Digital Forensics: Gathering Evidence for Cybersecurity Investigations, Exams of Cybercrime, Cybersecurity and Data Privacy

Download Digital Forensics: Gathering Evidence for Cybersecurity Investigations and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity! C840: Digital Forensics in Cybersecurity Pre- Assessment. The chief information officer of an accounting firm believes sensitive data is being exposed on the local network. Which tool should the IT staff use to gather digital evidence about this security vulnerability? - Correct answer Sniffer A police detective investigating a threat traces the source to a house. The couple at the house shows the detective the only computer the family owns, which is in their son's bedroom. The couple states that their son is presently in class at a local middle school. How should the detective legally gain access to the computer? - Correct answer Obtain consent to search from the parents How should a forensic scientist obtain the network configuration from a Windows PC before seizing it from a crime scene? - Correct answer By using the ipconfig command from a command prompt on the computer The human resources manager of a small accounting firm believes he may have been a victim of a phishing scam. The manager clicked on a link in an email message that asked him to verify the logon credentials for the firm's online bank account. Which digital evidence should a forensic investigator collect to investigate this incident? - Correct answer Browser cache After a company's single-purpose, dedicated messaging server is hacked by a cybercriminal, a forensics expert is hired to investigate the crime and collect evidence. Which digital evidence should be collected? - Correct answer Firewall logs Thomas received an email stating that he needed to follow a link and verify his bank account information to ensure it was secure. Shortly after following the instructions, Thomas noticed money was missing from his account. Which digital evidence should be considered to determine how Thomas' account information was compromised? - Correct answer Email messages The chief executive officer (CEO) of a small computer company has identified a potential hacking attack from an outside competitor. Which type of evidence should a forensics investigator use to identify the source of the hack? - Correct answer Network transaction logs A forensic scientist arrives at a crime scene to begin collecting evidence. What is the first thing the forensic scientist should do? - Correct answer Photograph all evidence in its original place Which method of copying digital evidence ensures proper evidence collection? - Correct answer Make the copy at the bit-level A computer involved in a crime is infected with malware. The computer is on and connected to the company's network. The forensic investigator arrives at the scene. Which action should be the investigator's first step? - Correct answer Unplug the computer's Ethernet cable What are the three basic tasks that a systems forensic specialist must keep in mind when handling evidence during a cybercrime investigation? - Correct answer Find evidence, Preserve evidence, and Prepare evidence How do forensic specialists show that digital evidence was handled in a protected, secure manner during the process of collecting and analyzing the evidence? - Correct answer Chain of custody Which characteristic applies to magnetic drives compared to solid-state drives (SSDs)? - Correct answer Lower cost A criminal organization has compromised a third-party web server and is using it to control a botnet. The botnet server hides command and control messages through the DNS protocol. Which steganographic component are the command and control messages? - Correct answer Payload Which method is commonly used to hide data via steganography? - Correct answer LSB A system administrator believes an employee is leaking information to a competitor by hiding confidential data in images being attached to outgoing emails. The administrator has captured the outgoing emails. Which tool should the forensic investigator use to search for the hidden data in the images? - Correct answer Forensic Toolkit (FTK) A foreign government is communicating with its agents in the U.S. by hiding text messages in popular American songs, which are uploaded to the web. Which steganographic tool can be used to do this? - Correct answer MP3Stego During a cyber-forensics investigation, a USB drive was found that contained multiple pictures of the same flower. How should an investigator use properties of a file to detect steganography? - Correct answer Review the hexadecimal code looking for anomalies in the file headers and endings using a tool such as EnCase Where are local passwords stored for the Windows operating system? - Correct answer SAM file in \Windows\System32\ Where on a Windows system is the config folder located that contains the SAM file? - Correct answer C:\Windows\System32 A forensic examiner wants to try to extract passwords for wireless networks to which a system was connected. Where should passwords for wireless networks be stored on a Windows XP system? - Correct answer Registry Which Windows password cracking tool uses rainbow tables? - Correct answer Ophcrack How does a rainbow table work to crack a password? - Correct answer It uses a table of all possible keyboard combinations and their hash values, then searches for a match. What should a forensic investigator use to gather the most reliable routing information for tracking an email message? - Correct answer Email header Which activity involves email tracing? - Correct answer Determining the ownership of the source email server A forensic examiner reviews a laptop running OS X which has been compromised. The examiner wants to know if there were any mounted volumes created from USB drives. Which digital evidence should be reviewed? - Correct answer /var/log Which log or folder contains information about printed documents on a computer running Mac OS X? - Correct answer /var/spool/cups Which Windows event log should be checked for evidence of invalid logon attempts? - Correct answer Security A cyber security organization has issued a warning about a cybercriminal who is using a known vulnerability to attack unpatched corporate Macintosh systems. A network administrator decides to examine the software updates logs on a Macintosh system to ensure the system has been patched. Which folder contains the software updates logs? - Correct answer /Library/Receipts A forensic investigator wants to image an older BlackBerry smartphone running OS 7.0. Which tool should the investigator use? - Correct answer BlackBerry Desktop Manager An investigator wants to extract information from a mobile device by connecting it to a computer. What should the investigator take great care to ensure? - Correct answer That the mobile device does not synchronize with the computer Which state is a device in if it is powered on, performing tasks, and able to be manipulated by the user? - Correct answer Active