Virtual Machine Forensics, Live Acquisitions, and Network Forensics Flashcards
Type 2 hypervisors cannot be used on laptops
False
Which tool lists all open network sockets, including those hidden by rootkits?
Memoryze
Network logs record traffic in and out of a network
True
Virtual machines (VMs) help offset hardware costs for companies
True
When intruders break into a network, they rarely leave a trail behind
False
In network forensics, you have to restore the drive to see how malware that attackers have installed on the system works
True
Which project was developed to make information widely available in an attempt to thwart Internet and network hackers?
Honeynet
Which product responded to the need for security and performance by producing different CPU designs?
Virtualization Technology (VT)
Which type of forensics can help you determine whether a system is truly under attack or a user has inadvertently installed an untested patch or custom program?
Network Forensics
Which network protocol analyzer can be programmed to examine TCP headers to find the SYN flag?
Tethereal
On which OSI model layers do most packet analyzers operate?
Layers 2 and 3
Which network defense strategy, developed by the National Security Agency (NSA), has three modes of protection?
Defense in Depth
In which type of attack does the attacker keep asking the server to establish a connection?
SYN flood
Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM
True
Which format can be read by most packet analyzer tools?
Pcap
Which tool was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files?
Netdude
Virtual machines are now common for both personal and business use
True
What term is used for the machines used in a DDoS attack?
Zombies
Which tool is useful for extracting information from large Libpcap files?
Tcpslice
What type of software runs virtual machines?
A Hypervisor
What determines how long a piece of information lasts on a system?
Order of volatility
A honeywall is a computer set up to look like any other machine on your network, but it lures the attack to it
False
Type 1 hypervisors are usually the ones you find loaded on a suspect machine
False
Which tool allows network traffic to be viewed graphically
Etherape
Which type of virtual machine software is typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage?
Type 1
A forensic image of a VM includes all snapshots
False
To find network adapters, you use ____________ command in Windows and the ____________ command in Linux
ipconfig, ifconfig
A layered network defense strategy puts the most valuable data where?
In the innermost layer
Packet analyzers examine what layers of the OSI model?
Layer 2 and 3
Which of the following file extensions are associated with VMware virtual machines?
.vmx, .log, and .nvram
In VirtualBox, a(n) ________ file contains settings for virtual hard drives
.vbox
Which Registry key contains associations for file extensions?
HKEY_CLASSES_ROOT
The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of _____________ and ____________.
RAM, storage
When do zero day attacks occur?
On the day the application or OS is released, before the vendor is aware of the vulnerability
You can expect to find a type 2 hypervisor on what type of device?
Desktop, Smartphone, Tablet
Which of the following is a clue that a virtual machine has been installed on a host system?
Virtual network adapter
Virtual Machine Extensions (VMX) are part of which of the following?
Intel Virtualized Technology
What are the three modes of protection in the DiD strategy?
People, Technology, Operations
Tcpslice can be used to retrieve specific timeframes of packet captures
True
