Info and Network Security Chapter 14

Ace your homework & exams now with Quizwiz!

The Linux log file that contains activity related to the web server is ______. /var/log/apport.log /var/log/kern.log /var/log/lighttpd/* /var/log/apaches/*

/var/log/apaches/*

The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________. /var/log/lighttpd/* /var/log/apache2/* /var/log/apport.log /var/log/kern.log

/var/log/apport.log

Ian is performing a forensic examination on a Linux server. He is trying to recover emails. Where does Linux store email server logs? /mail/log/mail.* /etc/log/mail.* /var/log/mail.* /server/log/mail.*

/var/log/mail.*

Which of the following are important to the investigator regarding logging? The logging methods Log retention Location of stored logs All of the above

All of the above

Mahmoud is using a range of Windows utilities to extract information from a computer he is triaging. He has just used the Openfiles command. The command Openfiles shows what? Any files that are opened Any shared files that are opened Any system files that are opened Any files open with ADS

Any shared files that are opened

In Windows, the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log. ForwardedEvents Application Applications and services System

Applications and services

Documentation of every person who had access to evidence, how they interacted with it, and where it was stored is called the ________________. Forensic trail Hiking trail Audit trail Chain of custody

Chain of custody

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court? Policy of separation Rules of evidence Law of probability Chain of custody

Chain of custody

_________ can include logs, portable storage, emails, tablets, and cell phones. Network devices Computer evidence Ancillary hardware Security kit

Computer evidence

"Interesting data" is what Pornography Schematics or other economic-based information Documents, spreadsheets, and databases Data relevant to your investigation

Data relevant to your investigation

_______ is a free tool that can be used to recover Windows files. Disk Digger FileRecover SearchIt Outlook

Disk Digger

In Linux the command to set up a target forensics server to receive a copy of a drive is dd. True False

False

Most Windows logs are turned on automatically. True False

False

The Windows command fc lists all active sessions to the computer. True False

False

netstat is a command you can use with a forensic copy of a machine to compare two files. True False

False

You may use Linux to make a ______________ of the hard drive. Screen shot Bootable copy Forensically valid copy New version

Forensically valid copy

In Windows the log that contains events collected from remote computers is the ____________ log. Applications and services Application System Forwarded Events

Forwarded Events

Pedro is examining a Windows 7 computer. He has extracted the index.dat file and is examining that file. What is in the Index.dat file? General Internet history, file browsing history, and so on for a Linux machine All web history for Firefox Internet Explorer information General Internet history, file browsing history, and so on for a Windows machine

General Internet history, file browsing history, and so on for a Windows machine

Why should you note all cable connections for a computer you want to seize as evidence? To know what outside connections existed To know what hardware existed In case other devices were connected To know what peripheral devices exist

In case other devices were connected

If you fail to handle evidence properly ___________. You will be part of crime. Law enforcement may not look at it. It may be unusable in court. You may damage the hard drive.

It may be unusable in court.

When cataloging digital evidence, the primary goal is to do what? Prohibit the computer from being turned off Make bitstream images of all hard drives. Preserve evidence integrity Avoid removing the evidence from the scene

Preserve evidence integrity

Usually, the first thing you do to a computer to prevent further tampering is to _________. Make a backup Take it offline Lock it in a secure room. Make a copy

Take it offline

Frequently the first responder to a computer crime is ________. The network administrator. The news media College students A law enforcement officer

The network administrator.

Frequently the first responder to a computer crime is the network administrator. True False

True

Older versions of Internet Explorer stores web browsing information in a file called index.dat. True False

True

The Windows Registry contains a list of USB devices that have been connected to the machine. True False

True

The Windows Registry lists USB devices that have been connected to the machine. True False

True

The chain of custody accounts for the handling of evidence from the moment of seizure until it is presented in court, and documents that handling. True False

True

Windows logging can be turned on and off with a tool called auditpol.exe. True False

True

Using Linux to wipe the target drive, the command-line command would be ___ . cc md5sum dd nd

dd

What is the name of the Standard Linux command that is also available as a Windows application that can be used to create bitstream images and make a forensic copy? image mcopy MD5 dd

dd

Windows stores information on web address, search queries, and recently opened files in a file called___________. index.dat default.dat internet.txt explore.exe

index.dat

Using Linux to backup your hard drive, if you want to create a hash, you would use the command-line command ___________. md5sum nd cc dd

md5sum

Using Linux to backup your hard drive, if you want to create a hash, you would use the command-line command ___________. nd md5sum dd cc

md5sum

The Windows command to list any shared files that are currently open is ___________. netstat opennfiles fc ping

opennfiles


Related study sets

Micro Chapter 9 - Quiz and Homework Questions

View Set

POLS 2306 - TX Gov - CH 12 Criminal Justice Policy in Texas

View Set

MCAT - CARS (Critical Analysis & Reasoning Skills)

View Set

A Tale of Two Cities Book the Third Quotes

View Set

J1100 Final Review (tests 1+2 answers)

View Set

Aircraft Required Documents | SPARROW

View Set