Employee Data Theft Investigation Quiz

Questions and Answers

PDF Questions PDF Answers

What was the service provided by Alex in the scenario?

Computer forensics & digital investigation services (correct)

Cloud computing services

Network security services

Data encryption services

Who did the general manager of the organization suspect of being involved in illegal activities?

Two employees (correct)

Three employees

One employee

Five employees

What encouraged the development of forensic tools, techniques, and procedures?

Expansion of mobile phone networks

Evolution of computer games

Variations and development of data storage and transfer capabilities (correct)

Development of social media platforms

What is the main objective of computer forensics discussed in the text?

To gather evidence and investigate digital crimes

Why have forensic tools, techniques, and investigators developed according to the text?

To address the advancements in data storage and transfer technologies

What does the text suggest about data storage and transfer capabilities?

Their development has promoted advancements in forensic tools

What is persistent data according to the text?

Data stored in nonvolatile storage devices

Which set of data will be lost when the machine loses power or is shut down?

Volatile data

Why is it recommended for first responders to gather volatile data first?

Because gathering persistent data first may result in data loss

What happens to volatile data if the system is rebooted or shut down?

It is lost

Where is persistent data usually collected during a forensic investigation?

In external storage devices

According to Carnegie Mellon University, what is considered volatile data?

'System memory' data

What is the objective of documenting the selection process for tools and procedures in computer forensics investigation?

To present the findings justified by evidences

Why is it important for organizations to have the capability to solve basic issues and investigations by themselves?

To create a buffer against cyber threats

What is a crucial requirement for establishing a computer forensics business?

Permission from the government

Why should an organization have the capability to handle basic issues internally?

To maintain control over sensitive data and information

What may be challenging for an organization without the ability to solve basic issues internally?

Understanding fraud or illegal activities within the organization

Why does an organization need to assess its capability to handle basic issues independently?

To ensure effective implementation of cyber security rules

What should an investigator do to ensure successful proceedings?

Make the place secure and limit access rights

What is the most common type of cyber-attack in 2014?

SQL-injection

How can the modes of cyber-attack be generally classified?

Internal or insider attacks and virus attacks

Which of the following is NOT an example of cyber-crime mentioned in the text?

Systematic approach

What should be documented during a digital investigation?

Tools used and processes followed

Why is it important for an investigator to carefully manage evidence?

To maintain integrity and reliability of evidence

What is the primary purpose of using the 'Top' command in Linux forensics?

To identify the most CPU-intensive tasks

Which command would you use to view all the running processes in a Linux system?

$ ps -ef

What information does the 'Fport' tool aim to provide in Linux forensics?

Open TCP/IP and UDP ports

Which command would you use to find the history of a particular program in Linux?

$ ps –C program_name

In Linux forensics, what can be deduced from examining network information with 'Fport' tool?

Associated IP addresses

Which command provides the useful information of current running processes, ID, CPU usage, memory usage, and more in Linux?

$ ps -ef

Study Notes

Linux Forensic Tools

• top command is used to find running processes and displays results sorted by CPU usage, showing process ID, time, and executed command.
• ps command is used to provide information on current running processes, including ID, CPU usage, memory usage, and other details.
• Variations of ps command:
  • ps ax to get a full list of running processes
  • ps -ef to get more detailed information
  • ps –U user to find other system users' running processes
  • ps –C program_name to find the history of a particular program
  • ps -A to view all processes
  • ps r to view only running processes

Fport Tool

• Fport is a forensic tool used to find open TCP/IP and UDP ports and the applications listening on those ports.
• The tool helps investigators map ports to running processes and document the process identification number and path.
• Fport can be downloaded from the McAfee website.

Modes of Attack

• Cyber-attacks can be divided into two types: internal (insider) attacks and external (outsider) attacks.
• Examples of cyber-crimes include financial frauds, laptop or device theft, insider internet abuse, data theft, unauthorized access, viruses, worms, and backdoor attacks, and denial of service attacks.

Computer Forensics

• Computer forensics and digital investigation involve identifying and investigating cyber-crimes.
• The systematic approach to investigation involves a standard guideline and steps to follow.
• The process includes initiating and performing the investigation, legal laws and boundaries, techniques to gather evidence, and the scope of forensic work.

Volatile Data

• Volatile data is stored in system memory and is lost when the machine loses power or is shut down.
• Persistent data, on the other hand, is stored in nonvolatile storage devices and is not lost after rebooting or shutting down the machine.
• It is essential to differentiate between persistent and volatile data and prioritize collecting volatile data first.

Computer Forensics Team

• Law enforcement and security agencies are responsible for investigating computer crimes, but organizations should also have the capability to investigate basic issues themselves.
• Organizations can hire experts from small or mid-size computer investigation firms or create their own computer forensic services firm with a forensics lab, necessary permissions, and the right tools and people.

Description

Test your knowledge on investigating employee involvement in illegal activities such as data theft and network breaches within an organization. Learn about collecting evidence, preparing final reports, and initiating legal action based on investigation findings.