Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 24: Forensic Techniques

Full screen (f)
exit full mode
Question
The ____________________ is a written record of all interaction with the evidence from the moment it is acquired to the moment it is released.
Use Space or
up arrow
down arrow
to flip the card.
Question
____________________ tools are programs designed to look at specific data structures within the operating system.
Question
The ____ file is used by the system to assist with virtual memory paging and is quite large.

A) Hiberfil.sys
B) IO.sys
C) Virtfile.sys
D) Pagefile.sys
Question
____ will search through a file or folder and report on all the ASCII strings it finds.

A) Ascii.exe
B) Strings.exe
C) Names.exe
D) Parse.exe
Question
Each RP folder contains a set of files that were changed since the last Restore Point.
Question
A forensic examiner must be familiar with the structure and operation of different file systems and operating systems.
Question
____ is a very common file system used by computers and is supported by many different operating systems.

A) File Allocation Table
B) File Arrangement Table
C) File Allocation Tree
D) File Attribute Tree
Question
The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.
Question
A ____ is a hardware device or software program designed to prevent any write operations from taking place on the original media.

A) read-blocker
B) selective write filter
C) selective filter
D) write-blocker
Question
A ____ contains a copy of the Registry that existed at the time the Restore Point was created.

A) snapshot folder
B) registry directory
C) hive folder
D) revert folder
Question
A ____ of a hard disk is a bit by bit duplicate, including the boot sector, the partition table, all partitions, hidden files, bad sectors, and even the unallocated space on the hard drive.

A) usable copy
B) forensic copy
C) bit copy
D) file copy
Question
A network of honeypots is called a(n) ____________________.
Question
Working with the Registry is easy for the inexperienced user.
Question
Using the System Reset tool a Restore Point may be chosen and the system returned back to that point in time.
Question
Information that is transferred to an external device should also have a(n) ____ calculated to verify integrity during collection and at a later date.

A) MD5 hash
B) RC4 hash
C) DES hash
D) RSA hash
Question
The ____ file is used when Windows goes into hibernation.

A) Hiberfil.sys
B) Pagefile.sys
C) IO.sys
D) BOOT.INI
Question
The FAT stores files in dynamic chains of ____________________.
Question
The ____________________ contains items that were recently deleted from a Windows computer system.
Question
The ____ provides the platform on which computer hardware is managed and made available to the computer software applications.

A) application software
B) network software
C) operating system
D) router software
Question
The printer spool files will have extensions of ____.

A) .ips and .ipl
B) .spl and .ips
C) .spl and .shd
D) .spl and .splx
Question
List the skills that you need to become proficient at analyzing malware.
Question
Match between columns
Premises:
Responses:
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
CSIRT
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Slack space
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Restore Point
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Regular expression
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Honeypot
A computer that is made deliberately vulnerable in order to make it attractive to hackers
CSIRT
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Slack space
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Restore Point
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Regular expression
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Honeypot
A symbolic representation of a family of strings that can be generated from the expression
CSIRT
A symbolic representation of a family of strings that can be generated from the expression
Slack space
A symbolic representation of a family of strings that can be generated from the expression
Restore Point
A symbolic representation of a family of strings that can be generated from the expression
Regular expression
A symbolic representation of a family of strings that can be generated from the expression
Honeypot
The part of a cluster that is not used when a file is written to it
CSIRT
The part of a cluster that is not used when a file is written to it
Slack space
The part of a cluster that is not used when a file is written to it
Restore Point
The part of a cluster that is not used when a file is written to it
Regular expression
The part of a cluster that is not used when a file is written to it
Honeypot
A snapshot of the state of the system at a point in time
CSIRT
A snapshot of the state of the system at a point in time
Slack space
A snapshot of the state of the system at a point in time
Restore Point
A snapshot of the state of the system at a point in time
Regular expression
A snapshot of the state of the system at a point in time
Honeypot
Question
What is the pre-incident preparation that must take place for a CSIRT?
Question
List five laws that have been put into effect to help monitor and control the use of electronic communication systems and computers as well as provide guidelines for prosecution of computer and information-related crimes.
Question
List UNIX/Linux systems files that are of particular interest to the forensic examiner.
Question
List the steps in the incident response process.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/26
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 24: Forensic Techniques
1
The ____________________ is a written record of all interaction with the evidence from the moment it is acquired to the moment it is released.
chain of custody
2
____________________ tools are programs designed to look at specific data structures within the operating system.
Data collection
3
The ____ file is used by the system to assist with virtual memory paging and is quite large.

A) Hiberfil.sys
B) IO.sys
C) Virtfile.sys
D) Pagefile.sys
D
4
____ will search through a file or folder and report on all the ASCII strings it finds.

A) Ascii.exe
B) Strings.exe
C) Names.exe
D) Parse.exe
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
5
Each RP folder contains a set of files that were changed since the last Restore Point.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
6
A forensic examiner must be familiar with the structure and operation of different file systems and operating systems.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
7
____ is a very common file system used by computers and is supported by many different operating systems.

A) File Allocation Table
B) File Arrangement Table
C) File Allocation Tree
D) File Attribute Tree
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
8
The first thing you want to do before analyzing network traffic is make sure you have permission to look at it.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
9
A ____ is a hardware device or software program designed to prevent any write operations from taking place on the original media.

A) read-blocker
B) selective write filter
C) selective filter
D) write-blocker
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
10
A ____ contains a copy of the Registry that existed at the time the Restore Point was created.

A) snapshot folder
B) registry directory
C) hive folder
D) revert folder
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
11
A ____ of a hard disk is a bit by bit duplicate, including the boot sector, the partition table, all partitions, hidden files, bad sectors, and even the unallocated space on the hard drive.

A) usable copy
B) forensic copy
C) bit copy
D) file copy
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
12
A network of honeypots is called a(n) ____________________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
13
Working with the Registry is easy for the inexperienced user.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
14
Using the System Reset tool a Restore Point may be chosen and the system returned back to that point in time.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
15
Information that is transferred to an external device should also have a(n) ____ calculated to verify integrity during collection and at a later date.

A) MD5 hash
B) RC4 hash
C) DES hash
D) RSA hash
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
16
The ____ file is used when Windows goes into hibernation.

A) Hiberfil.sys
B) Pagefile.sys
C) IO.sys
D) BOOT.INI
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
17
The FAT stores files in dynamic chains of ____________________.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
18
The ____________________ contains items that were recently deleted from a Windows computer system.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
19
The ____ provides the platform on which computer hardware is managed and made available to the computer software applications.

A) application software
B) network software
C) operating system
D) router software
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
20
The printer spool files will have extensions of ____.

A) .ips and .ipl
B) .spl and .ips
C) .spl and .shd
D) .spl and .splx
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
21
List the skills that you need to become proficient at analyzing malware.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
22
Match between columns
Premises:
Responses:
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
CSIRT
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Slack space
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Restore Point
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Regular expression
A group of individuals at an organization responsible for detecting, investigating, solving, and documenting computer security incidents
Honeypot
A computer that is made deliberately vulnerable in order to make it attractive to hackers
CSIRT
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Slack space
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Restore Point
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Regular expression
A computer that is made deliberately vulnerable in order to make it attractive to hackers
Honeypot
A symbolic representation of a family of strings that can be generated from the expression
CSIRT
A symbolic representation of a family of strings that can be generated from the expression
Slack space
A symbolic representation of a family of strings that can be generated from the expression
Restore Point
A symbolic representation of a family of strings that can be generated from the expression
Regular expression
A symbolic representation of a family of strings that can be generated from the expression
Honeypot
The part of a cluster that is not used when a file is written to it
CSIRT
The part of a cluster that is not used when a file is written to it
Slack space
The part of a cluster that is not used when a file is written to it
Restore Point
The part of a cluster that is not used when a file is written to it
Regular expression
The part of a cluster that is not used when a file is written to it
Honeypot
A snapshot of the state of the system at a point in time
CSIRT
A snapshot of the state of the system at a point in time
Slack space
A snapshot of the state of the system at a point in time
Restore Point
A snapshot of the state of the system at a point in time
Regular expression
A snapshot of the state of the system at a point in time
Honeypot
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
23
What is the pre-incident preparation that must take place for a CSIRT?
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
24
List five laws that have been put into effect to help monitor and control the use of electronic communication systems and computers as well as provide guidelines for prosecution of computer and information-related crimes.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
25
List UNIX/Linux systems files that are of particular interest to the forensic examiner.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
26
List the steps in the incident response process.
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 26 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree