Which of the following formats correctly specifies thes…
You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the
primary hard drive. Which of the following formats correctly specifies these sectors?
What have you found?
You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML,
DHTML, and other web-based languages and how they have evolved over the years.
You navigate to archive. org and view the HTML code of news.com. You then navigate to the current
news.com website and copy over the source code. While searching through the code, you come across
something abnormal: What have you found?
How many characters long is the fixed-length MD5 algori…
How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?
what describes the route that evidence takes from the t…
In a computer forensics investigation, what describes the route that evidence takes from the time you find it
until the case is closed or goes to court?
what would you infer?
Item 2If you come across a sheepdip machine at your client site, what would you infer?
statute authorizes this phone call and obligates the IS…
When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to
request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this
phone call and obligates the ISP to preserve e-mail records?
What caused this?
You find the following entries in your web log. Each shows attempted access to either root.exe or cmd.exe.
What caused this? GET /scripts/root.exe?/c+dir
GET /MSADC/root.exe?/c+dir
GET /c/winnt/system32/cmd.exe?/c+dir
GET /d/winnt/system32/cmd.exe?/c+dir
GET /scripts/..%
5c../winnt/system32/cmd.exe?/c+dir
GET /_vti_bin/..%5c../..%5c../..%
5c../winnt/system32/cmd.exe?/c+dir
GET /_mem_bin/..%5c../..%5c../..%
5c../winnt/system32/cmd.exe?/c+dir
GET /msadc/..%5c../..%5c../..%
5c/..xc1x1c../..xc1x1c../..xc1x1c../winnt/system32/cmd.exe?/c+dir GET /scripts/..xc1x1c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..xc0/../winnt/system32/cmd.exe?/c+dir
GET /scripts/..xc0xaf../winnt/system32/cmd.exe?/c+dir
GET /scripts/..xc1x9c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%
35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%
35c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%
5c../winnt/system32/cmd.exe?/c+dir
GET /scripts/..%
2f../winnt/system32/cmd.exe?/c+dir
What is the TTL?
One of your team members has asked you to analyze the following SOA record. What is the TTL? Rutgers.edu. SOA NS1.Rutgers.edu ipad.college.edu (200302028 3600 3600 604800 2400.
Study the log below and identify the scan type.
Study the log below and identify the scan type.
tcpdump -vv host 192.168.1.10
17:34:45.802163 eth0 victim: ip-proto-117 0 (ttl 48, id 36166)
17:34:45.802216 eth0 victim: ip-proto-25 0 (ttl 48, id 33796)
17:34:45.802266 eth0 victim: ip-proto-162 0 (ttl 48, id 47066)
17:34:46.111982 eth0 victim: ip-proto-74 0 (ttl 48, id 35585)
17:34:46.112039 eth0 victim: ip-proto-117 0 (ttl 48, id 32834)
17:34:46.112092 eth0 victim: ip-proto-25 0 (ttl 48, id 26292)
17:34:46.112143 eth0 victim: ip-proto-162 0 (ttl 48, id 51058)
tcpdump -vv -x host 192.168.1.10
17:35:06.731739 eth0 victim: ip-proto-130 0 (ttl 59, id 42060) 4500 0014 a44c 0000 3b82 57b8 c0a8 010a c0a8 0109 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
which among the following would be appropriate?
Exhibit Study the log given in the exhibit, Precautionary measures to prevent this attack would include writing firewall rules. Of these firewall rules, which among the following would be appropriate?