- All Exams Instant Download
What is the term used to describe how this evidence is admissible?
Law enforcement officers are conducting a legal search for which a valid warrant was obtained. While conducting the search, officers observe an item of evidence for an unrelated crime that was not included in the warrant. The item was clearly visible to the officers and immediately identified as evidence ....
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:
With Regard to using an Antivirus scanner during a computer forensics investigation, You should:A . Scan the suspect hard drive before beginning an investigationB . Never run a scan on your forensics workstation because it could change your systems configurationC . Scan your forensics workstation at intervals of no more...
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?A . The system files have been copied by a remote attackerB . The system administrator has created an incremental backupC . The system has been compromised using a t0rnrootkitD ....
When you carve an image, recovering the image depends on which of the following skills?
When you carve an image, recovering the image depends on which of the following skills?A . Recognizing the pattern of the header contentB . Recovering the image from a tape backupC . Recognizing the pattern of a corrupt fileD . Recovering the image from the tape backupView AnswerAnswer: A
This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.
This is original file structure database that Microsoft originally designed for floppy disks. It is written to the outermost track of a disk and contains information about each file stored on the drive.A . Master Boot Record (MBR)B . Master File Table (MFT)C . File Allocation Table (FAT)D . Disk...
What type of Penetration Testing is Larry planning to carry out?
Larry is an IT consultant who works for corporations and government agencies. Larry plans on shutting down the city's network using BGP devices and zombies? What type of Penetration Testing is Larry planning to carry out?A . Router Penetration TestingB . DoS Penetration TestingC . Firewall Penetration TestingD . Internal...
In what state are these ports?
Michael works for Kimball Construction Company as senior security analyst. As part of yearly security audit, Michael scans his network for vulnerabilities. Using Nmap, Michael conducts XMAS scan and most of the ports scanned do not give a response. In what state are these ports?A . ClosedB . OpenC ....
Corporate investigations are typically easier than public investigations because:
Corporate investigations are typically easier than public investigations because:A . the users have standard corporate equipment and softwareB . the investigator does not have to get a warrantC . the investigator has to get a warrantD . the users can load whatever they want on their machinesView AnswerAnswer: B
When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:
When examining a hard disk without a write-blocker, you should not start windows because Windows will write data to the:A . Recycle BinB . MSDOC . sysD . BIOSE . Case filesView AnswerAnswer: A
Which of the following are you most interested in when trying to trace the source of the message?
You have been asked to investigate after a user has reported a threatening e-mail they have received from an external source . Which of the following are you most interested in when trying to trace the source of the message?A . The X509 AddressB . The SMTP reply AddressC ....
