Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 14: Introduction to Forensics

Full screen (f)
exit full mode
Question
Windows stores information on web address,search queries,and recently opened files in a file called___________.

A)internet.txt
B)index.dat
C)default.dat
D)explore.exe
Use Space or
up arrow
down arrow
to flip the card.
Question
Windows stores web browsing information in a file called index.dat.
Question
netstat is a command you can use with a forensic copy of a machine to compare two files.
Question
Frequently the first responder to a computer crime is ________.

A)The network administrator
B)A law enforcement officer
C)The news media
D)None of the above
Question
Usually,the first thing you do to a computer to prevent further tampering is to _________.

A)Make a backup.
B)Make a copy.
C)Take it offline.
D)Lock it in a secure room.
Question
If you fail to handle evidence properly ___________.

A)You may damage the hard drive.
B)It may be unusable in court.
C)Law enforcement may not look at it.
D)None of the above.
Question
The Windows command fc lists all active sessions to the computer.
Question
Windows logging can be turned on and off with a tool called auditpol.exe.
Question
Using Linux to backup your hard drive,if you want to create a hash,you would use the command-line command ___________.

A)cc
B)dd
C)nd
D)md5sum
Question
In Linux the command to set up a target forensics server to receive a copy of a drive is dd.
Question
_________ can include logs,portable storage,emails,tablets,and cell phones.

A)Computer evidence
B)Ancillary hardware
C)Network devices
D)None of the above
Question
You may use Linux to make a ______________ of the hard drive.

A)Bootable copy
B)Screen shot
C)New version
D)Forensically valid copy
Question
In Windows,the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log.

A)Application
B)System
C)Forwardedevents
D)Applications and services
Question
Most Windows logs are turned on automatically.
Question
The chain of custody accounts for the handling of evidence and documents that handling.
Question
The Windows Registry lists USB devices that have been connected to the machine.
Question
Frequently the first responder to a computer crime is the network administrator.
Question
Documentation of every person who had access to evidence,how they interacted with it,and where it was stored is called the ________________.

A)Forensic trail
B)Chain of custody
C)Audit trail
D)None of the above
Question
Using Linux to wipe the target drive,the command-line command would be ___ .

A)cc
B)dd
C)nd
D)md5sum
Question
The Windows Registry contains a list of USB devices that have been connected to the machine.
Question
In Windows the log that contains events collected from remote computers is the ____________ log.

A)Application
B)System
C)Forwardedevents
D)Applications and services
Question
_______ is a free tool that can be used to recover Windows files.

A)SearchIt
B)Disk Digger
C)FileRecover
D)None of the above
Question
The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________.

A)/var/log/kern.log
B)/var/log/apache2/*
C)/var/log/lighttpd/*
D)/var/log/apport.log
Question
The Linux log file that contains activity related to the web server is ______.

A)/var/log/kern.log
B)/var/log/apache2/*
C)/var/log/lighttpd/*
D)/var/log/apport.log
Question
The Windows command to list any shared files that are currently open is ___________.

A)openfiles
B)fc
C)netstat
D)None of the above
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/25
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 14: Introduction to Forensics
1
Windows stores information on web address,search queries,and recently opened files in a file called___________.

A)internet.txt
B)index.dat
C)default.dat
D)explore.exe
B
2
Windows stores web browsing information in a file called index.dat.
True
3
netstat is a command you can use with a forensic copy of a machine to compare two files.
False
4
Frequently the first responder to a computer crime is ________.

A)The network administrator
B)A law enforcement officer
C)The news media
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
5
Usually,the first thing you do to a computer to prevent further tampering is to _________.

A)Make a backup.
B)Make a copy.
C)Take it offline.
D)Lock it in a secure room.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
6
If you fail to handle evidence properly ___________.

A)You may damage the hard drive.
B)It may be unusable in court.
C)Law enforcement may not look at it.
D)None of the above.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
7
The Windows command fc lists all active sessions to the computer.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
8
Windows logging can be turned on and off with a tool called auditpol.exe.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
9
Using Linux to backup your hard drive,if you want to create a hash,you would use the command-line command ___________.

A)cc
B)dd
C)nd
D)md5sum
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
10
In Linux the command to set up a target forensics server to receive a copy of a drive is dd.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
11
_________ can include logs,portable storage,emails,tablets,and cell phones.

A)Computer evidence
B)Ancillary hardware
C)Network devices
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
12
You may use Linux to make a ______________ of the hard drive.

A)Bootable copy
B)Screen shot
C)New version
D)Forensically valid copy
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
13
In Windows,the log that stores events from a single application or component rather than events that might have system wide impact is the ____________ log.

A)Application
B)System
C)Forwardedevents
D)Applications and services
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
14
Most Windows logs are turned on automatically.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
15
The chain of custody accounts for the handling of evidence and documents that handling.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
16
The Windows Registry lists USB devices that have been connected to the machine.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
17
Frequently the first responder to a computer crime is the network administrator.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
18
Documentation of every person who had access to evidence,how they interacted with it,and where it was stored is called the ________________.

A)Forensic trail
B)Chain of custody
C)Audit trail
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
19
Using Linux to wipe the target drive,the command-line command would be ___ .

A)cc
B)dd
C)nd
D)md5sum
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
20
The Windows Registry contains a list of USB devices that have been connected to the machine.
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
21
In Windows the log that contains events collected from remote computers is the ____________ log.

A)Application
B)System
C)Forwardedevents
D)Applications and services
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
22
_______ is a free tool that can be used to recover Windows files.

A)SearchIt
B)Disk Digger
C)FileRecover
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
23
The Linux log file that can reveal attempts to compromise the system or the presence of a virus or spyware is ______________.

A)/var/log/kern.log
B)/var/log/apache2/*
C)/var/log/lighttpd/*
D)/var/log/apport.log
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
24
The Linux log file that contains activity related to the web server is ______.

A)/var/log/kern.log
B)/var/log/apache2/*
C)/var/log/lighttpd/*
D)/var/log/apport.log
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
25
The Windows command to list any shared files that are currently open is ___________.

A)openfiles
B)fc
C)netstat
D)None of the above
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 25 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree