The MD5 program is used to:
The MD5 program is used to:
Which is a standard procedure to perform during all computer forensics investigations?
Which is a standard procedure to perform during all computer forensics investigations?
which of the following information to help you in your investigation?
E-mail logs contain which of the following information to help you in your investigation? (Select up
to 4)
what type of user is most likely to have the most file slack to analyze?
In a forensic examination of hard drives for digital evidence, what type of user is most likely to
have the most file slack to analyze?
what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing
In what way do the procedures for dealing with evidence in a criminal case differ from the
procedures for dealing with evidence in a civil case?
What can you do to prove that the evidence is the same as it was when it first entered the lab?
You are assigned to work in the computer forensics lab of a state police agency. While working on
a high profile criminal case, you have followed every applicable procedure, however your boss is
still concerned that the defense attorney might question weather evidence has been changed
while at the laB. What can you do to prove that the evidence is the same as it was when it first
entered the lab?
which among the following would be appropriate?
Study the log given below and answer the following question: Apr 24 14:46:46 [4663]:
spp_portscan: portscan detected from 194.222.156.169 Apr 24 14:46:46 [4663]: IDS27/FIN Scan:
194.222.156.169:56693 -> 172.16.1.107:482 Apr 24 18:01:05 [4663]: IDS/DNS-version-query:
212.244.97.121:3485 -> 172.16.1.107:53 Apr 24 19:04:01 [4663]: IDS213/ftp-passwd-retrieval:
194.222.156.169:1425 -> 172.16.1.107:21 Apr 25 08:02:41 [5875]: spp_portscan: PORTSCAN
DETECTED from 24.9.255.53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query:
63.226.81.13:4499 -> 172.16.1.107:53 Apr 25 02:08:07 [5875]: IDS277/DNS-version-query:
63.226.81.13:4630 -> 172.16.1.101:53 Apr 25 02:38:17 [5875]: IDS/RPC-rpcinfo-query:
212.251.1.94:642 -> 172.16.1.107:111 Apr 25 19:37:32 [5875]: IDS230/web-cgi-space-wildcard:
198.173.35.164:4221 -> 172.16.1.107:80 Apr 26 05:45:12 [6283]: IDS212/dns-zone-transfer:
38.31.107.87:2291 -> 172.16.1.101:53 Apr 26 06:43:05 [6283]: IDS181/nops-x86:
63.226.81.13:1351 -> 172.16.1.107:53 Apr 26 06:44:25 victim7 PAM_pwdb[12509]: (login) session
opened for user simple by (uid=0) Apr 26 06:44:36 victim7 PAM_pwdb[12521]: (su) session
opened for user simon by simple(uid=506) Apr 26 06:45:34 [6283]: IDS175/socks-probe:
24.112.167.35:20 -> 172.16.1.107:1080 Apr 26 06:52:10 [6283]: IDS127/telnet-login-incorrect:
172.16.1.107:23 -> 213.28.22.189:4558 Precautionary measures to prevent this attack would
include writing firewall rules. Of these firewall rules,
which among the following would be appropriate?
What is the name of the service used to synchronize time among multiple computers?
When monitoring for both intrusion and security events between multiple computers, it is essential
that the computers clocks are synchronize D. Synchronized time allows an administrator to
reconstruct what took place during an attack against multiple computers. Without synchronized
time, it is very difficult to determine exactly when specific events took place, and how events
interlace. What is the name of the service used to synchronize time among multiple computers?
what is your first step in the investigation?
When investigating a potential e-mail crime, what is your first step in the investigation?
If a suspect computer is located in an area that may have toxic chemicals, you must:
If a suspect computer is located in an area that may have toxic chemicals, you must: