What is Paula seeing happen on this computer?
Paula works as the primary help desk contact for her company.Paula has just received a call from
a user reporting that his computer just displayed a Blue Screen of Death screen and he can no
longer work.Paula
walks over to the users computer and sees the Blue Screen of Death screen.The users computer
is running
Windows XP, but the Blue Screen looks like a familiar one that Paula had seen on Windows 2000
computers periodically. The user said he stepped away from his computer for only 15 minutes and
when he got back, the Blue Screen was there.Paula also noticed that the hard drive activity light
was flashing, meaning that the computer was processing something.Paula knew this should not be
the case since the computer should be completely frozen during a Blue Screen. She checks the
network IDS live log entries and notices numerous nmap scan alerts.
What is Paula seeing happen on this computer?
What is the advantage in encrypting the communication between the agent and the monitor in an Intrusion Detect
What is the advantage in encrypting the communication between the agent and the monitor in an
Intrusion Detection System?
Which legal document allows law enforcement to search an office, place of business, or other locale for eviden
Which legal document allows law enforcement to search an office, place of business, or other
locale for evidence relating to an alleged crime?
How will these forms be stored to help preserve the chain of custody of the case?
You are working as an investigator for a corporation and you have just received instructions from
your manager to assist in the collection of 15 hard drives that are part of an ongoing investigation.
Your job is to complete the required evidence custody forms to properly document each piece of
evidence as it is collected by other members of your team. Your manager instructs you to
complete one multi-evidence form for the entire case and a single-evidence form for each hard
drive. How will these forms be stored to help preserve the chain of custody of the case?
The MD5 program is used to:
The MD5 program is used to:
Which is a standard procedure to perform during all computer forensics investigations?
Which is a standard procedure to perform during all computer forensics investigations?
which of the following information to help you in your investigation?
E-mail logs contain which of the following information to help you in your investigation? (Select up
to 4)
what type of user is most likely to have the most file slack to analyze?
In a forensic examination of hard drives for digital evidence, what type of user is most likely to
have the most file slack to analyze?
what way do the procedures for dealing with evidence in a criminal case differ from the procedures for dealing
In what way do the procedures for dealing with evidence in a criminal case differ from the
procedures for dealing with evidence in a civil case?
What can you do to prove that the evidence is the same as it was when it first entered the lab?
You are assigned to work in the computer forensics lab of a state police agency. While working on
a high profile criminal case, you have followed every applicable procedure, however your boss is
still concerned that the defense attorney might question weather evidence has been changed
while at the laB. What can you do to prove that the evidence is the same as it was when it first
entered the lab?