Set 4 Flashcards
What is Lockard’s exchange principle?
If something is taken than there will be a trace of evidence.
While dinner with her family, tw police officers want to search her rouse with a warrant and without consent, what is this called?
unreasonable search 4th amendment violation
In 2020 a driver ran a light, the driver of other car must have medical care, the drunk driver is sued under ____ law.
tort
What are the 5 w h?
who, what, when, where, how
Dr cooper dark matter uses scientific method, wht is first step of scientific method?
Ask a question
George is ist for company as the forensic analyst he is not responsible for,
Discovering malicious activity
Getting systems back online
Ensuring all collected evidence follows chain of custody
Ensuring all collected evidence follows chain of custody
Local police department, police investigated crime scene murder, the dfi goes inside victims office what two things does he do?
sean does a memory dump,
sean is performing live collection,
dead collection,
sean does not require a warrant,
sean is performing live collection
sean does not require a warrant
Convert 34 to binary
convert 1001010 to decimal
100010
74
First bytes of a file are called?
Magic bytes, they tell the OS what kind of file it is
What isn’t an anti forensics technique?
data wiping,
physical destruction,
defragmentation,
encryption
defragmentation
What must be completed each time evidence is moved?
chain of custody
What are the different phases of the forensic analyst process, 6 of them?
pre-investigation,
preparing the investigation,
search and seizure,
analyze,
report and testify,
post investigation
Certified data forensic lab has what accredited standard,
iso-eic-17025,
Cluley works in data forensics lab, collects and retrieves digital evidence, called to testify in court. What fits him?
officer,
manager,
analyst,
investigator
analyst
Melissa works in data forensics lab, she collects and preserves digital evidence, called to testify in court. What is she?
officer,
manager,
analyst
investigator
investigator
What isn’t a Technical control?
Intrusion detection,
backups,
emergency repose procedures,
emergency repose procedures,
Police department team want to investigate crime scene goes into victim office and see laptop is turned on but screen is blank, what to do?
Move the mouse
Data forensics analyst investigate corporate and look at suspicious, employee internet activity on watchlist, before you got further you must get permission from _____
hr and legal
What equipment to use not contaminate digital evidence?
write blocker,
diode,
FTK
Write blocker
Detective gets info that gang has stolen computers, before officers can enter they must get a warrant, an affidavit is needed, what does detective need to get a warrant?
Probable cause
Officer spots suspects loading computers into a truck what allows officers to search truck?
exigent cicumstances
Computers are outside the warehouse victims name is on the computer?
plain view doctrine
Tcp and udp operate in what layer?
the 4th layer or transport layer
Which is not considered a common data acquisition practice?
making a true copy,
making a copy of a copy,
ensuring mace attributes are unchanged,
downloading an application on target system,
downloading an application on target system,
Memory image can do a through analysis, mark found cracked copy to perform the analysis what part of the code of ethics did she violate?
No 5. Using illegal software
Julia doing hard drive analysis she knows the suspect, she notifies the lab manager what part of the code of ethics did she violate?
None
What would not break code of ethics?
diligent work,
remain neutral,
will except cases beyond the level of my ability
will except cases beyond the level of my ability
Which of the following is the most commonly used?
web application attack
What nom profit organization provides common web attacks?
OWASP (Open Worldwide Application Security Project)
Web server log ,what is a good indicator of the address of a hacking tool?
look for geck commands or nmap, nikto
What commands help find file names while looking at web logs?
get, POST
Which is used on smartphone to store contacts emails and texts?
SIM CARD
Can be used to take byte by byte memory of phone that’s been damaged?
j tag,
chip off,
static compression
j tag,
chip off,
What are the ports?
http
secure web
FTp
SECURE SHELL
Telnet
http is port 80
secure web is tcp 443
FTp IS 21
SECURE SHELL IS 22
Telnet is 23
What sends event log data form a host to storage?
secure shell,
ntp,
smtp,
syslog
syslog
Which is used to ensure system clocks are synced?
NTP (Network Time Protocol)
Tasklist from windows, which process is the highest PID?
Biggest number is answer
Which is not volatile?
Shadow volume copy
Pslogged on > output,txt What does this command do?
list of users that are logged on is created in a text
Steganography?
Hiding data inside another from or data like text or image
Which is better Md5 or sha1?
SHA1 is better
Which is not focused on an investigation of windows based host?
Windows Registry,
memory dump,
security analyzer database,
Security analyzer database,