601 - 700`

Ace your homework & exams now with Quizwiz!

Hex encoding

53cscript%3ealert("XXXXXXXX")%3c/script%3e, a script obtained from a XSS attack has ___________ encoding employed

file fingerprinting

A forensics executive suspects that a malware is continuously making copies of files and folders on a victim system to consume the available disk space. A _____ test would confirm his claim.

PUB.STM

After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. _____ is not an actual part of the archive.

cloud as a subject

An attacker has compromised a cloud environment of a company and used the employee information to perform an identity theft attack. What type of an attack is this?

Electronic Serial Number (ESN)

An investigator has found certain details after analysis of a mobile device. What can reveal the manufacturer information?

no deceptive subject lines to be used

CAN-SPAM act requires

unlimited

Capacity of recycle bin in a system running on windows vista

file header

Check the _______ to verify that a file has the correct extension

ESE Database

Contains Edge browsers browsing records, including history, cache and cookies.

checking for forward slash used in HTML closing tags, its hex or double-encoded hex equivalent

During an investigation of an XSS attack, the investigator comes across the term "[a-Za-z0-9\%]+" in analyzed evidence details. This expression is used for

it will always be different.

In which implementation of RAID will the image of a hardware RAID volume be different from the image taken separately from the disks?

model.ldf

Joshua is analyzing a MSSQL database for finding the attack evidence and other details; he should look into the ______ for the database logs

Messaging Application Programming Interface (MAPI)

Microsoft Exchange Email server uses _____ for collaboration of various email applications

checksum

NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DRF). ________ is not a part of DDF.

HKLM

Stores microsoft security IDs

GUID Partition Table (GPT)

UEFI, a specification that defines a software interface between an OS and platform firmware, stores information about files present on a disk in the

GLBA

US Law that requires financial institutions to protect their customers information against security threats.

list of connections made to other systems

What can be obtained from the NetBIOS name table cache?

Windows 7

Which OS does not use an UEFI based interface?

/proc

Which directory in a linux system should the investigators look for its current state data if the system is in powered on state?

NTFS

Which file system uses a MFT database to store information about every file and directory on a volume?

Electronic Storage Device Search Warrant

allows the first responder to search and seize the victim's computer components such as hardware, software, storage devices and documentation.

passware kit forensic

application password cracking tool which can discover all password protected items on a computer and decrypt them.

configuration information of a specific event log

c:\>wevtutil gl <log name>

.ibl

centralized binary logging is a process in which many websites write binary and unformatted log data into a single log file. Extension of such a log file is

dir /o:d

command displays info about date and time of installation of the OS along with the service packs, patches and sub directories

netstat

command line tool used to determine active network connections

WIN-CQQMK62867E is the name of the SQL server.

command sqlcmd -S WIN-CQQMK62867E -e -s"," -E -

net sessions

command that shows the username and IP address used to access the system via a remote login session and the type of client from which they are accessing the system.

running processes

data that a virtual memory would store in a windows based system.

product description

device descriptor for a 1gb thumb drive: Disk&Ven_Best_Buy%Prod_Geek_Squad_U3&Rev_6.15. "Greek_Squad" represents

capsa

device monitoring tool

volume density

does not describe the type of data density on a hard disk.

Limited admissibility

during the trial an investigator observes that one of the principal witnesses is severely ill and cannot be represented for the hearing. He decides to record the evidence and present it to the court. Under which rule should he present such evidence.

Generic Forensic Zip (gfzip)

file format that allows the user to compress the acquired data as well as keep it randomly accessible

ParentIDPrefix

found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key.

Cocoa Touch

framework used for application development for iOS based mobile devices.

cross platform correlation

help an organization correlate events across a set of servers, systems, routers and network.

tools used to bypass iPhone passcode

iPhoneBrowser, iFunBox, OpenSSHSSH, iMazing

MFT

is a non-zero data that an application allocates on a hard disk cluster in systems running on windows OS.

windows password recovery bootdisk

is a tool to reset windows admin password.

FISMA

law emphasizes the need for each Federal agency to develop, document and implement an organization-wide program to provide infosec for the information systems that support its operations and assets.

core OS

layer of iOS architecture a forensic investigator evaluates to analyze services such as threading, file access, preferences, networking and high-level features

Last -F

login and logout times and dates of the system

jv16

malware analysis operation tool that can be used for registry analysis/monitoring.

MRU

most recent actions performed by a windows user

F-Responder Imager

not a data acquisition hardware tool

Slacker

part of Metasploit framework that helps users to hide the data related to a previously deleted file or currently unused by the allocated file.

lspi.pl

perl script that help to get access to the executable image of a process.

disk degaussing

process in which an attacker uses magnetic field over the digital media device to delete any previously stored data.

cross examination

process of providing the opposing side in a trial the opportunity to question a witness

process monitoring

process that is part of dynamic malware analysis

MIME

protocol that allows non-ASCII files such as video, graphics and audio to be sent through the email messages.

lsmod

provide details of all the loaded modules on a Linux based system.

avoid detection by security mechanisms

purpose of Obfuscator in malware

HKEY_CLASSES_ROOT

registry hive that gives the configuration information about which application was used to open various files on the system

sparse or logical acquisition

retrieving only the data relevant to the investigation.

system CheckPoints required for restoring

rp.log file in windows 10

a virtual system with network simulation for internet connection

setup a tester should choose to analyze malware behavior.

statement under belief of impending death

statement does not belong to the rule 804 Hearsay Exceptions; Declarant Unavailable.

artifact wiping

technique that deletes files permanently

Dependency walker

tool appropriate for examining the dynamically linked libraries of an application or malware.

IDA Pro

tool that can reverse machine code to assembly language

SmartWhois

tool used to locate IP addresses

DCT

used by JPEG for compression

file origin and modification

when a user deletes a file, the systems creates a $l file to store its details. What does this file contain?

list of services installed

wmic service list brief | more


Related study sets

Cardiac System ch. 21, 22, 24, 26 davis book and ATI med surg book

View Set

Med-Surg: Ger:Ch 02: Cross-Cultural Caring and Aging

View Set

Chapter 2: Altered Cellular and Tissue Biology

View Set