During an investigation, Noel found the following SIM card from the suspect's mobile. What does the code 89 44 represent?
NTFS sets a flag for the file once you encrypt it and creates an EFS attribute where it stores Data Decryption Field (DDF) and Data Recovery Field (DDR). Which of the following is not a part of DDF?
Which of the following examinations refers to the process of providing the opposing side in a trial the opportunity to question a witness?
Which of the following is a MAC-based File Recovery Tool?
Select the tool appropriate for finding the dynamically linked lists of an application or malware.
Which of the following techniques delete the files permanently?
MAC filtering is a security access control methodology, where a ___________ is assigned to each network card to determine access to the network.
Event correlation is the process of finding relevance between the events that produce a final result. What type of correlation will help an organization to correlate events across a set of servers, systems, routers and network?
One technique for hiding information is to change the file extension from the correct one to the one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
Which of the following is found within the unique instance ID key and helps investigators to map the entry from USBSTOR key to the MountedDevices key?
Which U.S. law sets the rules for sending emails for commercial purposes, establishes the minimum requirements for commercial messaging, gives the recipients of emails the right to ask the senders to stop emailing them, and spells out the penalties in case the above said rules are violated?
Which of the following information is displayed when Netstat is used with -ano switch?
After suspecting a change in MS-Exchange Server storage archive, the investigator has analyzed it. Which of the following components is not an actual part of the archive?
Robert is a regional manager working in a reputed organization. One day, he suspected malware attack after unwanted programs started to popup after logging into his computer. The network administrator was called upon to trace out any intrusion on the computer and he/she finds that suspicious activity has taken place within Autostart locations. In this situation, which of the following tools is used by the network administrator to detect any intrusion on a system?
Which of the following application password cracking tool can discover all password-protected items on a computer and decrypts them?
