What does mactime, an essential part of the coroner's toolkit do?
What does mactime, an essential part of the coroner's toolkit do?A . It traverses the file system and produces a listing of all files based on the modification, access and change timestampsB . It can recover deleted file space and search it for data. However, it does not allow the...
Why is that?
After passing her CEH exam, Carol wants to ensure that her network is completely secure. She implements a DMZ, stateful firewall, NAT, IPSEC, and a packet filtering firewall. Since all security measures were taken, none of the hosts on her network can reach the Internet . Why is that?A ....
What do you do?
You are working as Computer Forensics investigator and are called by the owner of an accounting firm to investigate possible computer abuse by one of the firm’s employees. You meet with the owner of the firm and discover that the company has never published a policy stating that they reserve...
If a suspect computer is located in an area that may have toxic chemicals, you must:
If a suspect computer is located in an area that may have toxic chemicals, you must:A . coordinate with the HAZMAT teamB . determine a way to obtain the suspect computerC . assume the suspect machine is contaminatedD . do not enter aloneView AnswerAnswer: A
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?
Which of the following refers to the data that might still exist in a cluster even though the original file has been overwritten by another file?A . SectorB . MetadataC . MFTD . Slack SpaceView AnswerAnswer: D
What will the following command accomplish?
What will the following command accomplish?A . Test ability of a router to handle over-sized packetsB . Test the ability of a router to handle under-sized packetsC . Test the ability of a WLAN to handle fragmented packetsD . Test the ability of a router to handle fragmented packetsView AnswerAnswer:...
How would you answer?
You just passed your ECSA exam and are about to start your first consulting job running security audits for a financial institution in Los Angeles. The IT manager of the company you will be working for tries to see if you remember your ECSA class. He asks about the methodology...
You should make at least how many bit-stream copies of a suspect drive?
You should make at least how many bit-stream copies of a suspect drive?A . 1B . 2C . 3D . 4View AnswerAnswer: B
Which firewall would be most appropriate for Harold? needs?
Harold wants to set up a firewall on his network but is not sure which one would be the most appropriate. He knows he needs to allow FTP traffic to one of the servers on his network, but he wants to only allow FTP-PUT . Which firewall would be most...
What do you think would be the next sequence of events?
Chris has been called upon to investigate a hacking incident reported by one of his clients. The company suspects the involvement of an insider accomplice in the attack. Upon reaching the incident scene, Chris secures the physical area, records the scene using visual media. He shuts the system down by...