Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS4670 CYBER CRIME FORENSICS QUESTIONS > IS4670 Chapter 12 Searching Memory in Real Time with Live System Forensics > Flashcards

IS4670 Chapter 12 Searching Memory in Real Time with Live System Forensics Flashcards

1
Q
  1. ________ is analysis of machines that remain in operation as you examine them.
A

Live system forensics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. ________ is analysis of machines that have been shut down.
A

Dead system analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. It is not as important to avoid contaminating evidence in live system forensics as it is in dead system forensics.
    A. True
    B. False
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following are drawbacks of dead system forensics? (Select three.)
    A. It leads to corruption of evidence.
    B. It leads to corruption of the original data.
    C. It leads to system downtime.
    D. It leads criminals to use cryptography.
    E. It leads to data consistency problems.
A

It leads to corruption of evidence.

It leads to system downtime.

It leads criminals to use cryptography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
5. You can use live system forensics to acquire one type of data that dead system forensics can’t acquire. What type of data is this?
A. Binary 
B. Virtual 
C. Volatile 
D. Nonvolatile
A

Volatile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
6. Which of the following is a software implemen- tation of a computer that executes programs as if it were a physical computer?
A. VMware 
B. Write blocker 
C. Hardware fingerprint 
D. Virtual machine
A

Virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following are drawbacks of live system forensics? (Select three.)
    A. It leads to system downtime.
    B. Slurred images can result.
    C. Data can be modified
    D. It leads to data consistency problems.
    E. It leads criminals to use cryptography.
A

Slurred images can result.

Data can be modified

It leads to data consistency problems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. As a result of not acquiring data at a unified moment, live system forensics presents a problem with ________.
A

Consistency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
9. What are two possible techniques for approaching a compromised system using live system forensics? (Select two.)
A. Live response 
B. Hot swapping 
C. Volatile memory analysis 
D. Hardware fingerprinting
A

Live response

Volatile memory analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. The following are some of the benefits of ________: It limits the impact on the compromised system, analysis is repeatable, and you can ask new questions after the analysis.
A

Volatile memory analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

IS4670 CYBER CRIME FORENSICS QUESTIONS (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions