Simon is a former employee of Trinitron XML Inc. He feels he was wrongly terminated and wants to hack into
his former company’s network. Since Simon remembers some of the server names, he attempts to run the axfr
and ixfr commands using DIG. What is Simon trying to accomplish here?

When you are running a vulnerability scan on a network and the IDS cuts off your connection, what type of IDS
is being used?

Which of the following file system is used by Mac OS X?

Hackers can gain access to Windows Registry and manipulate user passwords, DNS settings, access rights or
others features that they may need in order to accomplish their objectives. One simple method for loading an
application at startup is to add an entry (Key) to the following Registry Hive:

You are a computer forensics investigator working with local police department and you are called to assist in
an investigation of threatening emails. The complainant has printer out 27 email messages from the suspect
and gives the printouts to you. You inform her that you will need to examine her computer because you need
access to the _________________________ in order to track the emails back to the suspect.

The rule of thumb when shutting down a system is to pull the power plug. However, it has certain drawbacks.
Which of the following would that be?

The efforts to obtain information before a trail by demanding documents, depositions, questioned and answers
written under oath, written requests for admissions of fact and examination of the scene is a description of
what legal term?

Microsoft Outlook maintains email messages in a proprietary format in what type of file?

Law enforcement officers are conducting a legal search for which a valid warrant was obtained.
While conducting the search, officers observe an item of evidence for an unrelated crime that was not included
in the warrant. The item was clearly visible to the officers and immediately identified as evidence. What is the
term used to describe how this evidence is admissible?

You are working as an independent computer forensics investigator and receive a call from a systemsadministrator for a local school system requesting your assistance. One of the students at the local high school
is suspected of downloading inappropriate images from the Internet to a PC in the Computer lab. When you
arrive at the school, the systems administrator hands you a hard drive and tells you that he made a simple
backup copy of the hard drive in the PC and put it on this drive and requests that you examine that drive for
evidence of the suspected images. You inform him that a simple backup copy will not provide deleted files or
recover file fragments.
What type of copy do you need to make to ensure that the evidence found is complete and admissible in future
proceedings?