Last Updated on July 22, 2021 by InfraExam
312-49 : Computer Hacking Forensic Investigator : Part 21
BMP (Bitmap) is a standard file format for computers running the Windows operating system. BMP images can range from black and white (1 bit per pixel) up to 24 bit color (16.7 million colors). Each bitmap file contains a header, the RGBQUAD array, information header, and image data. Which of the following element specifies the dimensions, compression type, and color format for the bitmap?
- Information header
- Image data
- The RGBQUAD array
Identify the file system that uses $BitMap file to keep track of all used and unused clusters on a volume.
An investigator has acquired packed software and needed to analyze it for the presence of malice. Which of the following tools can help in finding the packaging software used?
- Comodo Programs Manager
- Dependency Walker
Korey, a data mining specialist in a knowledge processing firm DataHub.com, reported his CISO that he has lost certain sensitive data stored on his laptop. The CISO wants his forensics investigation team to find if the data loss was accident or intentional. In which of the following category this case will fall?
- Civil Investigation
- Administrative Investigation
- Both Civil and Criminal Investigations
- Criminal Investigation
Which of the following Windows-based tool displays who is logged onto a computer, either locally or remotely?
- Process Monitor
A forensic examiner is examining a Windows system seized from a crime scene. During the examination of a suspect file, he discovered that the file is password protected. He tried guessing the password using the suspect’s available information but without any success. Which of the following tool can help the investigator to solve this issue?
- Cain & Abel
- Colasoft’s Capsa
Which of the following Android libraries are used to render 2D (SGL) or 3D (OpenGL/ES) graphics content to the screen?
- OpenGL/ES and SGL
- Surface Manager
- Media framework
Report writing is a crucial stage in the outcome of an investigation. Which information should not be included in the report section?
- Speculation or opinion as to the cause of the incident
- Purpose of the report
- Author of the report
- Incident summary
You are assigned a task to examine the log files pertaining to MyISAM storage engine. While examining, you are asked to perform a recovery operation on a MyISAM log file. Which among the following MySQL Utilities allow you to do so?
Andie, a network administrator, suspects unusual network services running on a windows system. Which of the following commands should he use to verify unusual network services started on a Windows system?
- net serv
- net start
Randy has extracted data from an old version of a Windows-based system and discovered info file Dc5.txt in the system recycle bin. What does the file name denote?
- A text file deleted from C drive in sixth sequential order
- A text file deleted from C drive in fifth sequential order
- A text file copied from D drive to C drive in fifth sequential order
- A text file copied from C drive to D drive in fifth sequential order
Sheila is a forensics trainee and is searching for hidden image files on a hard disk. She used a forensic investigation tool to view the media in hexadecimal code for simplifying the search process. Which of the following hex codes should she look for to identify image files?
- ff d8 ff
- 25 50 44 46
- d0 0f 11 e0
- 50 41 03 04
Shane, a forensic specialist, is investigating an ongoing attack on a MySQL database server hosted on a Windows machine with SID “WIN-ABCDE12345F.” Which of the following log file will help Shane in tracking all the client connections and activities performed on the database server?
What must an attorney do first before you are called to testify as an expert?
- Qualify you as an expert witness
- Read your curriculum vitae to the jury
- Engage in damage control
- Prove that the tools you used to conduct your examination are perfect
Gary is checking for the devices connected to USB ports of a suspect system during an investigation. Select the appropriate tool that will help him document all the connected devices.
Which of the following is NOT a physical evidence?
- Removable media
- Image file on a hard disk
During forensics investigations, investigators tend to collect the system time at first and compare it with UTC. What does the abbreviation UTC stand for?
- Coordinated Universal Time
- Universal Computer Time
- Universal Time for Computers
- Correlated Universal Time
Buffer overflow vulnerability of a web application occurs when it fails to guard its buffer properly and allows writing beyond its maximum size. Thus, it overwrites the_________. There are multiple forms of buffer overflow, including a Heap Buffer Overflow and a Format String Attack.
- Adjacent memory locations
- Adjacent bit blocks
- Adjacent buffer locations
- Adjacent string locations
Which of the following is a part of a Solid-State Drive (SSD)?
- NAND-based flash memory
Which of the following standard represents a legal precedent set in 1993 by the Supreme Court of the United States regarding the admissibility of expert witnesses’ testimony during federal legal proceedings?
- SWGDE & SWGIT