What is the First Step required in preparing a computer for forensics investigation? Show
a. Do not turn the computer off or on, run any programs, or attempt to access data on a computer A Network forensics can be defined as the sniffing, recording,________________ and analysis of the a. Infecting B Which of the following would you consider an aspect of organizational security, especially focusing on IT security? a. Security from frauds B Which of the following approaches checks and compares all the fields systematically and intentionally for positive and negative correlation with each other to determine the correlation across one or multiple fields? C During the first responder procedure you should follow all laws while collecting the evidence, and contact a computer forensic as soon as possible. a. Tester B You are collecting electronic evidence at the crime scene. What should the collection proceed? a. The collection should proceed only from hard disk. D Computer forensics report provides detailed information on complete computer forensics investigation process. Which of the following attributes of a forensics report can render it in admissible in a court of law? a. It maintains a single document style through the text C The Federal Bureau of Investigation (FBI) set up a laboratory in order to provide forensic services to all field agents and other law authorities. a. 1992 D There were massive backlogs within all police forces, to the point where it was six months to two years before some computers could be examined. a. Chain of custody D What is the role of the Forensic Examiner in the Judicial System? a. Must be expert witness and without bias. A
What does a logical acquisition collect for an investigation? a. Size of the source drive, where the source drive be retained as evidence, how long the acquisition will take, and where the disk evidence is located. C What should you consider when determining which data acquisition method to use? a. Size of the source drive, where the source drive be retained as evidence, how long the acquisition will take, and where the disk evidence is located. A Why is it a good practice to make two images of a suspect drive in a critical investigation? Determing whether there's sufficient electrical power and lighting and checking the D What does the American Society of Crime Laboratory Directors/Laboratory Accreditatio Board (ASCLD/LAB) do? a. Computer Forensic Tool Testing B
"Best evidence" is roughly defined as the best evidence that can be produced in court. "Best evidence" include? a. A plan to investigate B Once the multiple data sources have been aggregated and correlated, it's time to build a timeline of activities. Understanding who did what, when, and how is the basis for any theory of the case? a. Interpretation D Which of the following is the first recommended process in the OSCAR network forensics investigate methodology? a. Offsite gather information D
Which of the following is the third recommended process in the OSCAR network forensics investigate methodology? a. Copy evidence B Which of the following is the fifth recommended process in the OSCAR network forensics investigate methodology? a. Reconnaissance D Which of the following commands shows you all of the network services running on Windows based servers? a. Net Session D Email archiving is a systematic approach to save and protect the data contained in emails so that hackers can exploit and easily access to read the victim's email. Which of the following protect the email system? a. Use VPN connection before read email. C In which step of the computer forensics investigation methodology would you run MD5 checksum on the evidence? a. Collect the evidence. B Which of the following task list commands provides information about the listed processes, including the image name, PID, name, and number of the session for the process? a. tasklist Is B Windows Security Event Log contains records of login/logout activity or other security related events specified by the system's audit policy. What does event ID 531 in Windows Security Event Log indicates? a. A logon attempt was made using a disabled account. A Volatile information can be easily modified or lost when the system is shutdown or rebooted. Which of the following help you to determine at a logical timeline? a. The processes are running. B You can find the SIDs in Windows registry editor at the following location: a. HKEY CURRENT_CONFIG\SOFTWARE\Microsoft\Windows NT\Currentversion _ D A technique used to make a person reveal confidential information such as passwords through manipulation. a. Bandwidth D The art and science of hiding information by embedding messages in other, semmingly harmless messages. a. Bookrack C Which of the following attacks allows attacker to acquire access to the communication channels between the victim and server to extract the information? a. Social Engineering attack C Which of the following Steganography techniques allows you to encode information that ensures creation of cover for secret communication?
a. Substitution techniques D A disk-forensic DOS tool that is designed to emulate and extend the capabilities of DOS to meet forensic needs; it creates a direct disk-to-disk forensic duplicates, can copy a range of sectors within or between drives, and can process duplicate drives. a. Steganography C What is a SCSI (Small Computer System Interface)? a. A set of ANSI standard electronic interfaces that allow personal computers to communicate with peripheral hardware such as disk drives, tape drives. CD-ROM drives, printers, and scanners A Which of the following steganography types hides the secret message in a specifically designed pattern on the document that is unclear to the average reader? a. Text semagrams steganography D The first response to an incident may involve three different groups of people, and each will have different skills and need to carry out different tasks based on the incident. Who is responsible for collecting, preserving, and packaging electronic evidence? a. Local managers or other non-forensic staff D Which organization provides good information on safe storage containers? a. WESTERN D What is the first step required in preparing a computer for forensics investigation?Explanation. I think the very first step is "Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue" because if we'll keep system ON then attacker can somehow destroy evidence including volatile information.
What is the first step in a computer forensics investigation select the best answer?The guide recommends a four-step process for digital forensics: (1) identify, acquire and protect data related to a specific event; (2) process the collected data and extract relevant pieces of information from it; (3) analyze the extracted data to derive additional useful information; and (4) report the results of the ...
What is the first step in the development of computer forensic capabilities?Identification. This initial step in computer forensics is to understand and identify the scenario. This is where the investigator points out the specific reason for conducting forensic analysis.
What are the five steps in the computer forensics process?There are five basic steps in a typical Computer Forensics examination case. These steps are: Intake, Acquisition, Imaging, Forensic Analysis, and Reporting.
|