Which password cracking technique uses details such as length of password, character sets used to construct the password, etc.?
Which of the following is a tool to reset Windows admin password?
Amber, a black hat hacker, has embedded a malware into a small enticing advertisement and posted it on a popular ad-network that displays across various websites. What is she doing?
In both pharming and phishing attacks an attacker can create websites that look similar to legitimate sites with the intent of collecting personal identifiable information from its victims. What is the difference between pharming and phishing attacks?
Identify the location of Recycle Bin on a Windows 7 machine that uses NTFS file system to store and retrieve files on the hard disk.
Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files. What would this attack on the company PBX system be called?
Wireless access control attacks aim to penetrate a network by evading WLAN access control measures such as AP MAC filters and Wi-Fi port access controls. Which of the following wireless access control attacks allow the attacker to set up a rogue access point outside the corporate perimeter and then lure the employees of the organization to connect to it?
What layer of the OSI model do TCP and UDP utilize?
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?
When should an MD5 hash check be performed when processing evidence?
What is the size value of a nibble?
When marking evidence that has been collected with the â€œaaa/ddmmyy/nnnn/zzâ€ format, what does the â€œnnnnâ€ denote?
Which of the following commands shows you all of the network services running on Windows-based servers?
Billy, a computer forensics expert, has recovered a large number of DBX files during the forensic investigation of a laptop. Which of the following email clients can he use to analyze the DBX files?
Which among the following is an act passed by the U.S. Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations?
What technique is used by JPEGs for compression?
Which of the following reports are delivered under oath to a board of directors/managers/panel of the jury?
Which of the following are small pieces of data sent from a website and stored on the userâ€™s computer by the userâ€™s web browser to track, validate, and maintain specific user information?
Malware analysis can be conducted in various manners. An investigator gathers a suspicious executable file and uploads It to VirusTotal in order to confirm whether the file Is malicious, provide information about Its functionality, and provide Information that will allow to produce simple network signatures. What type of malware analysis was performed here?
Consider a scenario where a forensic investigator is performing malware analysis on a memory dump acquired from a victims computer. The investigator uses Volatility Framework to analyze RAM contents; which plugin helps investigator to identify hidden processes or injected code/DLL in the memory dump?
An EC2 instance storing critical data of a company got infected with malware. The forensics team took the EBS volume snapshot of the affected Instance to perform further analysis and collected other data of evidentiary value. What should be their next step?
Where are files temporarily written in Unix when printing?
John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder should John write in the guidelines to be used when destroying documents?
During a forensic investigation, a large number of files were collected. The investigator needs to evaluate ownership and accountability of those files. Therefore, he begins to Identify attributes such as "author name," "organization name." "network name," or any additional supporting data that is meant for the owner's Identification purpose. Which term describes these attributes?
When installed on a Windows machine, which port does the Tor browser use to establish a network connection via Tor nodes?
Which among the following tools can help a forensic investigator to access the registry files during postmortem analysis?
Raw data acquisition format creates _________ of a data set or suspect drive.
Adam Is thinking of establishing a hospital In the US and approaches John, a software developer to build a site and host it for him on one of the servers, which would be used to store patient health records. He has learned from his legal advisors that he needs to have the server's log data reviewed and managed according to certain standards and regulations. Which of the following regulations are the legal advisors referring to?
Jeff is a forensics investigator for a government agency's cyber security office. Jeff Is tasked with acquiring a memory dump of a Windows 10 computer that was involved In a DDoS attack on the government agency's web application. Jeff is onsite to collect the memory. What tool could Jeff use?
Maria has executed a suspicious executable file In a controlled environment and wants to see if the file adds/modifies any registry value after execution via Windows Event Viewer. Which of the following event ID should she look for In this scenario?
Which of the following statements is true with respect to SSDs (solid-state drives)?
A forensic analyst has been tasked with investigating unusual network activity Inside a retail company's network. Employees complain of not being able to access services, frequent rebooting, and anomalies In log files. The Investigator requested log files from the IT administrator and after carefully reviewing them, he finds the following log entry:
What type of attack was performed on the companies' web application?
Harry has collected a suspicious executable file from an infected system and seeks to reverse its machine code to Instructions written in assembly language. Which tool should he use for this purpose?
On Linux/Unix based Web servers, what privilege should the daemon service be run under?
You are a forensic investigator who is analyzing a hard drive that was recently collected as evidence. You have been unsuccessful at locating any meaningful evidence within the file system and suspect a drive wiping utility may have been used. You have reviewed the keys within the software hive of the Windows registry and did not find any drive wiping utilities. How can you verify that drive wiping software was used on the hard drive?
An expert witness is a __________________ who is normally appointed by a party to assist the formulation and preparation of a partyâ€™s claim or defense.
How will you categorize a cybercrime that took place within a CSPâ€™s cloud environment?
Data density of a disk drive is calculated by using_______
Which cloud model allows an investigator to acquire the instance of a virtual machine and initiate the forensics examination process?
Which of the following files contains the traces of the applications installed, run, or uninstalled from a system?
Which command can provide the investigators with details of all the loaded modules on a Linux-based system?
What do you call the process in which an attacker uses magnetic field over the digital media device to delete any previously stored data?
In which registry does the system store the Microsoft security IDs?
Which program uses different techniques to conceal a malware's code, thereby making it difficult for security mechanisms to detect or remove it?
What does the command â€œC:\>wevtutil gl
Rusty, a computer forensics apprentice, uses the command nbtstat â€“c while analyzing the network information in a suspect system. What information is he looking for?
%3cscript%3ealert(â€XXXXXXXXâ€)%3c/script%3e is a script obtained from a Cross-Site Scripting attack. What type of encoding has the attacker employed?
Which of the following information is displayed when Netstat is used with -ano switch?
Files stored in the Recycle Bin in its physical location are renamed as Dxy.ext, where â€œxâ€ represents the ___________________.
What is the default IIS log location?
If you are concerned about a high level of compression but not concerned about any possible data loss, what type of compression would you use?
What does 254 represent in ICCID 89254021520014515744?
Which network attack is described by the following statement?
â€œAt least five Russian major banks came under a continuous hacker attack, although online client services were not disrupted. The attack came from a wide-scale botnet involving at least 24,000 computers, located in 30 countries.â€
You are the incident response manager at a regional bank. While performing routine auditing of web application logs, you find several attempted login submissions that contain the following strings:
What kind of attack has occurred?
On NTFS file system, which of the following tools can a forensic Investigator use In order to identify timestomping of evidence files?
Jack is reviewing file headers to verify the file format and hopefully find more Information of the file. After a careful review of the data chunks through a hex editor; Jack finds the binary value Oxffd8ff. Based on the above Information, what type of format is the file/image saved as?
Which OWASP loT vulnerability talks about security flaws such as lack of firmware validation, lack of secure delivery, and lack of anti-rollback mechanisms on loT devices?
A file requires 10 KB space to be saved on a hard disk partition. An entire cluster of 32 KB has been allocated for this file. The remaining, unused space of 22 KB on this cluster will be Identified as______.
For the purpose of preserving the evidentiary chain of custody, which of the following labels is not appropriate?
Which following forensic tool allows investigator to detect and extract hidden streams on NTFS drive?
To which phase of the computer forensics investigation process does "planning and budgeting of a forensics lab" belong?
What command-line tool enables forensic Investigator to establish communication between an Android device and a forensic workstation in order to perform data acquisition from the device?
Which Federal Rule of Evidence speaks about the Hearsay exception where the availability of the declarant Is immaterial and certain characteristics of the declarant such as present sense Impression, excited utterance, and recorded recollection are also observed while giving their testimony?
______allows a forensic investigator to identify the missing links during investigation.
In which loT attack does the attacker use multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks?
Place the following In order of volatility from most volatile to the least volatile.
diskcopy is a STANDARD DOS utility. C:\WINDOWS>diskcopy /? Copies the contents of one floppy disk to another.
Which part of the Windows Registry contains the user's password file?
Area density refers to:
James is testing the ability of his routers to withstand DoS attacks. James sends ICMP ECHO requests to the broadcast address of his network. What type of DoS attack is James testing against his network?
Jonathan is a network administrator who is currently testing the internal security of his network. He is attempting to hijack a session, using Ettercap, of a user connected to his Web server. Why will Jonathan not succeed?
____________________ is simply the application of Computer Investigation and analysis techniques in the interests of determining potential legal evidence.
A packet is sent to a router that does not have the packet destination address in its route table.
How will the packet get to its proper destination?
You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?
In a FAT32 system, a 123 KB file will use how many sectors?
Printing under a Windows Computer normally requires which one of the following files types to be created?
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?
You are carrying out the last round of testing for your new website before it goes live. The website has many dynamic pages and connects to a SQL backend that accesses your product inventory in a database. You come across a web security site that recommends inputting the following code into a search field on web pages to check for vulnerabilities: When you type this and click on search, you receive a pop-up window that says: "This is a test."
What is the result of this test?
What type of file is represented by a colon (:) with a name following it in the Master File Table of NTFS disk?
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test.
The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable. What kind of results did Jim receive from his vulnerability analysis?
Which of the following should a computer forensics lab used for investigations have?
George is performing security analysis for Hammond and Sons LLC. He is testing security vulnerabilities of their wireless network. He plans on remaining as "stealthy" as possible during the scan. Why would a scanner like Nessus is not recommended in this situation?
What binary coding is used most often for e-mail purposes?
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
When reviewing web logs, you see an entry for resource not found in the HTTP status code filed.
What is the actual error code that you would see in the log for resource not found?
You have completed a forensic investigation case. You would like to destroy the data contained in various disks at the forensics lab due to sensitivity of the case. How would you permanently erase the data on the hard disk?
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?
Jason is the security administrator of ACMA metal Corporation. One day he notices the company's Oracle database server has been compromised and the customer information along with financial data has been stolen. The financial loss will be in millions of dollars if the database gets into the hands of the competitors. Jason wants to report this crime to the law enforcement agencies immediately.
Which organization coordinates computer crimes investigations throughout the United States?
Windows identifies which application to open a file with by examining which of the following?
You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?
You are assisting in the investigation of a possible Web Server Hack. The company who called you stated that customers reported to them that whenever they entered the web address of the company in their browser, what they received was a porno graphic web site. The company checked the web server and nothing appears wrong. When you type in the IP address of the web site in your browser everything appears normal. What is the name of the attack that affects the DNS cache of the name resolution servers, resulting in those servers directing users to the wrong web site?
As a security analyst, you setup a false survey website that will require users to create a username and a strong password. You send the link to all the employees of the company. What information will you be able to gather?
Consider that you are investigating a machine running an Windows OS released prior to Windows Vista. You are trying to gather information about the deleted files by examining the master database file named INFO2 located at C:\Recycler\
In a computer that has Dropbox client installed, which of the following files related to the Dropbox client store information about local Dropbox installation and the Dropbox user account, along with email IDs linked with the account?
What does the 188.8.131.52(445) denote in a Cisco router log?
Jun 19 23:25:46.125 EST: %SEC-4-IPACCESSLOGP: list internet-inbound denied udp 184.108.40.206(8084) -> 220.127.116.11(445), 1 packet
What must an attorney do first before you are called to testify as an expert?
What do you call the process of studying the changes that have taken place across a system or a machine after a series of actions or incidents?
After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?
Which of the following tool can reverse machine code to assembly language?
> NMAP -sn 192.168.11.200-215 The NMAP command above performs which of the following?
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?
Analyze the hex representation of mysql-bin.000013 file in the screenshot below. Which of the following will be an inference from this analysis?