Varsha

T2 2021: ICT741 Digital Forensics

Tutorial 7

Questions and Projects are prepared from Cengage Learning Resource ‘Guide to Computer Forensics and Investigations’. Nelson, B, Phillips, A. &
Steuart, C 2018, Sixth Edition, Cengage Learning US. Mason. OH

ICT741 Tutorial 7 Compiled by: Dr Saeid Iranmanesh Date: 5 July 2021

 Review Questions

1. Explain Virtual Machine Extensions (VMX) are part of which

technology?
Intel virtualized technology
2. You can expect to find a type 2 hypervisor on what type of device?
Laptop, desktop, tablet
3. Which of the file extensions are associated with VMware virtual
machines?
vmdk, vmsd, vmx, nvram
4. In VirtualBox, a(n) .vbox file contains settings for virtual hard drives.
5. The number of VMs that can be supported per host by a type 1 hypervisor
is generally determined by the amount of RAM and Storage.
6. A forensic image of a VM includes all snapshots. True or False?
False
7. Which Registry key contains associations for file extensions?
hkey_classes_root
8. How do you know that a virtual machine has been installed on a host
system?
9. To find network adapters, you use the ipconfig command in Windows and
the ifconfig command in Linux.
10. What are the three modes of protection in the DiD strategy?
People, technology, operations
11. A layered network defense strategy puts the most valuable data
where?
Innermost part of the network
12. Tcpslice can be used to retrieve specific timeframes of packet captures.
True or False?
True
13. Packet analyzers examine what layers of the OSI model?
Layer 2 and 3
14. When do zero-day attacks occur?
Before patch is available

Questions and Projects are prepared from Cengage Learning Resource ‘Guide to Computer Forensics and Investigations’. Nelson, B, Phillips, A. &
Steuart, C 2018, Sixth Edition, Cengage Learning US. Mason. OH

ICT741 Tutorial 7 Compiled by: Dr Saeid Iranmanesh Date: 5 July 2021

Questions and Projects are prepared from Cengage Learning Resource ‘Guide to Computer Forensics and Investigations’. Nelson, B, Phillips, A. &
Steuart, C 2018, Sixth Edition, Cengage Learning US. Mason. OH

ICT741 Tutorial 7 Compiled by: Dr Saeid Iranmanesh Date: 5 July 2021

 Quick Quiz 1
1. A type 2 hypervisor rests on top of an existing OS, such as Windows, Linux, or Mac
OS.

2. True or False: Instruction sets called Virtual Machine Extensions (VMX) are
necessary to use virtualization; without these instruction sets, virtualization
software doesn’t work.
True

3. By linking a VM’s IP address to log files, you might be able to determine what Web
sites the VM accessed.

4. Live acquisitions of VMs are necessary because they include all snapshots.

5. Which hypervisor type can be installed directly on hardware and is limited only
by the amount of available RAM, storage, and throughput?
Type 1 hypervisor

Quick Quiz 2

1. The amount of time that a long a piece of information lasts on a system is known as
order of volatility (OOV).

2. Network forensics is the process of collecting and analyzing raw network data and
systematically tracking network traffic to ascertain how an attack was carried out or
how an event occurred on a network.

3. True or False: Testing networks is not as important as testing servers.

False

4. Packet Analysers are devices and/or software placed on a network to monitor traffic.

5. A(n) Honeypot is a computer set up to look like any other machine on your network;
its purpose is to lure attackers to your network, but the computer contains no
information of real value.

6. Honey walls are computers set up to monitor what’s happening to honeypots on your
network and record what attackers are doing.

Questions and Projects are prepared from Cengage Learning Resource ‘Guide to Computer Forensics and Investigations’. Nelson, B, Phillips, A. &
Steuart, C 2018, Sixth Edition, Cengage Learning US. Mason. OH

ICT741 Tutorial 7 Compiled by: Dr Saeid Iranmanesh Date: 5 July 2021