Set 4

Question 1

What is Lockard’s exchange principle?

Answer 1

If something is taken than there will be a trace of evidence.

Question 2

While dinner with her family, tw police officers want to search her rouse with a warrant and without consent, what is this called?

Answer 2

unreasonable search 4th amendment violation

Question 3

In 2020 a driver ran a light, the driver of other car must have medical care, the drunk driver is sued under ____ law.

Answer 3

tort

Question 4

What are the 5 w h?

Answer 4

who, what, when, where, how

Question 5

Dr cooper dark matter uses scientific method, wht is first step of scientific method?

Answer 5

Ask a question

Question 6

George is ist for company as the forensic analyst he is not responsible for,

Discovering malicious activity
Getting systems back online
Ensuring all collected evidence follows chain of custody

Answer 6

Ensuring all collected evidence follows chain of custody

Question 7

Local police department, police investigated crime scene murder, the dfi goes inside victims office what two things does he do?

sean does a memory dump,
sean is performing live collection,
dead collection,
sean does not require a warrant,

Answer 7

sean is performing live collection
sean does not require a warrant

Question 8

Convert 34 to binary

convert 1001010 to decimal

Answer 8

100010

74

Question 9

First bytes of a file are called?

Answer 9

Magic bytes, they tell the OS what kind of file it is

Question 10

What isn’t an anti forensics technique?

data wiping,
physical destruction,
defragmentation,
encryption

Answer 10

defragmentation

Question 11

What must be completed each time evidence is moved?

Answer 11

chain of custody

Question 12

What are the different phases of the forensic analyst process, 6 of them?

Answer 12

pre-investigation,
preparing the investigation,
search and seizure,
analyze,
report and testify,
post investigation

Question 13

Certified data forensic lab has what accredited standard,

Answer 13

iso-eic-17025,

Question 14

Cluley works in data forensics lab, collects and retrieves digital evidence, called to testify in court. What fits him?

officer,
manager,
analyst,
investigator

Answer 14

analyst

Question 15

Melissa works in data forensics lab, she collects and preserves digital evidence, called to testify in court. What is she?

officer,
manager,
analyst
investigator

Answer 15

investigator

Question 16

What isn’t a Technical control?

Intrusion detection,
backups,
emergency repose procedures,

Answer 16

emergency repose procedures,

Question 17

Police department team want to investigate crime scene goes into victim office and see laptop is turned on but screen is blank, what to do?

Answer 17

Move the mouse

Question 18

Data forensics analyst investigate corporate and look at suspicious, employee internet activity on watchlist, before you got further you must get permission from _____

Answer 18

hr and legal

Question 19

What equipment to use not contaminate digital evidence?

write blocker,
diode,
FTK

Answer 19

Write blocker

Question 20

Detective gets info that gang has stolen computers, before officers can enter they must get a warrant, an affidavit is needed, what does detective need to get a warrant?

Answer 20

Probable cause

Question 21

Officer spots suspects loading computers into a truck what allows officers to search truck?

Answer 21

exigent cicumstances

Question 22

Computers are outside the warehouse victims name is on the computer?

Answer 22

plain view doctrine

Question 23

Tcp and udp operate in what layer?

Answer 23

the 4th layer or transport layer

Question 24

Which is not considered a common data acquisition practice?

making a true copy,
making a copy of a copy,
ensuring mace attributes are unchanged,
downloading an application on target system,

Answer 24

downloading an application on target system,

Question 25

Memory image can do a through analysis, mark found cracked copy to perform the analysis what part of the code of ethics did she violate?

Answer 25

No 5. Using illegal software

Question 26

Julia doing hard drive analysis she knows the suspect, she notifies the lab manager what part of the code of ethics did she violate?

Answer 26

None

Question 27

What would not break code of ethics?

diligent work,
remain neutral,
will except cases beyond the level of my ability

Answer 27

will except cases beyond the level of my ability

Question 28

Which of the following is the most commonly used?

Answer 28

web application attack

Question 29

What nom profit organization provides common web attacks?

Answer 29

OWASP (Open Worldwide Application Security Project)

Question 30

Web server log ,what is a good indicator of the address of a hacking tool?

Answer 30

look for geck commands or nmap, nikto

Question 31

What commands help find file names while looking at web logs?

Answer 31

get, POST

Question 32

Which is used on smartphone to store contacts emails and texts?

Answer 32

SIM CARD

Question 33

Can be used to take byte by byte memory of phone that’s been damaged?

j tag,
chip off,
static compression

Answer 33

j tag,
chip off,

Question 34

What are the ports?

http
secure web
FTp
SECURE SHELL
Telnet

Answer 34

http is port 80
secure web is tcp 443
FTp IS 21
SECURE SHELL IS 22
Telnet is 23

Question 35

What sends event log data form a host to storage?

secure shell,
ntp,
smtp,
syslog

Answer 35

syslog

Question 36

Which is used to ensure system clocks are synced?

Answer 36

NTP (Network Time Protocol)

Question 37

Tasklist from windows, which process is the highest PID?

Answer 37

Biggest number is answer

Question 38

Which is not volatile?

Answer 38

Shadow volume copy

Question 39

Pslogged on > output,txt What does this command do?

Answer 39

list of users that are logged on is created in a text

Question 40

Steganography?

Answer 40

Hiding data inside another from or data like text or image

Question 41

Which is better Md5 or sha1?

Answer 41

SHA1 is better

Question 42

Which is not focused on an investigation of windows based host?

Windows Registry,
memory dump,
security analyzer database,

Answer 42

Security analyzer database,