Digital Forensics

Question 1

CMOS

Answer 1

Where a computer stores system configuration and date and time information when the system is off.

Question 2

• Memory or Cache memory

Answer 2

contain the bootloader – Where the OS is loaded by the bootstrap. it’s a portion of your RAM that is directly attached to the central processing unit-

Question 3

• Master Boot Record (MBR

Answer 3

MBR is where the partitions information are saved; it’s created when a hard drive is partitioned. MRR is located on the first sector or sector 1 of a disk.

Question 4

• Boot section

Answer 4

: Comprise partitions that describe the rest of the file system

Question 5

• bootstrap program

Answer 5

: Is used for loading the operating system.

Question 6

• Partitions:

Answer 6

A logical drive on a disk

Question 7

• Partition table :

Answer 7

is in the MBR at sector 0 of the disk drive

Question 8

Logical addresses

Answer 8

: point to relative cluster positions.

Question 9

Physical addresses :

Answer 9

Actual sector in which files are located

Question 10

fat

Answer 10

The mechanism that keeps track of files stored on disk

Question 11

Boot Record:

Answer 11

Contains information that the system uses to access the volume. It’s a relative address 0. The first 512 bytes

Question 12

• BIOS –

Answer 12

Computer configuration is saved in the BIOS. System BIOS or EFI contains programs that perform input and output at the hardware level.

Question 13

• power-on-self-test (POST) –

Answer 13

Software embedded in the hardware that check if a hardware is missing .It is the first step of the boot sequence

Question 14

Hives :

Answer 14

LOGICAL GROUP OF KEYS,, SUBKEYS, AND VALUES IN THE REGISTRY.

Question 15

HKEY_CLASSES_ROOT

Answer 15

Provides file type and file extension information. URL protocol, and so forth. It’s linked to HKEY_LOCAL_MACHINE

Question 16

HKEY_CURRENT_USER

Answer 16

Store settings to the curently logged-on user. Linked to HKEY_USERS

Question 17

HKEY_LOCAL_MACHINE

Answer 17

Contains Information about installed hardware and software.

Question 18

HKEY_USERS

Answer 18

Stores information for the currently logged-on user. Contain inforation about all users who has account on the computer. only one key in this HKEY is linked to HKEY_CURRENT_USER

Question 19

HKEY_CURRENT_CONFIG

Answer 19

contains current hardware configuration settings. Liked to HKEY_LOCAL_MACHINE\SYSTEM

Question 20

HKEY_DYN_DATA

Answer 20

Udr only in Windows 9x/ME systems. Stores configuration settings

Question 21

Bitmaps

Answer 21

are used to represent image on the computer. They are defined as rectangular mesh of cells called pixels

Question 22

Resolution

Answer 22

Resolution is an attribute of a bitmap that is necessary when visually viewing or printing bitmaps because pixels by themselves have no explicit dimensions

Question 23

PST or PFF

Answer 23

is a file where Microsoft Outlook stores all of outlook items

Question 24

mkdir email_forensics

Answer 24

make directory email_ forensics

Question 25

cd email_forensics/

Answer 25

change directory email_forensics

Question 26

Lspst

Answer 26

list PST files

Question 27

Readpst

Answer 27

read all PST files

Question 28

mkdir crack

Answer 28

Make directory crack

Question 29

wget https:www

Answer 29

it’s to download file over a network

Question 30

ls

Answer 30

list segment/contents