What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 server the course of its lifetime?
A. forensic duplication of hard drive
B. analysis of volatile data
C. comparison of MD5 checksums
D. review of SIDs in the Registry
Not MD5: MD5 checksums are used as integrity checks
User accounts are assigned a unique SID, and the SID are not reused.
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
A. The system files have been copied by a remote attacker
B. The system administrator has created an incremental backup
C. The system has been compromised using a t0rn rootkit
D. Nothing in particular as these can be operational files
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?
A. src port 23 and dst port 23
B. src port 22 and dst port 22
C. udp port 22 and host 172.16.28.1/24
D. net port 22
Depending upon the Jurisdictional areas, different laws apply to different incidents.
Which of the following law is related to fraud and related activity in connection with computers?
A. 18 USC 7029
B. 18 USC 7030
C. 18 USC 7361
D. 18 USC 7371
Cylie is investigating a network breach at a state organization in Florida. She discovers that the intruders were able to gain access into the company firewalls by overloading them with IP packets. Cylie then discovers through her investigation that the intruders hacked into the company phone system and used the hard drives on their PBX system to store shared music files.
What would this attack on the company company PBX system be called?
What will the following command accomplish?
dd if=/dev/xxx of=mbr.backup bs=512 count=1
A. Back up the master boot record
B. Restore the master boot record
C. Mount the master boot record on the first partition of the hard drive
D. Restore the first 512 bytes of the first partition of the hard drive
Jim performed a vulnerability analysis on his network and found no potential problems. He runs another utility that executes exploits against his system to verify the results of the vulnerability test. The second utility executes five known exploits against his network in which the vulnerability analysis said were not exploitable.
What kind of results did Jim receive from his vulnerability analysis?
A. False negatives
B. True negatives
C. True positives
D. False positives
Which of the following standard is based on a legal precedent regarding the admissibility of scientific examinations or experiments in legal cases?
A. Daubert Standard
B. Schneiderman Standard
C. Frye Standard
D. FERPA standard
Which of the following passwords are sent over the wire (and wireless) network, or stored on some media as it is typed without any alteration?
A. Clear text passwords
B. Obfuscated passwords
C. Hashed passwords
D. Hex passwords