Digital Forensics Quiz 9-12
____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity. HTML editors, hexadecimal editors Digital forensics tools, hexadecimal editors Hexadecimal editors, digital forensics tools High-level languages, assembler
" "Digital forensics tools, hexadecimal editors
Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations. DataPilot MOBILedit! BitPim E3:DS
" "E3:DS
The ____ digital network, a faster version of GSM, is designed to deliver data. TDMA D-AMPS EDGE iDEN
" "EDGE
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive. command-line GUI prompt-based shell-based
" "GUI
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. Honeyweb Honeypot Honeywall Honeynet
" "Honeynet
TDMA refers to the ____ standard, which introduced sleep mode to enhance battery life. IS-136 IS-195 IS-236 IS-361
" "IS-136
The 3G standard was developed by the ____ under the United Nations. International Telecommunications Union Global System Communications Industry Global Telecommunications Association Telecommunications Industry Association
" "International Telecommunications Union
The SIM file structure begins with the root of the system (____). EF MF DF DCS
" "MF
After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____. vim Notepad+ Nano TextEdit
" "Notepad+
Most packet analyzer tools can read anything captured in ____ format. Pcap DOPI AIATP SYN
" "Pcap
____ cards are usually found in GSM devices and consist of a microprocessor and internal memory. SIM SDD SD MMC
" "SIM
In a(n) ____ attack, the attacker keeps asking your server to establish a connection. brute-force attack ACK flood PCAP attack SYN flood
" "SYN flood
Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel. Time Division Multiple Access Orthogonal Frequency Division Multiplexing Enhanced Data GSM Environment Code Division Multiple Access
" "Time Division Multiple Access
In Facebook the ____ info simply tells you the last time a person logged on. Neoprint extended subscriber basic subscriber advanced subscriber
" "basic subscriber
The data-hiding technique ____ changes data from readable code to data that looks like binary executable code. partition-shifting partition hiding bit-shifting marking bad clusters
" "bit-shifting
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. temporary checkpoint milestone tracking
" "checkpoint
You begin a digital forensics case by creating a(n) ____. risk assessment report investigation report investigation plan evidence custody form
" "investigation plan
Mobile devices can range from simple phones to ____. smartphones flip phones PDAs feature phones
" "smartphones
____ is a good tool for extracting information from large Libpcap files. tcpslice memfetch john oinkmaster
" "tcpslice
Exchange logs information about changes to its data in a(n) ____ log. tracking transaction checkpoint communication
" "transaction
Criminal investigations are limited to finding data defined in the search ____. order warrant rule scope
" "warrant
In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI. .edb .cfg .mbx .mapi
" ".edb
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. .msg .eml .pst .ost
" ".pst
By the end of 2008, mobile phones had gone through three generations: analog, digital personal communications service (PCS), and ____. D-AMPS CDMA OFDM 3G
" "3G
____ is a session data probe, collector, and analysis tool. Nmap Pcap TCPcap Argus
" "Argus
People who want to hide data can also use advanced encryption programs, such as PGP or ____. FTK PRTK BestCrypt NTI
" "BestCrypt
____ attacks use every possible letter, number, and character found on a keyboard when cracking a password. Dictionary Profile Brute-force Statistics
" "Brute-force
____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size. Circular logging Automatic logging Server logging Continuous logging
" "Circular logging
The ____ network is a digital version of the original analog standard for cell phones. EDGE TDMA D-AMPS CDMA
" "D-AMPS
____ is a layered network defense strategy developed by the National Security Agency (NSA). Order of volatility Anti-Rootkit Defense in Depth PsShutdown
" "Defense in Depth
Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically. ROM EEPROM EROM PROM
" "EEPROM
____ is a tool for viewing network traffic graphically. john Etherape Ethereal Tcpdump
" "Etherape
Marking bad clusters data-hiding technique is more common with ____ file systems. HFS FAT NTFS Ext2fs
" "FAT
____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question. Email trafficking Email forensics Forensic linguistics Communication forensics
" "Forensic linguistics
AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data. NSRL KFF PKFT NTI
" "KFF
Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values. AES SSH SSL MD5
" "MD5
____ is a forensics software tool containing a built-in write blocker. GSMCon SIMedit 3GPim MOBILedit
" "MOBILedit
Mandiant ____ lists all open network sockets, including those hidden by rootkits. R-Tools Knoppix EnCase Memoryze
" "Memoryze
A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones. MOBILedit Forensic Micro Systemation XRY DataPilor BitPim
" "Micro Systemation XRY
To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message. Advanced Message Properties More General Preferences
" "More
In a Windows environment, BitPim stores files in ____ by default. My Documents\BitPim My Documents\BitPim\Files My Documents\BitPim\Forensics Files My Documents\Forensics Files\BitPim
" "My Documents\BitPim
To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes. NSRL NRP YAFF UFSL
" "NSRL
____ was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files. Tcpdump Netdude Etherape Ethertext
" "Netdude
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. Broadcast forensics Network forensics Computer forensics Traffic forensics
" "Network forensics
____ determines how long a piece of information lasts on a system. Continuity level Order of volatility Liveness Longevity
" "Order of volatility
For personal use, ____ have been replaced by iPods, iPads, and other mobile devices. SDHCs MMCs CFs PDAs
" "PDAs
____ are devices or software placed on a network to monitor traffic. Packet analyzers Bridges Hubs Honeypots
" "Packet analyzers
____ recovery is becoming more common in digital forensic analysis. Image Data Password Partition
" "Password
To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The ""Internet headers"" text box at the bottom of the dialog box contains the message header. Options Properties Message Source Details
" "Properties
____ alters hash values, which makes cracking passwords more difficult. Hybrid attack Rainbow table Salting passwords PRTK
" "Salting passwords
____ increases the time and resources needed to extract, analyze, and present evidence. Investigation plan Litigation path Court order for discovery Scope creep
" "Scope creep
To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____. More options Show original Message properties Options
" "Show original
____ is defined as hiding messages in such a way that only the intended recipient knows the message is there. Marking bad clusters Encryption Steganography Bit shifting
" "Steganography
The ____ digital network divides a radio frequency into time slots. TDMA EDGE FDMA CDMA
" "TDMA
A common way of examining network traffic is by running the ____ program. Coredump Slackdump Netdump Tcpdump
" "Tcpdump
Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____. Telecommunications Industry Association Global System Communications Industry International Telecommunications Union Global Telecommunications Association
" "Telecommunications Industry Association
____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage. Type 4 Type 3 Type 1 Type 2
" "Type 1
Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military. BitPim MOBILedit Forensics UFED Reader DataPilot
" "UFED Reader
Intel ____ has responded to the need for security and performance by producing different CPU designs. Parallels Virtualization Hyper-V KVM Virtualization Technology (VT)
" "Virtualization Technology (VT)
Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo! Twitter Greatmail Zoho Facebook
" "Zoho
E-mail messages are distributed from a central server to many connected client computers, a configuration called ____. peer-to-peer architecture client/server architecture client architecture central distribution architecture
" "client/server architecture
The files that provide helpful information to an e-mail investigation are log files and ____ files. .rts scripts batch configuration
" "configuration
One way to hide partitions is with the Windows disk partition utility, ____. diskpart Norton DiskEdit System Commander PartitionMagic
" "diskpart
Data ____ involves changing or manipulating a file to conceal information. integrity recovery hiding creep
" "hiding
The file system for a SIM card is a ____ structure. hierarchical volatile circular linear
" "hierarchical
The software that runs virtual machines is called a ____. computer server hypervisor host
" "hypervisor
Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure. key escrow password backup steganography key splitting
" "key escrow
Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. SMTP POP3 mbox MIME
" "mbox
The term ____ comes from the Greek word for "hidden writing." hashing escrow steganography creep
" "steganography
In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover. investigation plans subpoenas scope creeps risk assessment reports
" "subpoenas
____ can be programmed to examine TCP headers to fin the SYN flag. Memorizer memfetch tethereal john
" "tethereal
____ is a way to verify the names of domains a message is flowing through. www.google.com www.juno.com www.dkim.org www.whatis.com
" "www.dkim.org
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack. ISPs soldiers zombies pawns
" "zombies
____ hide the most valuable data at the innermost part of the network. Protocols Firewalls NAT Layered network defense strategies
"Layered network defense strategies
WinHex provides several hashing algorithms, such as MD5 and ____. CRC SHA-1 AES RC4
" " SHA-1
____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside. /etc/syslog.conf /var/log/maillog /etc/sendmail.cf /etc/var/log/maillog
" "/etc/sendmail.cf
Typically, UNIX installations are set to store logs in the ____ directory. /log /etc/var/log /etc/Log /var/log
" "/var/log
Most packet analyzers operate on layer 2 or ____ of the OSI model. 1 3 5 7
" "3
In an e-mail address, everything after the ____ symbol represents the domain name. - # . @
" "@
Developed during WWII, this technology,____, was patented by Qualcomm after the war. GSM iDEN CDMA EDGE
" "CDMA
