16-2

Question 1

contains various events logged by applications or programs

Answer 1

application log

Question 2

this log contains events logged by Windows system components

Answer 2

system log

Question 3

this log is used to store events collected from remote computers

Answer 3

forward events log

Question 4

this log is used to store events from a single application or component rather than events that might have a systemwide impact

Answer 4

applications and services logs

Question 5

linux log that contains failed user logins

Answer 5

/var/log/faillog

Question 6

this linux log file is used for messages from the OS kernel

Answer 6

/var/log/kern.log

Question 7

this linux log is the printer log and can give you a record of any items that have been printed from this machine

Answer 7

/var/log/lpr.log

Question 8

this linux is themail server log and can be very useful in any computer crime investigation

Answer 8

/var/log/mail

Question 9

this linux log records activities related to the SQL database server and will usually be of less interest to a computer crime investigation

Answer 9

/var/log/mysql.*

Question 10

this linux log is for the apache web server, and will show related activity

Answer 10

/var/log/apache2/*

Question 11

this linux log will show activity for lighttpd/*

Answer 11

/var/log/lighttpd/*

Question 12

this linux log records application crashes

Answer 12

/var/log/apport.log

Question 13

this linux log contains user activity logs

Answer 13

/var/log/user.log

Question 14

a free tool used ot recover windows files

Answer 14

disk digger