Employee Data Theft Investigation Quiz

Questions and Answers

What was the service provided by Alex in the scenario?

• Computer forensics & digital investigation services (correct)
• Cloud computing services
• Network security services
• Data encryption services

Who did the general manager of the organization suspect of being involved in illegal activities?

• Two employees (correct)
• Three employees
• One employee
• Five employees

What encouraged the development of forensic tools, techniques, and procedures?

• Expansion of mobile phone networks
• Evolution of computer games
• Variations and development of data storage and transfer capabilities (correct)
• Development of social media platforms

What is the main objective of computer forensics discussed in the text?

To gather evidence and investigate digital crimes (C)

Why have forensic tools, techniques, and investigators developed according to the text?

To address the advancements in data storage and transfer technologies (D)

What does the text suggest about data storage and transfer capabilities?

Their development has promoted advancements in forensic tools (A)

What is persistent data according to the text?

Data stored in nonvolatile storage devices (B)

Which set of data will be lost when the machine loses power or is shut down?

Volatile data (C)

Why is it recommended for first responders to gather volatile data first?

Because gathering persistent data first may result in data loss (C)

What happens to volatile data if the system is rebooted or shut down?

It is lost (D)

Where is persistent data usually collected during a forensic investigation?

In external storage devices (A)

According to Carnegie Mellon University, what is considered volatile data?

'System memory' data (C)

What is the objective of documenting the selection process for tools and procedures in computer forensics investigation?

To present the findings justified by evidences (D)

Why is it important for organizations to have the capability to solve basic issues and investigations by themselves?

To create a buffer against cyber threats (D)

What is a crucial requirement for establishing a computer forensics business?

Permission from the government (C)

Why should an organization have the capability to handle basic issues internally?

To maintain control over sensitive data and information (C)

What may be challenging for an organization without the ability to solve basic issues internally?

Understanding fraud or illegal activities within the organization (D)

Why does an organization need to assess its capability to handle basic issues independently?

To ensure effective implementation of cyber security rules (B)

What should an investigator do to ensure successful proceedings?

Make the place secure and limit access rights (D)

What is the most common type of cyber-attack in 2014?

SQL-injection (D)

How can the modes of cyber-attack be generally classified?

Internal or insider attacks and virus attacks (A)

Which of the following is NOT an example of cyber-crime mentioned in the text?

Systematic approach (B)

What should be documented during a digital investigation?

Tools used and processes followed (A)

Why is it important for an investigator to carefully manage evidence?

To maintain integrity and reliability of evidence (D)

What is the primary purpose of using the 'Top' command in Linux forensics?

To identify the most CPU-intensive tasks (B)

Which command would you use to view all the running processes in a Linux system?

$ ps -ef (D)

What information does the 'Fport' tool aim to provide in Linux forensics?

Open TCP/IP and UDP ports (C)

Which command would you use to find the history of a particular program in Linux?

$ ps –C program_name (C)

In Linux forensics, what can be deduced from examining network information with 'Fport' tool?

Associated IP addresses (A)

Which command provides the useful information of current running processes, ID, CPU usage, memory usage, and more in Linux?

$ ps -ef (B)

Flashcards are hidden until you start studying

Study Notes

Linux Forensic Tools

• top command is used to find running processes and displays results sorted by CPU usage, showing process ID, time, and executed command.
• ps command is used to provide information on current running processes, including ID, CPU usage, memory usage, and other details.
• Variations of ps command:
  • ps ax to get a full list of running processes
  • ps -ef to get more detailed information
  • ps –U user to find other system users' running processes
  • ps –C program_name to find the history of a particular program
  • ps -A to view all processes
  • ps r to view only running processes

Fport Tool

• Fport is a forensic tool used to find open TCP/IP and UDP ports and the applications listening on those ports.
• The tool helps investigators map ports to running processes and document the process identification number and path.
• Fport can be downloaded from the McAfee website.

Modes of Attack

• Cyber-attacks can be divided into two types: internal (insider) attacks and external (outsider) attacks.
• Examples of cyber-crimes include financial frauds, laptop or device theft, insider internet abuse, data theft, unauthorized access, viruses, worms, and backdoor attacks, and denial of service attacks.

Computer Forensics

• Computer forensics and digital investigation involve identifying and investigating cyber-crimes.
• The systematic approach to investigation involves a standard guideline and steps to follow.
• The process includes initiating and performing the investigation, legal laws and boundaries, techniques to gather evidence, and the scope of forensic work.

Volatile Data

• Volatile data is stored in system memory and is lost when the machine loses power or is shut down.
• Persistent data, on the other hand, is stored in nonvolatile storage devices and is not lost after rebooting or shutting down the machine.
• It is essential to differentiate between persistent and volatile data and prioritize collecting volatile data first.

Computer Forensics Team

• Law enforcement and security agencies are responsible for investigating computer crimes, but organizations should also have the capability to investigate basic issues themselves.
• Organizations can hire experts from small or mid-size computer investigation firms or create their own computer forensic services firm with a forensics lab, necessary permissions, and the right tools and people.