D431-Digital Forensics in Cybersecurity - After 2nd Attempt

Question 1

Where on a Windows system is the config folder located that contains the SAM file?

Answer 1

C:\Windows\System32

The SAM (Security Accounts Manager) file, which stores Windows user passwords in encrypted form, is typically located in the “C:\Windows\System32\config” directory on a Windows system.

Question 2

Which Windows component is responsible for reading the boot.ini file and displaying the boot loader menu on Windows XP during the boot process?

Answer 2

NTLDR

In Windows XP, the component responsible for reading the boot.ini file and displaying the boot loader menu during the boot process is called NTLDR (NT Loader).

Question 3

Which method is used to implement steganography through pictures?

Answer 3

LSB

Least Significant Bit (LSB) insertion: This method involves replacing the least significant bits of the pixels in an image with hidden data. Since these alterations are often imperceptible to the human eye, they can conceal information within the image.

Question 4

A criminal organization has compromised a third-party web server and is using it to control a botnet. The botnet server hides command and control messages through the DNS protocol.

Which steganographic component are the command and control messages?

Answer 4

Payload

Question 5

During a cyber-forensics investigation, a USB drive was found that contained multiple pictures of the same flower.

How should an investigator use properties of a file to detect steganography?

Answer 5

Review the hexadecimal code looking for anomalies in the file headers and endings using a tool such as EnCase