Computer Security Quiz 12

Ace your homework & exams now with Quizwiz!

If you fail to handle evidence properly __________. --None of these. --Law enforcement may not look at it --You may damage the hard drive --It may be unusable in court

It may be unusable in court

T/F: Frequently, the first responder to a computer crime is the network administrator.

True

T/F: The Windows Registry contains a list of USB devices that have been connected to the machine.

True

T/F: The Windows Registry is organized into five sections referred to as hives.

True

T/F: The chain of custody documents the handling of evidence from the moment of seizure until it is presented in court.

True

T/F: Windows logging can be turned on and off with a tool called auditpol.exe.

True

T/F: Windows stores information such as web addresses, search queries, and recently opened files in a file called index.dat.

True

Use the Linux __________ command-line command to wipe the target drive in a forensics examination. --cc --dd --aa --md5sum

dd

The Linux log file that contains activity related to the web server is __________. --/var/log/lpr.log --/var/log/apache2/* --/var/log/apport.log --/var/log/kern.log

/var/log/apache2/*

T/F: In Linux, you use the dd command to set up a target forensics server to receive a copy of a drive.

False

T/F: Most Windows logs are turned on automatically.

False

T/F: The Windows fc command lists any active sessions connected to a computer.

False

T/F: You use the netstat command with a forensic copy of a machine to compare two files and show the differences.

False

Windows stores information on web addresses, search queries, and recently opened files in a file called__________. --explore.exe --default.dat --internet.txt --index.dat

index.dat

Use the Linux __________ command-line command to back up your hard drive if you want to create a hash. --dd --ac --md5sum --cc

md5sum

Documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the __________. --Forensic trail --Chain of custody --Inspection report --Audit trail

Chain of custody

__________ can include logs, portable storage devices, emails, tablets, and cell phones. --Network devices --Computer evidence --The Windows Registry --Ancillary hardware

Computer evidence

__________ is a free tool that can be used to recover Windows files. --SearchIt --FTK Imager --FileRecover --DiskDigger

DiskDigger

Which cell phone state identified by the U.S. National Institute of Standards is a dormant mode that conserves battery life while maintaining user data and performing other background functions? --Quiescent --Nascent/factory default --Semi-active --Active

Quiescent

Usually, the first thing you do to a computer to prevent further tampering is to __________. --Lock it in a secure room --Take it offline --Make a copy --Make a backup

Take it offline


Related study sets

PrepU Chapter 29: Management of Patients With Complications from Heart Disease

View Set

Contracción de músculo esquelético

View Set

Med Surg Ch. 52 Endocrine Disorders

View Set

Chapter 21; Sterilization and Surgical Instruments

View Set

English Download B1 Vocabulary 1 (Unit 2)

View Set