Digital Forensics Quiz 9-12

____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity. HTML editors, hexadecimal editors Digital forensics tools, hexadecimal editors Hexadecimal editors, digital forensics tools High-level languages, assembler

" "Digital forensics tools, hexadecimal editors

Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations. DataPilot MOBILedit! BitPim E3:DS

" "E3:DS

The ____ digital network, a faster version of GSM, is designed to deliver data. TDMA D-AMPS EDGE iDEN

" "EDGE

With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive. command-line GUI prompt-based shell-based

" "GUI

The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. Honeyweb Honeypot Honeywall Honeynet

" "Honeynet

TDMA refers to the ____ standard, which introduced sleep mode to enhance battery life. IS-136 IS-195 IS-236 IS-361

" "IS-136

The 3G standard was developed by the ____ under the United Nations. International Telecommunications Union Global System Communications Industry Global Telecommunications Association Telecommunications Industry Association

" "International Telecommunications Union

The SIM file structure begins with the root of the system (____). EF MF DF DCS

" "MF

After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____. vim Notepad+ Nano TextEdit

" "Notepad+

Most packet analyzer tools can read anything captured in ____ format. Pcap DOPI AIATP SYN

" "Pcap

____ cards are usually found in GSM devices and consist of a microprocessor and internal memory. SIM SDD SD MMC

" "SIM

In a(n) ____ attack, the attacker keeps asking your server to establish a connection. brute-force attack ACK flood PCAP attack SYN flood

" "SYN flood

Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel. Time Division Multiple Access Orthogonal Frequency Division Multiplexing Enhanced Data GSM Environment Code Division Multiple Access

" "Time Division Multiple Access

In Facebook the ____ info simply tells you the last time a person logged on. Neoprint extended subscriber basic subscriber advanced subscriber

" "basic subscriber

The data-hiding technique ____ changes data from readable code to data that looks like binary executable code. partition-shifting partition hiding bit-shifting marking bad clusters

" "bit-shifting

In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. temporary checkpoint milestone tracking

" "checkpoint

You begin a digital forensics case by creating a(n) ____. risk assessment report investigation report investigation plan evidence custody form

" "investigation plan

Mobile devices can range from simple phones to ____. smartphones flip phones PDAs feature phones

" "smartphones

____ is a good tool for extracting information from large Libpcap files. tcpslice memfetch john oinkmaster

" "tcpslice

Exchange logs information about changes to its data in a(n) ____ log. tracking transaction checkpoint communication

" "transaction

Criminal investigations are limited to finding data defined in the search ____. order warrant rule scope

" "warrant

In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI. .edb .cfg .mbx .mapi

" ".edb

In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. .msg .eml .pst .ost

" ".pst

By the end of 2008, mobile phones had gone through three generations: analog, digital personal communications service (PCS), and ____. D-AMPS CDMA OFDM 3G

" "3G

____ is a session data probe, collector, and analysis tool. Nmap Pcap TCPcap Argus

" "Argus

People who want to hide data can also use advanced encryption programs, such as PGP or ____. FTK PRTK BestCrypt NTI

" "BestCrypt

____ attacks use every possible letter, number, and character found on a keyboard when cracking a password. Dictionary Profile Brute-force Statistics

" "Brute-force

____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size. Circular logging Automatic logging Server logging Continuous logging

" "Circular logging

The ____ network is a digital version of the original analog standard for cell phones. EDGE TDMA D-AMPS CDMA

" "D-AMPS

____ is a layered network defense strategy developed by the National Security Agency (NSA). Order of volatility Anti-Rootkit Defense in Depth PsShutdown

" "Defense in Depth

Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically. ROM EEPROM EROM PROM

" "EEPROM

____ is a tool for viewing network traffic graphically. john Etherape Ethereal Tcpdump

" "Etherape

Marking bad clusters data-hiding technique is more common with ____ file systems. HFS FAT NTFS Ext2fs

" "FAT

____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question. Email trafficking Email forensics Forensic linguistics Communication forensics

" "Forensic linguistics

AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data. NSRL KFF PKFT NTI

" "KFF

Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values. AES SSH SSL MD5

" "MD5

____ is a forensics software tool containing a built-in write blocker. GSMCon SIMedit 3GPim MOBILedit

" "MOBILedit

Mandiant ____ lists all open network sockets, including those hidden by rootkits. R-Tools Knoppix EnCase Memoryze

" "Memoryze

A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones. MOBILedit Forensic Micro Systemation XRY DataPilor BitPim

" "Micro Systemation XRY

To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message. Advanced Message Properties More General Preferences

" "More

In a Windows environment, BitPim stores files in ____ by default. My Documents\BitPim My Documents\BitPim\Files My Documents\BitPim\Forensics Files My Documents\Forensics Files\BitPim

" "My Documents\BitPim

To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes. NSRL NRP YAFF UFSL

" "NSRL

____ was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files. Tcpdump Netdude Etherape Ethertext

" "Netdude

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. Broadcast forensics Network forensics Computer forensics Traffic forensics

" "Network forensics

____ determines how long a piece of information lasts on a system. Continuity level Order of volatility Liveness Longevity

" "Order of volatility

For personal use, ____ have been replaced by iPods, iPads, and other mobile devices. SDHCs MMCs CFs PDAs

" "PDAs

____ are devices or software placed on a network to monitor traffic. Packet analyzers Bridges Hubs Honeypots

" "Packet analyzers

____ recovery is becoming more common in digital forensic analysis. Image Data Password Partition

" "Password

To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The ""Internet headers"" text box at the bottom of the dialog box contains the message header. Options Properties Message Source Details

" "Properties

____ alters hash values, which makes cracking passwords more difficult. Hybrid attack Rainbow table Salting passwords PRTK

" "Salting passwords

____ increases the time and resources needed to extract, analyze, and present evidence. Investigation plan Litigation path Court order for discovery Scope creep

" "Scope creep

To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____. More options Show original Message properties Options

" "Show original

____ is defined as hiding messages in such a way that only the intended recipient knows the message is there. Marking bad clusters Encryption Steganography Bit shifting

" "Steganography

The ____ digital network divides a radio frequency into time slots. TDMA EDGE FDMA CDMA

" "TDMA

A common way of examining network traffic is by running the ____ program. Coredump Slackdump Netdump Tcpdump

" "Tcpdump

Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____. Telecommunications Industry Association Global System Communications Industry International Telecommunications Union Global Telecommunications Association

" "Telecommunications Industry Association

____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage. Type 4 Type 3 Type 1 Type 2

" "Type 1

Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military. BitPim MOBILedit Forensics UFED Reader DataPilot

" "UFED Reader

Intel ____ has responded to the need for security and performance by producing different CPU designs. Parallels Virtualization Hyper-V KVM Virtualization Technology (VT)

" "Virtualization Technology (VT)

Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo! Twitter Greatmail Zoho Facebook

" "Zoho

E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture

" "client/server architecture

The files that provide helpful information to an e-mail investigation are log files and ____ files. .rts scripts batch configuration

" "configuration

One way to hide partitions is with the Windows disk partition utility, ____. diskpart Norton DiskEdit System Commander PartitionMagic

" "diskpart

Data ____ involves changing or manipulating a file to conceal information. integrity recovery hiding creep

" "hiding

The file system for a SIM card is a ____ structure. hierarchical volatile circular linear

" "hierarchical

The software that runs virtual machines is called a ____. computer server hypervisor host

" "hypervisor

Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure. key escrow password backup steganography key splitting

" "key escrow

Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. SMTP POP3 mbox MIME

" "mbox

The term ____ comes from the Greek word for "hidden writing." hashing escrow steganography creep

" "steganography

In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover. investigation plans subpoenas scope creeps risk assessment reports

" "subpoenas

____ can be programmed to examine TCP headers to fin the SYN flag. Memorizer memfetch tethereal john

" "tethereal

____ is a way to verify the names of domains a message is flowing through. www.google.com www.juno.com www.dkim.org www.whatis.com

" "www.dkim.org

Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack. ISPs soldiers zombies pawns

" "zombies

____ hide the most valuable data at the innermost part of the network. Protocols Firewalls NAT Layered network defense strategies

"Layered network defense strategies

WinHex provides several hashing algorithms, such as MD5 and ____. CRC SHA-1 AES RC4

" " SHA-1

____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /var/log/maillog /etc/sendmail.cf /etc/var/log/maillog

" "/etc/sendmail.cf

Typically, UNIX installations are set to store logs in the ____ directory. /log /etc/var/log /etc/Log /var/log

" "/var/log

Most packet analyzers operate on layer 2 or ____ of the OSI model. 1 3 5 7

" "3

In an e-mail address, everything after the ____ symbol represents the domain name. - # . @

" "@

Developed during WWII, this technology,____, was patented by Qualcomm after the war. GSM iDEN CDMA EDGE

" "CDMA