Forensic Analysis Flashcards
(12 cards)
Where are local passwords stored for the Windows operating system?
SAM file in \Windows\System32\
A forensic examiner wants to try to extract passwords for wireless networks to which a system was connected. Where should passwords for wireless networks be stored on a Windows XP system?
Registry
Which Windows password cracking tool uses rainbow tables?
Ophcrack
What should a forensic investigator use to gather the most reliable routing information for tracking an email message?
Email header
Which activity involves email tracing?
Determining the ownership of the source email server
A forensic examiner reviews a laptop running OS X which has been compromised. The examiner wants to know if there were any mounted volumes created from USB drives. Which digital evidence should be reviewed?
/var/log
Which log or folder contains information about printed documents on a computer running Mac OS X?
/var/spool/cups
Which Windows event log should be checked for evidence of invalid logon attempts?
Security
A cyber security organization has issued a warning about a cybercriminal who is using a known vulnerability to attack unpatched corporate Macintosh systems. A network administrator decides to examine the software updates logs on a Macintosh system to ensure the system has been patched. Which folder contains the software updates logs?
/Library/Receipts
A forensic investigator is assigned the task of unlocking a locked Apple iPod Touch 4G. Which forensic tool should the investigator use?
Pwnage
An investigator wants to extract information from a mobile device by connecting it to a computer. What should the investigator take great care to ensure?
That the mobile device does not synchronize with the computer
Which state is a device in if it is powered on, performing tasks, and able to be manipulated by the user?
Active
