Other

Question 1

Payload

Answer 1

the information to be covertly communicated. In other words, the message you want to hide.

Question 2

Carrier

Answer 2

The signal, stream, or file in which a payload is hidden

Question 3

Channel

Answer 3

The type of medium used. This may be a passive channel, such as photos, video, sound files.

Question 4

Steganalysis

Answer 4

the process of analyzing a file or files for hidden content. FTK and Encase both check for steganography.

Question 5

Cryptographic Hashes

Answer 5

How many systems, including Microsoft Windows, store passwords. “password” > 8BS09394820IKSKDF909DF99230 then it is stored in the SAM (Security Accounts Manager) file in the Windows System directory.

Question 6

Rainbow Tables

Answer 6

Every letter combination “under the rainbow” files used to crack hashes. OPHCRACK took depends on rainbow tables. Ophcrack is very successful at cracking windows local machine passwords.

Question 7

Security log

Answer 7

the most important log from a forensics point of view. It has both successful and unsuccessful login events

Question 8

Application log

Answer 8

contains various events logged by applications or programs. Many applications record their errors here.

Question 9

System log

Answer 9

contains events logged by Windows system components. This includes events like driver failures.

Question 10

Registry

Answer 10

contains information that Windows continually references during operation, such as profiles for each use, the applications installed on the computer and the types of documents that each can create.

Question 11

Registry Hive

Answer 11

HKEY_LOCAL_MACHINE\SAM Sam, Sam.log, Sam.sav
HKEY_LOCAL_MACHINE_\Security Security, Security.log, Security.sav
HKEY_LOCAL_MACHINE\Software Software, Software.log, Software.sav
HKEY_LOCAL_MACHINE\System System, System.alt, System.log, System.sav

HKEY_CURRENT_CONFIG System System.alt, System.log, System.sav, Ntuser.dat,
Ntuser.dat.log

Question 12

Mac OS command prompt

Answer 12

BASH shell so you can execute Linux commands.

Question 13

HFS+

Answer 13

preferred file system for quite some time for Mac OS, one you will likely encounter when doing forensic examinations of Apple computers.

Question 14

APFS Apple File System

Answer 14

created for MacOS 10.13 and later versions. Larger storage than HFS+

Question 15

GUID Partition Table

Answer 15

is used primarily with computers that have an Intel-based processor. Requires OS X v10.4 or later

Question 16

MBR Master Boot Record

Answer 16

contained in the boot sector, is used when DOS- or Windows-based computers start up. Contains important info such as partition table, bootstrap code, and other information.

Question 17

MacOS Logs

Answer 17

Check the logs- very important when examining any computers.

Question 18

The/Users/<user>/.bash_history Log</user>

Answer 18

Shows a variety of commands.

Question 19

The /etc Directory

Answer 19

Where configuration files are located. Configuration files can be quite interesting in forensic investigation.

Question 20

Deleted Files on an iPhone, iPad, or iPod

Answer 20

.Trashes\501 folder

Question 21

iPhone passcode breaking

Answer 21

XRY

Question 22

Pwnage

Answer 22

Allows you to unlock a locked iPod Touch

Question 23

.pst

Answer 23

Outlook

Question 24

.ost

Answer 24

Offline Outlook Storage

Question 25

.mbx or .dbx

Answer 25

Outlook Express

Question 26

.mbx

Answer 26

Eudora