When conducting computer forensic analysis, you must guard against ______________ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
Office Documents (Word, Excel and PowerPoint) contain a code that allows tracking the MAC or unique identifier of the machine that created the document. What is that code called?
With the standard Linux second extended file system (Ext2fs), a file is deleted when the inode internal link count reaches ________.
Why are Linux/Unix based computers better to use than Windows computers for idle scanning?
What is the target host IP in the following command?
Why is it a good idea to perform a penetration test from the inside?
One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?
Area density refers to:
In Microsoft file structures, sectors are grouped together to form:
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?
What does mactime, an essential part of the coroner's toolkit do?
An Expert witness give an opinion if:
A packet is sent to a router that does not have the packet destination address in its route table.
How will the packet get to its proper destination?
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
An Employee is suspected of stealing proprietary information belonging to your company that he had no rights to possess. The information was stored on the Employees Computer that was protected with the NTFS Encrypted File System (EFS) and you had observed him copy the files to a floppy disk just before leaving work for the weekend. You detain the Employee before he leaves the building and recover the floppy disks and secure his computer. Will you be able to break the encryption so that you can verify that that the employee was in possession of the proprietary information?
