Exam 24: Forensic Techniques

The ____ file is used when Windows goes into hibernation.

The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.

____ will search through a file or folder and report on all the ASCII strings it finds.

The printer spool files will have extensions of ____.

The ____________________ is a written record of all interaction with the evidence from the moment it is acquired to the moment it is released.

What is the pre-incident preparation that must take place for a CSIRT?

The ____ provides the platform on which computer hardware is managed and made available to the computer software applications.

List UNIX/Linux systems files that are of particular interest to the forensic examiner.

A ____ of a hard disk is a bit by bit duplicate, including the boot sector, the partition table, all partitions, hidden files, bad sectors, and even the unallocated space on the hard drive.

A ____ is a hardware device or software program designed to prevent any write operations from taking place on the original media.

List the steps in the incident response process.

Each RP folder contains a set of files that were changed since the last Restore Point.

The ____________________ contains items that were recently deleted from a Windows computer system.

Working with the Registry is easy for the inexperienced user.

____ is a very common file system used by computers and is supported by many different operating systems.

List five laws that have been put into effect to help monitor and control the use of electronic communication systems and computers as well as provide guidelines for prosecution of computer and information-related crimes.

Information that is transferred to an external device should also have a(n) ____ calculated to verify integrity during collection and at a later date.

A network of honeypots is called a(n) ____________________.

A ____ contains a copy of the Registry that existed at the time the Restore Point was created.