Forensics and Network Intrusion Exam Questions With Verified Solutions.

Forensics and Network Intrusion Exam Questions With Verified Solutions. First Responder - answerIs responsible for protecting, integrating, and preserving the evidence obtained from the crime scene. The first responder must investigate the crime scene in a lawful matter so that any obtained evidence will be acceptable in a court of law. Computer Forensics or Forensic Computing - answerComputer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. Forensic Investigator - answerIs an Investigator who helps organizations and law enforcement agencies in investigating cybercrimes and prosecuting the perpetrators of those crimes. He is responsible for the acquisition, identification, preservation, documentation and the creation of an image back-up (bit by bit) of the evidence without affecting or changing same. Forensic Science - answerIt's the application of physical sciences to law in search for truth in civil, criminal, and social behavioral matters for the purpose of ensuring injustice shall not be done to any member of society. Network Forensics - answerNetwork Forensics is the capturing, recording, and analysis of network events in order to discover the source, path and Intrusion techniques of security attacks. Chain of Custody - answerA method for documenting the history and possession of a sample from the time of collection, though analysis and data reporting, to its final disposition. Bit Stream copy - answerA bit by bit copy of the original storage medium and or evidence. Ext3 - answerExt3 or third extended file system, is a journaled file system that is commonly used by the Linux kernel. It is the default file system for many popular Linux distributions. Logical block addressing (LBA) - answeris a common scheme used for specifying the location of blocks of data stored on computer storage devices, generally secondary storage systems such as hard disks. LBA is a particularly simple linear addressing scheme; blocks are located by an integer index, with the first block being LBA 0, the second LBA 1, and so on in a sequential matter. Cluster - answerIs the smallest logical unit on a hard drive. Lost Cluster - answerThe operating system assigns a unique number to each cluster and then keeps track of files according to which clusters they use. Occasionally, the operating system marks a cluster as being used even though it is not assigned to any file. This is called a lost cluster. Bad Cluster - answerIs a sector on a computer's disk drive or flash memory that is either inacessible or unwriteable due to permanent damage, such as physical damage to the disk surface or failed flash memory transistors. Event Logs - answerWindows event log is a record of a computer's alerts and notifications. Microsoft defines an event as "any significant occurrence in the OS or in a program that requires users to be notified or an entry added to a log." Tracking user logon activity via Audit Event ID's - answer512 Start-up 513 Shutdown 528 Logon 531 Disabled Account 538 Logoff Audit Policy Event ID's - answerEvent ID 4904: An attempt was made to register a security event source. Event ID 4902: The Per-user audit policy table was created. E-mail Protocols POP3, SMTP and IMAP port numbers - answerPOP3 - Port 110 SMTP - Port 25 IMAP - Port 143 POP3 - answerA protocol for receiving e-mail by downloading it to your computer from a mailbox on the server of an Internet service provider. SMTP - answerA protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another. The messages can then be retrieved with an e-mail client using either POP3 or IMAP. SMTP is also generally used to send messages from a mail client to a mail server. Net Config - answerUse the net config command to show information about the configuration of the Server or Workstation service. Net File - answerDisplays the names of all open shared files on a server and the number of file locks, if any, on each file.