Cyber forensics midterm

Ace your homework & exams now with Quizwiz!

Which of the following is an accurate version of Locard's Exchange Principle?

Every contact leaves a trace.

Digital evidence is always quite persistent, and there is little to no danger of it simply disappearing.

False, digital evidence can be quite evanescent.

On a Linux machine, what does the mount program do?

It allows one to mount a new filesystem for access.

What does the "file" program do on Linux?

It can discern the type of a file by various heuristics.

What does the "dd" program do on Linux?

It copies data.

What does fsck do in Linux?

It examines filesystems for problems and allows one to attempt to correct these.

On a Linux machine, what does dmesg do?

It shows messages from the boot process.

Which of the following is not a Linux distribution?

NTFS

Does the Playfair system have Feistel rounds?

No

_________ is an attempt to gull a victim into giving up personal information, usually attempted via email.

Phishing

According to the text, RAID stands for

Redundant Array of Independent Disks

Which of the following are all Internet protocols commonly used to send and retrieve in email systems?

SMTP, POP, IMAP

Randall Munroe's famous xkcd cartoon depicted above refers to whichhacking technique?

SQL injection

_________ is software that is used to maliciously monitor activity on a computer.

Spyware

T or F: The state of Florida was one of the first states to pass any laws regarding computer crime with its "Florida Computer Crimes Act."

TRUE

_____________________ is a concept in American law that evidence that hasbeen collected illegally or in violation of constitutional rights is not to be used in a prosecution.

The exclusionary rule

What is file slack?

The unused space between logical end of a file and the physical end of the file.

Which of the following is a good reason for making a hash of data?

To show that original data and copies of that data are identical.

T or F: Forensics can be viewed as the application of scientific principles in a way useful in the justice system.

True

!According to the text, a _____ is any software that self-replicated

Virus

Which of these is a true statement about volatile data?

Volatile data often can disappear when power is removed; RAM which loses state when power is lost.

In Linux ext3/ext4 filesystems, an inode stores metadata about a file, but it doesn't store

a file's name.

A! ROT13 refers to _____

a simple single-alphabet substitution cipher where all letters are just shifted thirteen places.

It is _______ for people to re-use the same password on many different systems.

common

The use of the Internet ___________________________________________________.

empowers criminals and other bad actors to operate across the world, sometimes with great impunity.

The Linux/UNIX command ________ can be used to search the contents for files, contents of files and just about anything you may want to search for.

grep

Which of the following would make a hash of a disk partition and send it to a target computer?

md5sum /dev/sda1 | nc 192.168.0.2 8888 -w 3

Which one of these is the most volatile in terms of state?

Dynamic RAM; most volatile since it requires the constant application of power to retain state. If power is lost, state starts degrading very quickly.

In newer (last five years) computers, which of these is more common for booting?

EFI/UEFI

__________ represents an attempt to prevent legitimate useof a given computer resource.

A DDoS attack

_____________ is cryptography wherein two separate but related keys are used: one to encrypt the message and another to decrypt it.

Asymmetric cryptography

Who is the author of your textbook?

Chuck Easttom

The ___________ is a cryptographic protocol that allows two parties to establish a shared key over an insecure channel.

Diffie-Hellman algorithm

Consider the following output: $ ls -d [1-3]* [a-z]*1 119 15222 183 209 235 26 281 303 33656 3452 3893 kpageflags10 12 153 184 210 236 260 2812 30683 337 35 3894 loadavg100 120 154 185 21063 238 2604 2813 30703 3379 350 39 locks101 12090 155 18589 21081 239 261 28143 309 3381 35010 3922 mdstat10162 121 156 186 211 24 26126 28157 31 3384 35044 3932 meminfo103 123 15680 188 21211 240 263 28193 310 3387 35080 3990 misc10357 124 15731 189 21229 241 264 2823 311 3388 3512 3991 modules104 125 15739 18925 213 24264 265 2824 31198 3393 35134 3995 mounts10440 126 158 19 214 243 26545 283 312 3394 3515 acpi mpt105 128 15881 190 21414 244 266 284 313 3397 35521 buddyinfo mtrr106 1285 159 191 215 245 26712 28471 31724 3398 35757 bus net108 129 160 19134 216 246 268 285 31740 3399 35807 cgroups pagetypeinfo109 13 16066 1918 218 2471 269 286 31994 34 35810 cmdline partitions10905 130 161 19297 219 24740 270 28648 31995 3400 35811 consoles sched_debug10912 13046 16117 194 22 24748 27032 288 321 3402 3582 cpuinfo schedstat11 131 16195 195 220 24749 271 29 32186 3403 3583 crypto scsi110 134 16203 19568 22000 248 273 291 32272 34043 3584 devices self111 13440 163 196 221 249 27361 292 324 3407 35847 diskstats slabinfo11113 135 164 198 223 24900 27386 2927 325 3409 35999 dma softirqs11216 136 165 199 22363 25 274 293 3268 3411 36 driver stat11219 138 166 19984 224 250 275 294 3270 34138 3602 execdomains swaps11233 13868 16606 19993 225 25002 27566 29418 3271 3418 36141 fb sys11235 139 168 2 226 251 276 295 32842 34290 36590 filesystems sysrq-trigger11260 14 169 20 228 25136 27669 2955 3299 34479 36609 fs sysvipc11296 140 170 200 229 253 27680 296 33 3448 36969 interrupts timer_list113 141 171 20003 230 25399 27681 29697 3300 34480 37287 iomem timer_stats1130 14330 174 20004 23091 254 278 297 3304 34481 37993 ioports tty11392 144 175 20022 231 25414 279 29756 3309 34482 38 ipmi uptime114 145 176 201 23108 255 27971 29763 33096 34483 38248 irq version11496 14510 178 203 23116 256 27979 298 331 34484 38459 kallsyms vmallocinfo115 146 17868 204 23144 258 28 299 33283 34485 38539 kcore vmstat11533 148 179 205 23164 25887 280 29986 3339 34487 3860 keys zoneinfo116 149 18 206 23165 259 28012 30 33503 34488 387 key-users118 150 180 208 233 25956 2807 301 3354 34489 3872 kmsg11818 151 181 2086 234 25964 2808 302 33650 34490 3892 kpagecount Which is the most likely directory that I ran the "ls" command in?

/proc on a Linux machine

An Ethernet MAC (Media Access Control) address is a __________ address that can be used to identify a network interface card (though somewhat unreliably since there's no verification of these, and mac-spoofing is quite common.)

6-byte (or 48 bit)

"John the Ripper" and "0phcrack" are examples of

password crackers

The goal of ________________ is to hide information so that even if it is intercepted, it is not clear that information is hidden there.

steganography

The above cartoon is an illustration of (on the internet, nobody knows you're a dog)

the attribution problem.


Related study sets

Integrated Course 1 - Algebra mk2

View Set

Chemistry: stupid test over information that we weren't even taught by the teacher and that i don't understand and that *********

View Set

Foundations of independent audit of AI Systems

View Set

Chapter 7 - Inventory (Cost Measurement & Flow Assumption)

View Set

Marketing Research: Chapter 5: Descriptive and Causal Research Designs

View Set

Professional Values, Ethics, and Professional Relationships

View Set