Computer Theory Quiz: NTFS and Data Management

Questions and Answers

What is the main focus of the section titled 'Computer Theory'?

• Hardware architecture
• User interface design
• Data representation and file systems (correct)
• Network protocols

Which sub-section under 'Notable Artifacts' deals specifically with image metadata?

• Thumbcache
• Program Log Files
• Shellbags
• EXIF Data (correct)

What technique is discussed in the section 'Decryption Attacks'?

• Network traffic analysis
• Social engineering tactics
• Methods used to circumvent encrypted data (correct)
• Physical damage to hardware

In which section would you find details about the Windows Event Viewer?

Notable Artifacts (D)

What is the primary purpose of the Windows Registry as indicated in the content?

To store configuration settings and options (A)

Which of the following is NOT mentioned as a type of evidence collection method?

Physical extraction of hard drives (C)

What aspect of USB devices is covered in the content?

USB Device History (A)

Which sub-section of 'Collecting Evidence' focuses on the state of the device?

When the Device Is Off (A), When the Device Is On (B)

What is the primary function of Windows Event Viewer?

To log program, security, and system events (B)

Where are Windows event logs typically stored?

In the \systemroot\ProgramData directory (C)

What type of logs are stored under the 'Security' category in Windows Event Viewer?

Audit logs indicating success or failure (A)

Which of the following log types is NOT a common classification found in Windows Event Viewer?

User Activity (B)

What role do application developers play concerning the logs generated by their applications?

They dictate how logging is managed (D)

What type of information can you find in the 'Application' logs of Windows Event Viewer?

Logs sent from applications (D)

Which of the following categories of logs would contain system component logs?

System logs (D)

In the context of Windows Event Viewer, what can be categorized under 'Information' logs?

General application performance data (B)

What is the primary purpose of a public key in asymmetric encryption?

To encrypt messages intended for the key owner (A)

Which statement accurately describes a hash function?

It produces a fixed-length output from variable-length input. (B)

What property must a secure hash function exhibit to prevent finding two inputs producing the same output?

Collision resistance (C)

What is the significance of the private key in asymmetric encryption?

It is used exclusively for decrypting messages encrypted with the public key. (D)

How is data integrity verified using hashing?

By comparing hash values between sender and recipient (B)

In which scenario is hashing primarily utilized?

To create a unique fingerprint for data integrity (C)

What is an essential characteristic of a secure hash function regarding reversibility?

It must be impossible to reverse the hash back to plain text. (A)

Which of the following statements about password storage using hashing is true?

Hashed passwords ensure that even if accessed, the original passwords cannot be derived. (D)

What defines a true cybercrime based on the definition provided?

Crimes using computers to commit acts against other computers (D)

What is necessary for an act to be classified as a cybercrime?

Knowledge of computer systems and tools to commit the act (B)

What distinguishes a cyber aided crime from a true cybercrime?

Cyber aided crimes can use online methods to facilitate traditional crimes (A)

According to the discussed definition, what is an example of cybercrime?

Denial of service attacks (C)

Why is it important for investigators to understand whether a crime is online or offline?

To know where to look for evidence (A)

What does the model discussed about fraud suggest?

Fraud can occur through various delivery methods, including digital and non-digital (A)

What characterizes the criminals committing cybercrimes based on the provided discussion?

They typically lack significant computer skills (B)

What role do means, motive, and opportunity play in the context of cybercrime?

They help in profiling potential suspects for cybercrimes (D)

What occurs in the NTFS file system when a file is deleted?

The file is marked as deleted but can still be recovered using certain methods. (B)

What distinguishes resident files from non-resident files in a file system?

Resident files are stored entirely within the file system metadata. (A)

Why is it important to understand the difference between little-endian and big-endian formats?

It determines how multi-byte values are stored in memory. (B)

How can you find out the time zone setting of your computer?

By utilizing the registry editor (regedit). (B)

What is the primary purpose of hashing in computing?

To create a unique fixed-size output from variable-sized input data. (D)

What signifies a secure hash algorithm?

It should withstand collision attacks and produce unique outputs. (C)

What are forensic artifacts in the context of digital forensics?

They include pieces of information with significant forensic value. (A)

What is a challenge associated with forensic artifacts in Windows operating systems?

Their functionality is often confusing due to lack of documentation. (A)

Study Notes

Computer Theory

• Secondary Storage Media: Essential for data retention and management.
• NTFS File System: Key file system for Windows, critical for file structure organization and data recovery.
• File Structure: Defines how data is stored and accessed.
• Data Representation: Key for understanding how data is encoded and processed.
• Windows Registry: Central database for storing configuration settings and options for the operating system and installed applications.
• Encryption and Hashing: Important for data security; involves transforming data into a secure format and verifying data integrity.
• Memory and Paging: Relates to how the OS manages RAM and disk space.
• Questions and Tasks: Encourage review and application of concepts.

Notable Artifacts

• Metadata: Essential information associated with files; can reveal important details about file usage and history.
• EXIF Data: Stores metadata for images, including camera settings and timestamps.
• Prefetch: Helps speed up application loading by storing data related to app execution.
• Shellbags: Records folder access and can provide insights into user activities.
• LNK Files: Shortcut files; can reveal file usage and locations.
• MRU-Stuff: Tracks Most Recently Used items to provide context on user activity.
• Thumbcache: Stores thumbnail images for quick viewing; forensic value in tracking file history.
• Windows Event Viewer: Built-in tool for logging system, security, and application events; vital for forensic investigations.

Decryption and Password Enforcing

• Decryption Attacks: Techniques used to break encryption and access secured data.
• Password Guessing Attacks: Methods used to exploit weak passwords; highlights importance of password strength.

Cybercrime

• Definition: Advanced cybercrime involves sophisticated attacks on computer systems and software; demands technical knowledge.
• Distinction Between Crimes: Cybercrimes involve direct use of computers, while cyber-aided crimes utilize the internet for traditional criminal activities.
• Fraud Model: Cyber fraud involves deceiving victims into surrendering monetary value through online or offline means.

Encryption Techniques

• Asymmetric Key Encryption: Uses a pair of keys (public for encryption, private for decryption); crucial for secure communications.
• Hashing: One-way function for data integrity and secure storage; generates a unique hash value that represents the original data without revealing it.

Ensuring Data Integrity

• Secure Hash Algorithm: Must be collision-resistant and irreversible; critical for password storage and data validation.
• Hashing is widely used in operating systems like Windows to securely store passwords.

Forensic Examination

• Forensic Artifacts: Valuable pieces of information (e.g., documents, communications) critical for investigations.
• Windows Internal Searching: Analyzing system databases helps in mapping artifacts, enhancing evidence recovery.

Windows Event Viewer

• Central tool for logging events within the Windows environment; vital for understanding system usage and detecting anomalies.
• Log Types: Differentiated into application, system, and security logs; includes both successful and failed audit results.
• Logs aid in evaluating application performance and diagnosing issues.

Description

Test your knowledge on essential computer theory concepts, including secondary storage media and file structures. This quiz covers a range of topics such as the NTFS file system, data representation, and encryption methods. Perfect for students learning about computer systems and data management.