Forensics and Network Intrusion Exam Study Questions and Answers 2024 Graded A

Stego-only - Only the stego-object is available for analysis. Known cover attack: - The stego-object as well as the original medium is available. The stego-object is compared with the original cover object to detect any hidden information. Known message attack - The hidden message and the corresponding stego-image are known. The analysis of patterns that correspond to the hidden information could help decipher such messages in future Chosen stego attack - The steganography algorithm and stego-object are known. Chosen message attack - The steganalyst generates a stego-object from some steganography tool or algorithm of a chosen message. The goal in this attack is to determine patterns in the stego-object that may point to the use of specific steganography tools or algorithms hexadecimal value should an investigator search for to find JPEG - 0xFFD8 - Joint Photographic Experts Group Which computer crime forensics step requires an investigator to duplicate and image the collected digital information? - Acquiring data A computer forensic investigator finds an unauthorized wireless access point connected to an organization's network switch. This access point's wireless network has a random name with a hidden service set identifier (SSID). - Create a backdoor that a perpetrator can use by connecting wirelessly to the network Which web-based application attack corrupts the execution stack of a web application? - Buffer overflow Known-stego - The hidden message and the corresponding stego-image are known During the communication process, active attackers can change cover Original and stego-object are available and the steganography algorithm is known Only the steganography medium is available for analysis Which path should a forensic investigator use to look for system logs in a Mac? - /var/log/ Which tool should a forensic investigator use on a Windows computer to locate all the data on a computer disk, protect evidence, and create evidentiary reports for use in legal proceedings? - ProDiscover Which tool should a forensic team use to research unauthorized changes in a database? - ApexSQL DBA Which graphical tool should investigators use to identify publicly available information about a public IP address? - SmartWhois A first responder arrives at an active crime scene that has several mobile devices. What should this first responder do while securing the crime scene? - Leave the devices as found and fill out chain of custody paperwork A network log from a remote system is entered into evidence, and the proper steps are taken to protect the integrity of the data. The log contains network intrusion data but does not contain any information about the log. - Name of the server A Mac computer that does not have removeable batteries is powered on. Which action must a first responder take to preserve digital evidence from the computer once volatile information is collected? - Press the power switch for 30 seconds First responders arrive at a company and determine that a non-company Windows 7 computer was used to breach information systems. The computer is still powered on. What is the correct procedure for powering off this computer once the volatile information has been collected? - Unplug the electrical cord from the wall socket RAID 0 - also known as a stripe set or striped volume) splits ("stripes") data evenly across two or more disks, without parity information, redundancy, or fault tolerance RAID 1 - consists of an exact copy (or mirror) of a set of data on two or more disks; a classic RAID 1 mirrored pair contains two disks. This configuration offers no parity, striping, or spanning of disk space across multiple disks,