Exam 11: Virtual Machines, Network Forensics, and Live Acquisitions

Helix operates in two modes:Windows Live (GUI or command line) and ____.

A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.

Network forensics is a fast, easy process.

Match each item with a statement below: -displays who's logged on locally

What is Knoppix-STD?

____ are devices and/or software placed on a network to monitor traffic.

The PSTools ____________________ tool allows you to suspend processes.

The term ____________________ means how long a piece of information lasts on a system.

Match each item with a statement below: -displays the security identifier (SID) of a computer or user

Most packet sniffers operate on layer 2 or ____ of the OSI model.

The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.

Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.

Why is testing networks as important as testing servers?

Describe some of the Windows tools available at Sysinternals.

Match each item with a statement below: -a network analysis tool

In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

The PSTools ____ kills processes by name or process ID.

What is the general procedure for a live acquisition?

____ is a popular network intrusion detection system that performs packet capture and analysis in real time.

____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.