WGU Course C840 - Digital Forensics Quiz
100 Questions
100 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the Electronic Communications Privacy Act (ECPA)?

  • 18 U.S.C. 2252B
  • The Electronic Communications Privacy Act (ECPA)
  • Foreign Intelligence Surveillance Act (FISA) (correct)
  • The USA Patriot Act
  • Identification, preservation, collection, examination, analysis, and presentation are six classes in the matrix of __________.

  • the Certified-Forensic-Analyst
  • the DFRWS framework (correct)
  • The Rules of Evidence
  • the Forensic Toolkit
  • If you need to know what documents have been printed from the Macintosh, the __________ folder can give you that information.

  • /var/spool/cups (correct)
  • /Users//.bash_history log
  • /Library/Receipts
  • var/vm
  • What name is given to the result of acquiring a file as it is being updated?

    <p>slurred image</p> Signup and view all the answers

    At which phase of the incident response does computer forensics begin?

    <p>eradication</p> Signup and view all the answers

    What name is given to the process of searching memory in real time?

    <p>live system forensics</p> Signup and view all the answers

    The American Heritage Dictionary defines __________ as 'the use of science and technology to investigate and establish facts in criminal or civil courts of law.'

    <p>forensics</p> Signup and view all the answers

    Which Linux distribution is very popular with beginners?

    <p>Ubuntu</p> Signup and view all the answers

    The subscriber identity module (SIM) is a memory chip that stores the __________.

    <p>international mobile subscriber identity (IMSI)</p> Signup and view all the answers

    Which of the following is the definition of dump?

    <p>a complete copy of every bit of memory or cache recorded in permanent storage or printed on paper</p> Signup and view all the answers

    The __________ is the continuity of control of evidence that makes it possible to account for all that has happened to evidence between its original collection and its appearance in court.

    <p>chain of custody</p> Signup and view all the answers

    Suspects often overwhelm forensic analysts with false positives and false leads. This is referred to as __________.

    <p>data fabrication</p> Signup and view all the answers

    What version of RAID are the following descriptors? Striped disks with dedicated parity combine three or more disks in a way that protects data against loss of any one disk.

    <p>RAID 3 or 4</p> Signup and view all the answers

    __________ is/are the cyber-equivalent of vandalism.

    <p>DoS attacks</p> Signup and view all the answers

    __________ is offline analysis conducted on an evidence disk or forensic duplicate after booting from a CD or another system.

    <p>Physical analysis</p> Signup and view all the answers

    Linux offers many different shells. Each shell is designed for a different purpose. __________ is the most commonly used shell in Linux.

    <p>Bourne-again shell</p> Signup and view all the answers

    The __________ standard for wireless communication of high-speed data for mobile devices is what is commonly called 4G.

    <p>long term evolution (LTE)</p> Signup and view all the answers

    What term is used to describe a broad category of crime that can encompass many different activities, but essentially, any attempt to gain financial reward through deception?

    <p>fraud</p> Signup and view all the answers

    A port is a number that identifies a channel in which communication can occur. Which port uses IRC chat rooms?

    <p>Port 194</p> Signup and view all the answers

    Because Mac OS X is based on FreeBSD, you can use shell commands to extract information. The __________ command returns the hardware information for the host system.

    <p>system_profiler SPHardwareDataType</p> Signup and view all the answers

    Which shell command is used to remove or delete empty directories?

    <p>rmdir</p> Signup and view all the answers

    The __________ is a central controller coordinating the other pieces of the BSS.

    <p>base station controller (BSC)</p> Signup and view all the answers

    The __________ release of Mac OS X had built-in support for iCloud to support cloud computing.

    <p>Mac OS X 10.8, named Mountain Lion</p> Signup and view all the answers

    What was designed as an area where computer vendors could store data that is shielded from user activities?

    <p>host protected area</p> Signup and view all the answers

    A __________ is used to send a test packet or echo packet to a machine to determine if the machine is reachable.

    <p>ping</p> Signup and view all the answers

    The __________ command can be used to quickly catalog a suspect drive.

    <p>ls</p> Signup and view all the answers

    A(n) __________ is an e-mail server that strips identifying information from an e-mail message before forwarding it.

    <p>anonymizer</p> Signup and view all the answers

    A one-sided DVD (or digital video disc) can hold __________ gigabytes.

    <p>4.7</p> Signup and view all the answers

    The __________ cipher is a method of encrypting alphabetic text by using a series of different monoalphabet ciphers.

    <p>Vigenère</p> Signup and view all the answers

    __________ is a Linux Live CD that you use to boot a system and then use the tools.

    <p>BackTrack</p> Signup and view all the answers

    Which of the following is the definition of basic input/output system (BIOS)?

    <p>the basic instructions stored on a chip for booting up the computer</p> Signup and view all the answers

    What is meant by file slack?

    <p>the unused space between the logical end of file and the physical end of file</p> Signup and view all the answers

    What term is used to describe information that forensic specialists use to support or interpret real or documentary evidence?

    <p>testimonial evidence</p> Signup and view all the answers

    Essentially, a __________ is a special place on the hard drive where items from memory can be temporarily stored for fast retrieval.

    <p>swap file</p> Signup and view all the answers

    __________ is a live-system forensic technique in which you collect a memory dump and perform analysis in an isolated environment.

    <p>Volatile memory analysis</p> Signup and view all the answers

    The National Institute of Standards and Technology (NIST) guidelines list four different states a mobile device can be in when you extract data. Devices are in the __________ state when received from the manufacturer.

    <p>nascent</p> Signup and view all the answers

    The art and science of writing hidden messages is the definition of what?

    <p>steganography</p> Signup and view all the answers

    __________ is essentially data about the data. In the case of files, it can include creation time/date, size, and last modified date.

    <p>Metadata</p> Signup and view all the answers

    What is meant by three-way handshake?

    <p>The process of connecting to a server that involves three packets being exchanged</p> Signup and view all the answers

    It has been claimed that __________ of all computers connected to the Internet have spyware.

    <p>80 %</p> Signup and view all the answers

    Hard drives eventually age and begin to encounter problems. You can use the __________ command to help with that.

    <p>fsck</p> Signup and view all the answers

    In the Linux boot process, the MBR loads up a(n) __________ program, such as LILO.

    <p>boot loader</p> Signup and view all the answers

    What name is given to a protocol used to send e-mail that works on port 25?

    <p>Simple Mail Transfer Protocol (SMTP)</p> Signup and view all the answers

    What is meant by steganalysis?

    <p>the determination of whether a file or communication hides other information</p> Signup and view all the answers

    _________ is the method used by password crackers who work with pre-calculated hashes of all passwords possible.

    <p>Rainbow table</p> Signup and view all the answers

    RFC 3864 describes message header field names. Message-ID of the message to which there is a reply refers to which of the following options?

    <p>references</p> Signup and view all the answers

    What term is used to describe the determination of whether a file or communication hides other information?

    <p>steganasis</p> Signup and view all the answers

    What is meant by symmetric cryptography?

    <p>those methods where the same key is used to encrypt and decrypt the plaintext</p> Signup and view all the answers

    The chief information officer of an accounting firm believes sensitive data is being exposed on the local network. Which tool should the IT staff use to gather digital evidence about this security vulnerability?

    <p>Sniffer</p> Signup and view all the answers

    A police detective investigating a threat traces the source to a house. How should the detective legally gain access to the computer?

    <p>Obtain consent to search from the parents</p> Signup and view all the answers

    How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene?

    <p>By using the ipconfig command from a command prompt on the computer</p> Signup and view all the answers

    Which digital evidence should a forensic investigator collect to investigate a phishing incident involving a bank account?

    <p>Browser cache</p> Signup and view all the answers

    Which digital evidence should be collected after a dedicated messaging server is hacked?

    <p>Firewall logs</p> Signup and view all the answers

    Which type of evidence should a forensics investigator use to identify the source of a hack?

    <p>Network transaction logs</p> Signup and view all the answers

    What is the first thing a forensic scientist should do upon arriving at a crime scene?

    <p>Photograph all evidence in its original place</p> Signup and view all the answers

    Which method of copying digital evidence ensures proper evidence collection?

    <p>Make the copy at the bit-level</p> Signup and view all the answers

    Which action should a forensic investigator take first when arriving at a scene with a malware-infected computer?

    <p>Unplug the computer's Ethernet cable</p> Signup and view all the answers

    What are the three basic tasks a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation?

    <p>1, 3, 7</p> Signup and view all the answers

    How do forensic specialists show that digital evidence was handled in a protected manner during the evidence collection process?

    <p>Chain of custody</p> Signup and view all the answers

    Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)?

    <p>Lower cost</p> Signup and view all the answers

    Which characteristic applies to solid-state drives (SSDs) compared to magnetic drives?

    <p>They are less susceptible to damage</p> Signup and view all the answers

    Which type of storage format should be transported in a special bag to reduce electrostatic interference?

    <p>Magnetic media</p> Signup and view all the answers

    Which Windows component is responsible for reading the boot.ini file and displaying the boot loader menu on Windows XP during the boot process?

    <p>NTLDR</p> Signup and view all the answers

    Which operating system should be used to run the command dd if=/dev/mem of=/evidence/image.memory1?

    <p>Linux</p> Signup and view all the answers

    Which file system is supported by Mac?

    <p>Hierarchical File System Plus (HFS+)</p> Signup and view all the answers

    Which law requires both parties to consent to the recording of a conversation?

    <p>Electronic Communications Privacy Act (ECPA)</p> Signup and view all the answers

    Which law is related to the disclosure of personally identifiable protected health information (PHI)?

    <p>Health Insurance Portability and Accountability Act (HIPAA)</p> Signup and view all the answers

    Which U.S. law criminalizes the act of knowingly using a misleading domain name with the intent to deceive a minor into viewing harmful material?

    <p>18 U.S.C. 2252B</p> Signup and view all the answers

    Which U.S. law protects journalists from turning over their work or sources to law enforcement?

    <p>The Privacy Protection Act (PPA)</p> Signup and view all the answers

    Which law or guideline lists the four states a mobile device can be in when data is extracted from it?

    <p>NIST SP 800-72 Guidelines</p> Signup and view all the answers

    Which law includes a provision permitting the wiretapping of VoIP calls?

    <p>Communications Assistance to Law Enforcement Act (CALEA)</p> Signup and view all the answers

    Which policy is included in the CAN-SPAM Act?

    <p>The email sender must provide some mechanism for the receiver to opt-out of future emails that cannot require a fee.</p> Signup and view all the answers

    Which United States law requires telecommunications equipment manufacturers to provide built-in surveillance capabilities?

    <p>Communication Assistance to Law Enforcement Act (CALEA)</p> Signup and view all the answers

    Which law requires a search warrant or recognized exceptions for searching email messages on a computer?

    <p>The Fourth Amendment to the U.S. Constitution</p> Signup and view all the answers

    What is one purpose of steganography?

    <p>To deliver information secretly</p> Signup and view all the answers

    Which method is used to implement steganography through pictures?

    <p>LSB</p> Signup and view all the answers

    What are the core elements of steganography?

    <p>Payload, carrier, channel</p> Signup and view all the answers

    Which steganographic term describes tracking information used in data leakage?

    <p>Payload</p> Signup and view all the answers

    Which component represents command and control messages in a compromised botnet server?

    <p>Payload</p> Signup and view all the answers

    Which method is commonly used to hide data via steganography?

    <p>LSB</p> Signup and view all the answers

    Which tool should a forensic investigator use to search for hidden data in images captured in emails?

    <p>Forensic Toolkit (FTK)</p> Signup and view all the answers

    Which steganographic tool is used to hide text messages in popular American songs?

    <p>MP3Stego</p> Signup and view all the answers

    How should an investigator use file properties to detect steganography?

    <p>Review the hexadecimal code looking for anomalies in the file headers</p> Signup and view all the answers

    Where are local passwords stored for the Windows operating system?

    <p>SAM file in \Windows\System32\</p> Signup and view all the answers

    Where is the config folder located that contains the SAM file on a Windows system?

    <p>C:\Windows\System32</p> Signup and view all the answers

    Where should passwords for wireless networks be stored on a Windows XP system?

    <p>Registry</p> Signup and view all the answers

    Which Windows password cracking tool uses rainbow tables?

    <p>Ophcrack</p> Signup and view all the answers

    How does a rainbow table work to crack a password?

    <p>It uses a table of all possible keyboard combinations and their hash values.</p> Signup and view all the answers

    What should a forensic investigator use to gather the most reliable routing information for tracking an email message?

    <p>Email header</p> Signup and view all the answers

    Which activity involves email tracing?

    <p>Determining the ownership of the source email server</p> Signup and view all the answers

    Which digital evidence should be reviewed to check for mounted volumes created from USB drives on a compromised laptop running OS X?

    <p>/var/log</p> Signup and view all the answers

    Which log or folder contains information about printed documents on a computer running Mac OS X?

    <p>/var/spool/cups</p> Signup and view all the answers

    Which Windows event log should be checked for evidence of invalid logon attempts?

    <p>Security</p> Signup and view all the answers

    Which folder contains the software updates logs on a Macintosh system?

    <p>/Library/Receipts</p> Signup and view all the answers

    Which tool should a forensic investigator use to image an older BlackBerry smartphone running OS 7.0?

    <p>BlackBerry Desktop Manager</p> Signup and view all the answers

    What should an investigator take care to ensure when extracting information from a mobile device?

    <p>That the mobile device does not synchronize with the computer</p> Signup and view all the answers

    Which state is a device in if it is powered on, performing tasks, and able to be manipulated by the user?

    <p>Active</p> Signup and view all the answers

    Rules of evidence can be defined as __________.

    <p>rules that govern whether, when, how, and why proof of a legal case can be placed before a judge or jury</p> Signup and view all the answers

    The Windows Registry is organized into five sections. The __________ section contains those settings common to the entire machine.

    <p>HKEY_LOCAL_MACHINE (HKLM)</p> Signup and view all the answers

    There are specific laws in the United States that are applicable to e-mail investigations. __________ is a U.S. law that prescribes procedures for surveillance and collection of foreign intelligence information.

    <p>Foreign Intelligence Surveillance Act (FISA)</p> Signup and view all the answers

    Study Notes

    Digital Forensics Tools and Techniques

    • A Sniffer is used to gather digital evidence on security vulnerabilities in local networks.
    • Legal access to a computer during an investigation may require parental consent if minors are involved.
    • Use the ipconfig command to obtain network configuration from a Windows PC at a crime scene.
    • Forensic investigators should collect browser cache as digital evidence in phishing scams.

    Evidence Collection

    • Firewall logs are critical for collecting evidence after a security breach, especially for dedicated messaging servers.
    • Email messages are utilized to identify how account information was compromised in phishing incidents.
    • Network transaction logs are essential for determining the source of hacking attempts.
    • The first step a forensic scientist should take at a crime scene is to photograph all evidence in its original place.

    Proper Evidence Handling

    • Bit-level copying ensures proper evidence collection during investigations.
    • Disconnecting the computer from the network is crucial if it is infected with malware to prevent data loss.
    • Preserving, cataloging, and preparing evidence are fundamental tasks for forensic specialists.
    • The chain of custody is vital for demonstrating the secure handling of digital evidence.

    Laws and Regulations in Cyber Forensics

    • The Communications Assistance to Law Enforcement Act (CALEA) mandates surveillance capabilities in telecommunications.
    • The Health Insurance Portability and Accountability Act (HIPAA) governs the protection of health information.
    • The Fourth Amendment requires a search warrant for email searches, ensuring constitutional protection.
    • The Children’s Online Privacy Protection Act (COPPA) criminalizes deceptive domain names aimed at minors.

    Steganography

    • Steganography is the practice of hiding information within other files, enabling secret communication.
    • The core components of steganography include payload, carrier, and channel.
    • The Least Significant Bit (LSB) method is commonly used for hiding data in images.

    Digital Evidence in Various Systems

    • Windows stores local passwords in the SAM file located in the System32 directory.
    • The logging of printed documents on macOS is found in the /var/spool/cups directory.
    • Rainbow tables are utilized by password-cracking tools like Ophcrack to facilitate rapid password recovery.
    • Command and control messages can be embedded in DNS protocol communications via compromised servers.

    Incident Response and Forensics

    • Incident response phases include containment, recovery, and eradication, with forensics beginning during recovery.
    • Live system forensics involves real-time memory searching to identify abuse or compromised systems.
    • The forensic process includes identification, preservation, collection, examination, analysis, and presentation of evidence.

    Key Definitions

    • Forensics is defined as the application of science and technology in establishing facts for legal cases.
    • A 'dump' refers to acquiring a file as it is being updated, often requiring careful handling of the data.
    • A device is considered 'active' when it is powered on and operational, allowing manipulation by a user.

    Miscellaneous Knowledge

    • Ubuntu is a popular Linux distribution, especially among beginners in digital forensics.
    • The Subscriber Identity Module (SIM) stores the International Mobile Subscriber Identity (IMSI) in mobile devices.### Computer and Cybersecurity Concepts
    • BIOS performs a hardware test at boot-up to ensure the system is functioning properly.
    • Dynamic memory allocation for programs is typically requested from the heap segment using allocators like malloc.
    • A complete duplicate of every memory bit, forensic evidence, can be preserved in permanent storage or documentation.
    • The boot record on hard drive partitions initializes the booting process.

    Forensics and Evidence

    • Chain of custody refers to the documented tracking and control of evidence from collection to courtroom appearance.
    • Data fabrication overwhelms forensic analysts with misleading information and false leads.
    • Evidence links, such as fingerprints, support potential conclusions in investigations.

    RAID and Storage Technologies

    • RAID 5 combines three or more disks with dedicated parity for fault tolerance, losing the capacity of one disk.
    • The term "swapping" refers to storing memory items temporarily on the hard drive for fast retrieval.

    Networking and Communication

    • DoS attacks are considered cyber-vandalism aimed at disrupting services.
    • Port 194 is utilized for IRC chat communications.
    • The three-way handshake is the connection process involving three exchanged packets.

    Operating Systems and Commands

    • In Linux, the Bourne-again shell is the most widely utilized shell for various tasks.
    • The command system_profiler SPHardwareDataType provides comprehensive hardware information on Mac OS X systems.
    • The command rmdir is specifically used to remove empty directories.

    Cryptography and Data Protection

    • The Vigenère cipher employs a sequence of monoalphabetic ciphers based on a keyword for encrypting text.
    • Metadata consists of data about data, documenting details like creation date and file size.
    • Symmetric cryptography uses a single key for both encryption and decryption purposes.

    System and Operational Integrity

    • Tools like fsck diagnose issues on aging hard drives, enhancing forensic analysis efficiency.
    • RFC 3864 outlines header field names for messages, with Message-ID providing reply context.
    • Anonymizers mask senders' identities in email communication, enhancing privacy.

    Cybersecurity Statistics

    • Approximately 80% of all Internet-connected computers are reported to have spyware installed.
    • A one-sided DVD can hold up to 4.7 gigabytes of data.

    Analysis Techniques

    • Volatile memory analysis encompasses live-system techniques for collecting and examining memory dumps.
    • Steganalysis tests if files or communications conceal additional information.

    Internet Protocols and Standards

    • SMTP (Simple Mail Transfer Protocol) operates on port 25 for email transmission.
    • The universal mobile telecommunications system refers to the standards used for high-speed mobile data transfer, also related to wireless communication advancements.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    This quiz focuses on key concepts in Digital Forensics related to cybersecurity as taught in WGU Course C840. Participants will explore various tools and techniques used to gather digital evidence and understand security vulnerabilities. Test your knowledge and prepare for real-world applications in the field of cybersecurity.

    More Like This

    Cyber Security Fundamentals and Tools
    29 questions
    Digital Forensics Introduction
    45 questions
    Digital Forensics Report 2024
    24 questions

    Digital Forensics Report 2024

    EagerElectricOrgan7766 avatar
    EagerElectricOrgan7766
    Use Quizgecko on...
    Browser
    Browser