GUIDE TO COMPUTER
FORENSICS AND
INVESTIGATIONS
FINAL PRACTICE B
QUESTIONS WITH
VERIFIED ANSWERS
, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS
FINAL PRACTICE B QUESTIONS WITH VERIFIED ANSWERS
Agastay is a United States Marshal. His office wants to track the cell phone of a suspicious
person to see who he meets, but he cannot do so unless he has a warrant due to the fourth
amendment. Why is cell phone tracking subject to fourth amendment rights? Choose all that
apply. - -Answer--The fourth amendment protects not just physical spaces but also "effects." A
person's movements and location can be considered an effect, and therefore protected under
the fourth amendment. Tracking an individual's cell phone can be seen as a "search" in the legal
sense. Gathering detailed location information from a cell phone is akin to conducting
surveillance, and therefore is protected under the fourth amendment.
Alexi is new to the field of computer forensics. She has heard about this file called $UsnJrnl:$J
file. A colleague of hers says it is used for digital forensics investigations. Alexi is puzzled. She
turns to you and asks, what is this file used for? What is your -Answer-? - -Answer--The
$UsnJrnl:$J file can provide a history of file system activity, helping investigators track file
changes and potentially identify suspicious activities.
Aloise is a penetration tester (pen tester). While attempting to break into a client's network, she
finds some undiscovered vulnerabilities. These vulnerabilities can lead to attacks. What are
these vulnerabilities called? - -Answer--A zero-day attack is launched against a vendor's
software before the vendor knows that a vulnerability is present in their software to be targeted.
Ares is researching categories of the Internet of Anything. He wants to know which category of
IoT includes applications and devices related to businesses in sectors such as office buildings,
large residential buildings, healthcare, entertainment, hotels, and travel. Which category is it? - -
Answer--Commercial Internet of Things: This part of the IoT includes applications and devices
related to businesses in sectors such as office buildings, large residential buildings, healthcare,
entertainment, hotels, and travel.
Ari is using a packet analyzer on his office network. He notices the majority of traffic moving
across the network is Transmission Control Protocol (TCP) and Internet Protocol (IP). Why is
that? - -Answer--The most common protocols associated with network traffic are Transmission
Control Protocol (TCP) and Internet Protocol (IP).
Barry is beginning an investigation into a cloud service provider (CSP). An issue with this
service provider is that they have been commingling their data in with their other clients to hide
profits from illegal activity. What is the term for many different unrelated businesses sharing the
same applications and storage space, and what makes collecting evidence difficult in this
situation? - -Answer--It's called multitenancy. The problem is in trying to retrieve data from the
other tenants (businesses) in the CSP, due to legal and jurisdictional specific factors governing
the data that those businesses own.
Billie is looking for a multipurpose tool that can be used as an intrusion prevention system (IPS)
and an intrusion detection system (IDS). It should also be usable for network forensics. Which
tool should Billie choose? - -Answer--Snort (snort.org) is one of the more powerful network tools
in the industry. In addition to being an intrusion prevention system (IPS) and an intrusion
detection system (IDS), Snort can be used for network forensics.
FORENSICS AND
INVESTIGATIONS
FINAL PRACTICE B
QUESTIONS WITH
VERIFIED ANSWERS
, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS
FINAL PRACTICE B QUESTIONS WITH VERIFIED ANSWERS
Agastay is a United States Marshal. His office wants to track the cell phone of a suspicious
person to see who he meets, but he cannot do so unless he has a warrant due to the fourth
amendment. Why is cell phone tracking subject to fourth amendment rights? Choose all that
apply. - -Answer--The fourth amendment protects not just physical spaces but also "effects." A
person's movements and location can be considered an effect, and therefore protected under
the fourth amendment. Tracking an individual's cell phone can be seen as a "search" in the legal
sense. Gathering detailed location information from a cell phone is akin to conducting
surveillance, and therefore is protected under the fourth amendment.
Alexi is new to the field of computer forensics. She has heard about this file called $UsnJrnl:$J
file. A colleague of hers says it is used for digital forensics investigations. Alexi is puzzled. She
turns to you and asks, what is this file used for? What is your -Answer-? - -Answer--The
$UsnJrnl:$J file can provide a history of file system activity, helping investigators track file
changes and potentially identify suspicious activities.
Aloise is a penetration tester (pen tester). While attempting to break into a client's network, she
finds some undiscovered vulnerabilities. These vulnerabilities can lead to attacks. What are
these vulnerabilities called? - -Answer--A zero-day attack is launched against a vendor's
software before the vendor knows that a vulnerability is present in their software to be targeted.
Ares is researching categories of the Internet of Anything. He wants to know which category of
IoT includes applications and devices related to businesses in sectors such as office buildings,
large residential buildings, healthcare, entertainment, hotels, and travel. Which category is it? - -
Answer--Commercial Internet of Things: This part of the IoT includes applications and devices
related to businesses in sectors such as office buildings, large residential buildings, healthcare,
entertainment, hotels, and travel.
Ari is using a packet analyzer on his office network. He notices the majority of traffic moving
across the network is Transmission Control Protocol (TCP) and Internet Protocol (IP). Why is
that? - -Answer--The most common protocols associated with network traffic are Transmission
Control Protocol (TCP) and Internet Protocol (IP).
Barry is beginning an investigation into a cloud service provider (CSP). An issue with this
service provider is that they have been commingling their data in with their other clients to hide
profits from illegal activity. What is the term for many different unrelated businesses sharing the
same applications and storage space, and what makes collecting evidence difficult in this
situation? - -Answer--It's called multitenancy. The problem is in trying to retrieve data from the
other tenants (businesses) in the CSP, due to legal and jurisdictional specific factors governing
the data that those businesses own.
Billie is looking for a multipurpose tool that can be used as an intrusion prevention system (IPS)
and an intrusion detection system (IDS). It should also be usable for network forensics. Which
tool should Billie choose? - -Answer--Snort (snort.org) is one of the more powerful network tools
in the industry. In addition to being an intrusion prevention system (IPS) and an intrusion
detection system (IDS), Snort can be used for network forensics.
