When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardw
When using Windows acquisitions tools to acquire digital evidence, it is important to use a well- tested hardware write-blocking device to _________
Where are files temporarily written in Unix when printing?
Where are files temporarily written in Unix when printing?
You inform the officer that you will not be able to comply with that request because doing so would:
You are working as a computer forensics investigator for a corporation on a computer abuse case. You discover evidence that shows the subject of your investigation is also embezzling money from the company. The company CEO and the corporate legal counsel advise you to contact local law enforcement and provide them with the evidence that you have found. The law enforcement officer that responds requests that you put a network sniffer on your network and monitor all traffic to the subject computer.
You inform the officer that you will not be able to comply with that request because doing so would:
what layer of the OSI model?
Sniffers that place NICs in promiscuous mode work at what layer of the OSI model?
What is a virtual environment?
Jones had been trying to penetrate a remote production system for the past two weeks. This time however, he is able to get into the system. He was able to use the system for a period of three weeks. However law enforcement agencies were recording his every activity and this was later presented as evidence. The organization had used a virtual environment to trap Jones.
What is a virtual environment?
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was
Which forensic investigating concept trails the whole incident from how the attack began to how the victim was affected?
what layer of the OSI model are you monitoring while watching traffic to and from the router?
You have been called in to help with an investigation of an alleged network intrusion. After questioning the members of the company IT department, you search through the server log files to find any trace of the intrusion. After that you decide to telnet into one of the company routers to see if there is any evidence to be found. While connected to the router, you see some unusual activity and believe that the attackers are currently connected to that router. You start up an ethereal session to begin capturing traffic on the router that could be used in the investigation.
At what layer of the OSI model are you monitoring while watching traffic to and from the router?
What binary coding is used most often for e-mail purposes?
What binary coding is used most often for e-mail purposes?
The newer Macintosh Operating System (MacOS X) is based on:
The newer Macintosh Operating System (MacOS X) is based on:
you need to make to ensure that the evidence found is complete and admissible in future proceedings?
You are working as an independent computer forensics investigator and receive a call from a systems administrator for a local school system requesting your assistance. One of the students at the local high school is suspected of downloading inappropriate images from the Internet to a PC in the Computer Lab. When you arrive at the school, the systems administrator hands you a hard drive and tells you that he made a imple PC in the Computer Lab.
What type of copy do you need to make to ensure that the evidence found is complete and admissible in future proceedings?