Ch. 7 Flashcards
Investigators can use Linux commands to gather necessary information from the system. What shell command is used to display the kernel ring buffer or information about device drivers loaded into the kernel?
dmesg
What is not volatile information in Linux?
User accounts
What are some date- and time-related commands in Linux?
- date
- uptime
- timezone
Forensic investigators should use the “netstat -rn” command to view routing table information. In this command, what does the “-n” flag provide?
Lists numerical addresses
The nmap command can only be used to identify TCP port connections. True/False
False. The nmap command is run with different options/flags for TCP and UDP port connections.
What Linux command lists the open files for the user currently logged into a system?
lsof
The state of nonvolatile data changes when a machine is turned off. True/False
False. Nonvolatile data does not change when the machine is turned off.
In Linux systems, where is local user information saved?
/etc/passwd file
What log file in a Linux system cannot be used by forensic investigators?
/var/log/evtx.log
Digital files generally have a signature that can be found in the first 20 bytes of the file. True/False
True.
The macOS is one of the most widely adopted systems worldwide, and with the increase in its usage, the number of cyberattacks it faces has decreased significantly. True/False
False. The number of cyber-attacks it faces has increased significantly for macOS.
What OS is macOS based on?
Unix
What does macOS store user settings in the form of?
A plist file
What is the built-in manager that saves credentials for websites, wireless networks, SSH servers, and private keys for macOS?
Keychain
What directory has the printer log files for macOS?
/var/log/cups
