Question 1

Windows stores information on web address,search queries,and recently opened files in a file called___________.&#10;A)internet.txt&#10;B)index.dat&#10;C)default.dat&#10;D)explore.exe

Accepted Answer

The file "index.dat" is used by Windows to store information about web addresses, search queries, and recently opened files.

Question 2

Windows stores web browsing information in a file called index.dat.

Accepted Answer

Windows uses the index.dat file to store data related to Internet Explorer's browsing history, cache, and cookies, making it a repository for web browsing information.

Question 3

netstat is a command you can use with a forensic copy of a machine to compare two files.

Accepted Answer

Netstat is a command-line tool used for displaying network connections, routing tables, interface statistics, masquerade connections, and multicast memberships, not for comparing two files.

Question 4

Frequently the first responder to a computer crime is ________.&#10;A)The network administrator&#10;B)A law enforcement officer&#10;C)The news media&#10;D)None of the above

Accepted Answer

The network administrator is often the first to detect anomalies indicating a computer crime, due to their role in monitoring and managing network systems.

Question 5

Usually,the first thing you do to a computer to prevent further tampering is to _________.&#10;A)Make a backup.&#10;B)Make a copy.&#10;C)Take it offline.&#10;D)Lock it in a secure room.

Accepted Answer

Taking a computer offline is the first step in preventing further tampering, as it isolates the system from any network connections, stopping remote access or data breaches.

Question 6

If you fail to handle evidence properly ___________.&#10;A)You may damage the hard drive.&#10;B)It may be unusable in court.&#10;C)Law enforcement may not look at it.&#10;D)None of the above.

Accepted Answer

Improper handling of evidence can lead to it being considered inadmissible or unusable in court due to potential contamination or questions regarding its integrity and chain of custody.

Question 7

The Windows command fc lists all active sessions to the computer.

Accepted Answer

The Windows command "fc" is used to compare two files and list their differences, not to list active sessions to the computer.

Question 8

Windows logging can be turned on and off with a tool called auditpol.exe.

Accepted Answer

Auditpol.exe is a command-line tool in Windows that allows users to manage audit policies, including turning logging on and off for different types of events.

Question 9

Using Linux to backup your hard drive,if you want to create a hash,you would use the command-line command ___________.&#10;A)cc&#10;B)dd&#10;C)nd&#10;D)md5sum

Accepted Answer

The command "md5sum" is used to create a hash of a file in Linux, which can be useful for verifying the integrity of a backup.

Question 10

In Linux the command to set up a target forensics server to receive a copy of a drive is dd.

Accepted Answer

The `dd` command in Linux is used for copying and converting files but not specifically for setting up a target forensics server to receive a copy of a drive. For setting up a server to receive a disk image over the network, tools like `netcat` or `nc` are commonly used in combination with `dd`.

Question 11

_________ can include logs,portable storage,emails,tablets,and cell phones.&#10;A)Computer evidence&#10;B)Ancillary hardware&#10;C)Network devices&#10;D)None of the above

Accepted Answer

The answer of _________ can include logs,portable storage,emails,tablets,and cell phones.&#10;A)Computer...

Question 12

You may use Linux to make a ______________ of the hard drive.&#10;A)Bootable copy&#10;B)Screen shot&#10;C)New version&#10;D)Forensically valid copy

Accepted Answer

The answer of You may use Linux to make a...

Question 13

In Windows,the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log.&#10;A)Application&#10;B)System&#10;C)Forwardedevents&#10;D)Applications and services

Accepted Answer

The answer of In Windows,the log that stores events from...

Question 14

Most Windows logs are turned on automatically.

Accepted Answer

The answer of Most Windows logs are turned on automatically....

Question 15

The chain of custody accounts for the handling of evidence and documents that handling.

Accepted Answer

The answer of The chain of custody accounts for the...

Question 16

The Windows Registry lists USB devices that have been connected to the machine.

Accepted Answer

The answer of The Windows Registry lists USB devices that...

Question 17

Frequently the first responder to a computer crime is the network administrator.

Accepted Answer

The answer of Frequently the first responder to a computer...

Question 18

Documentation of every person who had access to evidence,how they interacted with it,and where it was stored is called the ________________.&#10;A)Forensic trail&#10;B)Chain of custody&#10;C)Audit trail&#10;D)None of the above

Accepted Answer

The answer of Documentation of every person who had access...

Question 19

Using Linux to wipe the target drive,the command-line command would be ___ .&#10;A)cc&#10;B)dd&#10;C)nd&#10;D)md5sum

Accepted Answer

The answer of Using Linux to wipe the target drive,the...

Question 20

The Windows Registry contains a list of USB devices that have been connected to the machine.

Accepted Answer

The answer of The Windows Registry contains a list of...

Question 21

In Windows the log that contains events collected from remote computers is the ____________ log.&#10;A)Application&#10;B)System&#10;C)Forwardedevents&#10;D)Applications and services

Accepted Answer

The answer of In Windows the log that contains events...

Question 22

_______ is a free tool that can be used to recover Windows files.&#10;A)SearchIt&#10;B)Disk Digger&#10;C)FileRecover&#10;D)None of the above

Accepted Answer

The answer of _______ is a free tool that can...

Question 23

The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________.&#10;A)/var/log/kern.log&#10;B)/var/log/apache2/*&#10;C)/var/log/lighttpd/*&#10;D)/var/log/apport.log

Accepted Answer

The answer of The Linux log file that can reveal...

Question 24

The Linux log file that contains activity related to the web server is ______.&#10;A)/var/log/kern.log&#10;B)/var/log/apache2/*&#10;C)/var/log/lighttpd/*&#10;D)/var/log/apport.log

Accepted Answer

The answer of The Linux log file that contains activity...

Question 25

The Windows command to list any shared files that are currently open is ___________.&#10;A)openfiles&#10;B)fc&#10;C)netstat&#10;D)None of the above

Accepted Answer

The answer of The Windows command to list any shared...

Deck 14: Introduction to Forensics