Adam, a forensic analyst, is preparing VMs for analyzing a malware. Which of the following is NOT a best practice?
An investigator is analyzing a checkpoint firewall log and comes across symbols. What type of log is he looking at?
Which of the following is a tool to reset Windows admin password?
James, a hacker, identifies a vulnerability in a website. To exploit the vulnerability, he visits the login page and notes down the session ID that is created. He appends this session ID to the login URL and shares the link with a victim. Once the victim logs into the website using the shared URL, James reloads the webpage (containing the URL with the session ID appended) and now, he can browse the active session of the victim. Which attack did James successfully execute?
In which registry does the system store the Microsoft security IDs?
Investigators can use the Type Allocation Code (TAC) to find the model and origin of a mobile device. Where is TAC located in mobile devices?
Which of these Windows utility help you to repair logical file system errors?
Raw data acquisition format creates _________ of a data set or suspect drive.
Which tool allows dumping the contents of process memory without stopping the process?
Smith, an employee of a reputed forensic investigation firm, has been hired by a private organization to investigate a laptop that is suspected to be involved in the hacking of the organization’s DC server. Smith wants to find all the values typed into the Run box in the Start menu. Which of the following registry keys will Smith check to find the above information?
