When should an MD5 hash check be performed when processing evidence?

To check for POP3 traffic using Ethereal, what port should an investigator search by?

John is working on his company policies and guidelines. The section he is currently working on covers
company documents; how they should be handled, stored, and eventually destroyed. John is concerned about
the process whereby outdated documents are destroyed. What type of shredder should John write in the
guidelines to be used when destroying documents?

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

How often must a company keep log files for them to be admissible in a court of law?

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over
50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and
integrity of the technical log files gathered in an investigation into computer fraud. What is the term used for
Jacob testimony in this case?

Where is the default location for Apache access logs on a Linux computer?

What method of copying should always be performed first before carrying out an investigation?

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a
computer at a local web caf purportedly used as a botnet server. John thoroughly scans the computer and
finds nothing that would lead him to think the computer was a botnet server. John decides to scan the virtual
memory of the computer to possibly find something he had missed. What information will the virtual memory
scan produce?

What technique is used by JPEGs for compression?