting passwords
____ alters hash values, which makes cracking passwords more difficult. Hybrid attack Rainbow table Salting passwords PRTK
" "Packet analyzers
____ are devices or software placed on a network to monitor traffic. Packet analyzers Bridges Hubs Honeypots
" "Brute-force
____ attacks use every possible letter, number, and character found on a keyboard when cracking a password. Dictionary Profile Brute-force Statistics
" "tethereal
____ can be programmed to examine TCP headers to fin the SYN flag. Memorizer memfetch tethereal john
" "Network forensics
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. Broadcast forensics Network forensics Computer forensics Traffic forensics
" "SIM
____ cards are usually found in GSM devices and consist of a microprocessor and internal memory. SIM SDD SD MMC
" "/etc/sendmail.cf
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /var/log/maillog /etc/sendmail.cf /etc/var/log/maillog