99 - Sample Exam Paper Flashcards
In the context of database, what is a key?
A key is a set of one or more attributes (columns) in the table that have certain properties. They are used to establish and identify relationships between tables and also to uniquely identify any record or row of data inside a table. A Key can be a single attribute or a group of attributes, where the combination may act as a key.
What is primary key?
Used to uniquely identify the tuples in a table, every tuple in a relational database has its own primary key. Normally it will be chosen from one of the primary keys.
What is foreign key?
A FOREIGN KEY is a key used to link two tables together.
A FOREIGN KEY is a field (or collection of fields) in one table that refers to the PRIMARY KEY in another table.
What is the difference between key and index?
An index is a copy of selected columns of data from a table that can be searched very efficiently.
A DBMS key is an attribute or set of an attribute which helps you to identify a row(tuple) in a relation(table) and to establish relationsships between tables.
List some popular database operations?
- Selection
- Projection
- Union
- Intersection
- Difference
- Cartesian Product
- Join
- Divide
What is an index?
An index is a copy of selected columns of data from a table that can be searched very efficiently.
What is a compound key?
A compound key includes two or more attributes.
What is a super key?
- A set of data attributes (one or more) from different columns in a table that can be used as an identifer (primary key).
- No two tuples have the same values for the super key.
- Key attributes that can uniquely identify a row.
- Several super keys can be present in a table.
What is a candidate key?
A column or set of columns in a table that can potentially be used as a primary key.
To qualify, it must be able to function as a unique identifier to sort all of the table’s data records.
It’s a minimum super key. A super key reduced to the least amount of attributes needed to uniquely identify a row.
In analysing unknown databases, why investigators should gather information on each database file? Describe with example this task in details.
- Understand / Use the Application
- Find the SQLite files
- Gather information on each database file
- Perform common application tasks
- Develop SQL queries to extract information
In the context of iOS Forensics, describe the main steps of:
- Recovering contact information
- Retrieving Call History Information
Contact information
- Examine the schema of ABPerson table
- Retrieve all information from the ABPerson
- Examine the schema of other tables (ABMultiValue, ABMultiValueEntry, ABMultiValueLabel)
- Retrieve information from the ABPerson, ABMultiValue, ABMultiValueEntry, ABMultiValueLabel tables
=> be aware of NSDate Format (# of seconds since 2001)
Call History
Information are stored in call_history.db. Important table: call. Will only hold 100 calls (incl. FaceTime). Main columns are: ROWID, address, Date (Unixepoch), duration, flags, id, country_code
flags: 4=incoming, 5=outgoing, 8=blocked, 16: facetime. Everything else=dropped.
How can we automate all analysis tasks by running just one command and all outputs are stored in a file rather than
displayed on the monitor?
This can be solved by creating an query script first.
To change the output:
# .mode csv
# .output results.csv
then to run an external script:
# sqlite3 messages.db
# .read analysis.sql
- What is a database?
- What is a DBMS?
- What is a relational database?
- A database is a organized / structure collection of records or data, that is stored presistent in a computer system.
- A database management system is a software designed to define, manipulate, retrieve and manage data in a database. A DBMS generally manipulates the data itself, the data format, field names, record structure and file structure
- A relational database is a type of database that stores and provides access to data that are related to one another.
Describe the MySQL Data Directory?
- Each database has its own database directory.
- Tables, views, triggers correspond to files in the directory.
- Typical files are:
- frm file (used to define the format of a table)
- process ID (PID) file
- status and log files
- DES key files
- Server’s SSL certificate
Where is the Describe the MySQL Data Directory located or how can it be found?
Windows
- C:\Program Data\MySQL\
- C:\Documents & Settings\All User\Application Data\MySQL
Linux:
- /usr/local/mysql/data
- /var/lib/mysql
or run: $mysqladmin variables
