To check for POP3 traffic using Ethereal, what port should an investigator search by?

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed.

What type of shredder should John write in the guidelines to be used when destroying documents?

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

How often must a company keep log files for them to be admissible in a court of law?

Jacob is a computer forensics investigator with over 10 years experience in investigations and has written over 50 articles on computer forensics. He has been called upon as a qualified witness to testify the accuracy and integrity of the technical log files gathered in an investigation into computer fraud.

What is the term used for Jacob testimony in this case?

Where is the default location for Apache access logs on a Linux computer?

In conducting a computer abuse investigation you become aware that the suspect of the investigation is using ABC Company as his Internet Service Provider (ISP). You contact the ISP and request that they provide you assistance with your investigation.

What assistance can the ISP provide?

What method of copying should always be performed first before carrying out an investigation?

Which is a standard procedure to perform during all computer forensics investigations?

John is working as a computer forensics investigator for a consulting firm in Canada. He is called to seize a computer at a local web caf John is working as a computer forensics investigator for a consulting firm in Canada. John thoroughly scans the computer and finds nothing that would lead him to think the computer was a botnet server.
John decides to scan the virtual memory of the computer to possibly find something he had missed.

What information will the virtual memory scan produce?