Last Updated on July 20, 2021 by InfraExam
312-49 : Computer Hacking Forensic Investigator : Part 04
What method of computer forensics will allow you to trace all ever-established user accounts on a Windows 2000 sever the course of its lifetime?
- forensic duplication of hard drive
- analysis of volatile data
- comparison of MD5 checksums
- review of SIDs in the Registry
Which response organization tracks hoaxes as well as viruses?
Which federal computer crime law specifically refers to fraud and related activity in connection with access devices like routers?
- 18 U.S.C. 1029
- 18 U.S.C. 1362
- 18 U.S.C. 2511
- 18 U.S.C. 2703
Office documents (Word, Excel, PowerPoint) contain a code that allows tracking the MAC, or unique identifier, of the machine that created the document. What is that code called?
- the Microsoft Virtual Machine Identifier
- the Personal Application Protocol
- the Globally Unique ID
- the Individual ASCII String
What TCP/UDP port does the toolkit program netstat use?
- Port 7
- Port 15
- Port 23
- Port 69
Under which Federal Statutes does FBI investigate for computer crimes involving e-mail scams and mail fraud?
- 18 U.S.C. 1029 Possession of Access Devices
- 18 U.S.C. 1030 Fraud and related activity in connection with computers
- 18 U.S.C. 1343 Fraud by wire, radio or television
- 18 U.S.C. 1361 Injury to Government Property
- 18 U.S.C. 1362 Government communication systems
- 18 U.S.C. 1831 Economic Espionage Act
- 18 U.S.C. 1832 Trade Secrets Act
In a FAT32 system, a 123 KB file will use how many sectors?
You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?
- The registry
- The swap file
- The recycle bin
- The metadata
When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?
- a write-blocker
- a protocol analyzer
- a firewall
- a disk editor
How many sectors will a 125 KB file use in a FAT32 file system?
You are called by an author who is writing a book and he wants to know how long the copyright for his book will last after he has the book published?
- 70 years
- the life of the author
- the life of the author plus 70 years
- copyrights last forever
When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?
- on the individual computer’s ARP cache
- in the Web Server log files
- in the DHCP Server log files
- there is no way to determine the specific IP address
Bob has been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the System for a period of three weeks. However, law enforcement agencies were recoding his every activity and this was later presented as evidence.
The organization had used a Virtual Environment to trap Bob. What is a Virtual Environment?
- A Honeypot that traps hackers
- A system Using Trojaned commands
- An environment set up after the user logs in
- An environment set up before a user logs in
To make sure the evidence you recover and analyze with computer forensics software can be admitted in court, you must test and validate the software. What group is actively providing tools and creating procedures for testing and validating computer forensics software?
- Computer Forensics Tools and Validation Committee (CFTVC)
- Association of Computer Forensics Software Manufactures (ACFSM)
- National Institute of Standards and Technology (NIST)
- Society for Valid Forensics Tools and Testing (SVFTT)
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:
- Scan the suspect hard drive before beginning an investigation
- Never run a scan on your forensics workstation because it could change your systems configuration
- Scan your forensics workstation at intervals of no more than once every five minutes during an investigation
- Scan your Forensics workstation before beginning an investigation
Windows identifies which application to open a file with by examining which of the following?
- The File extension
- The file attributes
- The file Signature at the end of the file
- The file signature at the beginning of the file
You have used a newly released forensic investigation tool, which doesn’t meet the Daubert Test, during a case. The case has ended-up in court. What argument could the defense make to weaken your case?
- The tool hasn’t been tested by the International Standards Organization (ISO)
- Only the local law enforcement should use the tool
- The total has not been reviewed and accepted by your peers
- You are not certified for using the tool
Which of the following is NOT a graphics file?
When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
- Hard Drive Failure
- Scope Creep
- Unauthorized expenses
- Overzealous marketing
In General, __________________ Involves the investigation of data that can be retrieved from the hard disk or other disks of a computer by applying scientific methods to retrieve the data.
- Network Forensics
- Data Recovery
- Disaster Recovery
- Computer Forensics