C702 CORRECT QUESTIONS &
ANSWERS(RATED A+)
· Drive:\RECYCLER\ - ANSWERRecycle Bin Storage On Windows 2000, NT, and
XP it is located in
(German) VSITR (7 passes) - ANSWERThis method overwrites in 6 passes with
alternate sequences of 0x00 and 0xFF, and with 00xAA in the last (7th) pass
/var/log/cups/error_log - ANSWERPrinter connection information
~/Library/Logs - ANSWERApplication logs specific to Home directory
~/Library/Logs/Sync - ANSWERInformation of devices on .Mac syncing
(American) DoD 5220.22-M (7 passes) - ANSWERThis standard destroys the data
on the drive's required area by overwriting with 010101 in the first pass, 101010 in
the second pass and repeating this process thrice. This method then overwrites that
area with random characters which is the 7th pass.
(American) NAVSO P-5239-26 (MFM) (3 passes) - ANSWERThis is a three-pass
overwriting algorithm that verifies in the last pass
(American) NAVSO P-5239-26 (RLL) (3 passes) - ANSWERThis is a three-pass
overwriting algorithm that verifies in the last pass
001451548 in "89 44 245252 00145158" - ANSWERAccount Identification Number
245252 in "89 44 245252 00145158" - ANSWERIssuer Identifier Number
44 in "89 44 245252 00145158" - ANSWERCountry Code
89 in "89 44 245252 00145158" - ANSWERIndustry Identifier prefix (89 for
telecommunications)
A BMP bitmap - ANSWERfile always has 42 4D
A JPEG - ANSWER· stream contains a sequence of data chunks. Every chunk starts
with a marker value, with each marker having a 16-bit integer value, and it is stored
in the big-endian byte format. The most significant bit of the marker is set to 0xff. The
lower byte of the marker determines the type of marker. JPEG files allow a
compression ratio of 90%, which is one-tenth the size of the data
Abuse of Cloud Services - ANSWER· Attackers create anonymous access to cloud
services and perpetrate various attacks such as password and key cracking, building
rainbow tables, CAPTCHA-solving farms, launching dynamic attack points, hosting
,exploits on cloud platforms, as well as malicious data, botnet command, or control
and distributed denial-of-service (DDoS) attacks. The presence of weak registration
systems in the cloud-computing environment gives rise to this threat
Acquiring Thunderbird Local Email Files via MailPro+ - ANSWERAs a forensic
investigator, you can use tools such as SysTools MailPro+ to acquire local email file
data as stored by Thunderbird. They can select one or more mbox files or specific
local email folders for forensic acquisition and analysis.
Acronis Disk Director Suite - ANSWERpartition recovery tool used to recover lost or
deleted data. This tool explores partition data before performing partitioning
operations. It recovers volumes that were accidentally deleted or damaged due to a
hardware failure.
Active@ File Recovery - ANSWERa CD/DVD ISO image that allows one to burn a
bootable CD or DVD with a lightweight version of Windows 7 running in RAM
(WinPE 3.0). It can recover data in case the system is not bootable and cannot
attach the damaged hard disk drive to another machine.
Amazon CloudWatch - ANSWER· provides a platform for AWS customers to store
and monitor their system and application log data in a centralized location and
analyze them by performing search queries. CloudWatch log analysis helps in
determining the origin of a problem and troubleshooting the system or application-
specific errors.
Anti-forensics - ANSWERset of techniques that attackers or
perpetrators use in order to avert or sidetrack the forensic investigation process or
try to make it much harder. These techniques negatively affect the quantity and
quality of evidence from a crime scene, thereby making the forensic investigation
process difficult.
Therefore, the investigator might have to perform additional steps in order to fetch
the data, thereby causing a delay in the investigation process.
Goals of anti-forensics are listed below: ▪ Interrupt and prevent information collection
▪ Make the investigator's task of finding evidence difficult ▪ Hide traces of crime or
illegal activity ▪ Compromise the accuracy of a forensics report or testimony ▪ Delete
evidence that an anti-forensics tool has been run
Apache access log - ANSWERIt generally records all the requests processed by the
Apache web server
Apache Error Log - ANSWERIt contains diagnostic information and errors that the
server faced while processing requests
Apache Log Types Apache server generates how many logs - ANSWERTwo types
of logs Access log, and Error Log
, ARP Poisoning Attack - ANSWERIn an ARP poisoning attack, an attacker changes
their own MAC address to that of the target system to cause all the packets to be
redirected toward his/her machine.
ASCLD/LAB accreditation ISO/IEC 17025 accreditation - ANSWERForensic lab
licensing
AWS CloudTrail CloudTrail - ANSWER· provides the AWS API call history for AWS
accounts, including calls made via the AWS Management Console or Command
Line tools, AWS Software Development Kits, and other AWS services. It is enabled
by default when someone makes an AWS account. CloudTrail log analysis helps
investigators in easily tracking the changes made to AWS resources and performing
security analysis.
BagMRU key - ANSWER· Information related to folders that were most recently
accessed by the user is stored in the BagMRU key and its subkeys. These subkeys
are structured in a hierarchical format. Each of them stores the names of the folders
in the file system and records the folder paths.
Benefits of web application firewall - ANSWER· ▪ WAF implementation secures
existing and productive web applications. ▪ WAFs act as a reverse proxy between
the client and web server and inspect every HTTP request for common web attacks.
·▪ WAF comes with real-time alerting and extensive logging capabilities ▪ WAF also
provides cookies protection with encryption and signature methodology ▪ WAF can
detect data validation issues by performing an in-depth testing of characters,
character lengths, the range of a value, etc
Broken Access Control - ANSWERThis is a method in which an attacker identifies a
flaw in access-control policies and exploits it to bypass the authentication
mechanism. This enables the attacker to gain access to sensitive data, modify
access rights, or operate accounts of other users. This is a part of 2017 OWASP top
10 security vulnerabilities.
Buffer Overflow - ANSWERa certain data storage capacity. If the data count exceeds
the original
capacity of a buffer, then buffer overflow occurs. To maintain finite data, it is
necessary to develop buffers that can direct additional information when they need.
The extra information may overflow into neighboring buffers, destroying or
overwriting legitimate data.
Civil cases - ANSWERdisputes between two parties, such as an individual versus a
company; an individual versus another individual; a company versus another; or in
some countries, a government regulatory agency versus an individual (or a
company). They pertain to the violation of contracts and involve lawsuits, where a
verdict generally results in monetary damages to the plaintiff. Criminal cases pertain
to crimes that are considered harmful to society and involve action by law
enforcement agencies against a company, individual, or group of individuals in
response to a suspected violation of the law. A guilty outcome may result in
monetary damages, imprisonment, or both.
ANSWERS(RATED A+)
· Drive:\RECYCLER\ - ANSWERRecycle Bin Storage On Windows 2000, NT, and
XP it is located in
(German) VSITR (7 passes) - ANSWERThis method overwrites in 6 passes with
alternate sequences of 0x00 and 0xFF, and with 00xAA in the last (7th) pass
/var/log/cups/error_log - ANSWERPrinter connection information
~/Library/Logs - ANSWERApplication logs specific to Home directory
~/Library/Logs/Sync - ANSWERInformation of devices on .Mac syncing
(American) DoD 5220.22-M (7 passes) - ANSWERThis standard destroys the data
on the drive's required area by overwriting with 010101 in the first pass, 101010 in
the second pass and repeating this process thrice. This method then overwrites that
area with random characters which is the 7th pass.
(American) NAVSO P-5239-26 (MFM) (3 passes) - ANSWERThis is a three-pass
overwriting algorithm that verifies in the last pass
(American) NAVSO P-5239-26 (RLL) (3 passes) - ANSWERThis is a three-pass
overwriting algorithm that verifies in the last pass
001451548 in "89 44 245252 00145158" - ANSWERAccount Identification Number
245252 in "89 44 245252 00145158" - ANSWERIssuer Identifier Number
44 in "89 44 245252 00145158" - ANSWERCountry Code
89 in "89 44 245252 00145158" - ANSWERIndustry Identifier prefix (89 for
telecommunications)
A BMP bitmap - ANSWERfile always has 42 4D
A JPEG - ANSWER· stream contains a sequence of data chunks. Every chunk starts
with a marker value, with each marker having a 16-bit integer value, and it is stored
in the big-endian byte format. The most significant bit of the marker is set to 0xff. The
lower byte of the marker determines the type of marker. JPEG files allow a
compression ratio of 90%, which is one-tenth the size of the data
Abuse of Cloud Services - ANSWER· Attackers create anonymous access to cloud
services and perpetrate various attacks such as password and key cracking, building
rainbow tables, CAPTCHA-solving farms, launching dynamic attack points, hosting
,exploits on cloud platforms, as well as malicious data, botnet command, or control
and distributed denial-of-service (DDoS) attacks. The presence of weak registration
systems in the cloud-computing environment gives rise to this threat
Acquiring Thunderbird Local Email Files via MailPro+ - ANSWERAs a forensic
investigator, you can use tools such as SysTools MailPro+ to acquire local email file
data as stored by Thunderbird. They can select one or more mbox files or specific
local email folders for forensic acquisition and analysis.
Acronis Disk Director Suite - ANSWERpartition recovery tool used to recover lost or
deleted data. This tool explores partition data before performing partitioning
operations. It recovers volumes that were accidentally deleted or damaged due to a
hardware failure.
Active@ File Recovery - ANSWERa CD/DVD ISO image that allows one to burn a
bootable CD or DVD with a lightweight version of Windows 7 running in RAM
(WinPE 3.0). It can recover data in case the system is not bootable and cannot
attach the damaged hard disk drive to another machine.
Amazon CloudWatch - ANSWER· provides a platform for AWS customers to store
and monitor their system and application log data in a centralized location and
analyze them by performing search queries. CloudWatch log analysis helps in
determining the origin of a problem and troubleshooting the system or application-
specific errors.
Anti-forensics - ANSWERset of techniques that attackers or
perpetrators use in order to avert or sidetrack the forensic investigation process or
try to make it much harder. These techniques negatively affect the quantity and
quality of evidence from a crime scene, thereby making the forensic investigation
process difficult.
Therefore, the investigator might have to perform additional steps in order to fetch
the data, thereby causing a delay in the investigation process.
Goals of anti-forensics are listed below: ▪ Interrupt and prevent information collection
▪ Make the investigator's task of finding evidence difficult ▪ Hide traces of crime or
illegal activity ▪ Compromise the accuracy of a forensics report or testimony ▪ Delete
evidence that an anti-forensics tool has been run
Apache access log - ANSWERIt generally records all the requests processed by the
Apache web server
Apache Error Log - ANSWERIt contains diagnostic information and errors that the
server faced while processing requests
Apache Log Types Apache server generates how many logs - ANSWERTwo types
of logs Access log, and Error Log
, ARP Poisoning Attack - ANSWERIn an ARP poisoning attack, an attacker changes
their own MAC address to that of the target system to cause all the packets to be
redirected toward his/her machine.
ASCLD/LAB accreditation ISO/IEC 17025 accreditation - ANSWERForensic lab
licensing
AWS CloudTrail CloudTrail - ANSWER· provides the AWS API call history for AWS
accounts, including calls made via the AWS Management Console or Command
Line tools, AWS Software Development Kits, and other AWS services. It is enabled
by default when someone makes an AWS account. CloudTrail log analysis helps
investigators in easily tracking the changes made to AWS resources and performing
security analysis.
BagMRU key - ANSWER· Information related to folders that were most recently
accessed by the user is stored in the BagMRU key and its subkeys. These subkeys
are structured in a hierarchical format. Each of them stores the names of the folders
in the file system and records the folder paths.
Benefits of web application firewall - ANSWER· ▪ WAF implementation secures
existing and productive web applications. ▪ WAFs act as a reverse proxy between
the client and web server and inspect every HTTP request for common web attacks.
·▪ WAF comes with real-time alerting and extensive logging capabilities ▪ WAF also
provides cookies protection with encryption and signature methodology ▪ WAF can
detect data validation issues by performing an in-depth testing of characters,
character lengths, the range of a value, etc
Broken Access Control - ANSWERThis is a method in which an attacker identifies a
flaw in access-control policies and exploits it to bypass the authentication
mechanism. This enables the attacker to gain access to sensitive data, modify
access rights, or operate accounts of other users. This is a part of 2017 OWASP top
10 security vulnerabilities.
Buffer Overflow - ANSWERa certain data storage capacity. If the data count exceeds
the original
capacity of a buffer, then buffer overflow occurs. To maintain finite data, it is
necessary to develop buffers that can direct additional information when they need.
The extra information may overflow into neighboring buffers, destroying or
overwriting legitimate data.
Civil cases - ANSWERdisputes between two parties, such as an individual versus a
company; an individual versus another individual; a company versus another; or in
some countries, a government regulatory agency versus an individual (or a
company). They pertain to the violation of contracts and involve lawsuits, where a
verdict generally results in monetary damages to the plaintiff. Criminal cases pertain
to crimes that are considered harmful to society and involve action by law
enforcement agencies against a company, individual, or group of individuals in
response to a suspected violation of the law. A guilty outcome may result in
monetary damages, imprisonment, or both.
