Question

For computer forensics, ______ is the task of collecting digital evidence from
electronic media.
If the computer has an encrypted drive, a _________ acquisition is done if the
password or passphrase is available.

The most common and flexible data - acquisition method is ______ .

When analyzing digital evidence, your job is to ____________.

You can use ______ to boot to windows without writing any data to the evidence
disk.
To begin conducting an investigation, you start by ______ the evidence using a
variety of methods.

ODD stands for _______

CSIRT Stands for _______

Four common steps for forensic investigation are ______________

________ is hiding of data, where we can hide images, text, and other messages
within images, videos, music or recording files.

___________ is needed in order to prevent the interception of data and if in some

case, data gets intercepted it should become unreadable for the interceptors or
intruders.

________ can image the hard disk in a single file for files in multiple sections, that
can be later joined to get a reconstructed image.

A bit-stream image is also known as a(n) ______.

A ______ is a computer set up to look like any other machine on your network, but
it lures the attacker to it.
_______ Can help you determine whether a network is truly under attack or a use
has inadvertently installed an untested patch or custom program.
______Forensics is the systematic tracking of incoming and outgoing traffic on your
network.

A common way of examining network traffic is by running the ________program.

The ______digital network divides a radio frequency into time slots.

Recovering and analyzing digital evidence from network resources_______.

____ is a forensics software tool containing a built-in write blocker.

The FBI ____ was formed in 1984 to handle the increasing number of cases
involving digital evidence.
____ involves recovering information from a computer that was deleted by mistake
or lost during a power surge or server crash, for example.
____ from Technology Pathways is a forensics data analysis tool. You can use it to
acquire and analyze data from several different file systems
To conduct your investigation and analysis, you must have a specially configured
personal computer (PC) known as a ____.
EnCase Enterprise is set up with an Examiner workstation and a Secure
Authentication for EnCase (____) workstation
The ____ command, works similarly to the dd command but has many features
designed for computer forensics acquisitions.
Software forensics tools are commonly used to copy data from a suspect's disk drive
to a(n) ____.
Raw data is a direct copy of a disk drive. An example of a Raw image is output from
the UNIX/Linux ____ command.

____ of data involves sorting and searching through all investigation data.
____ can be software or hardware and are used to protect evidence disks by
preventing you from writing any data to the evidence disk.

____ is a suite of tools created by Sysinternals.

___ are computers set up to monitor what’s happening to honeypots on your
network and record what attackers are doing.

____ is a Sysinternals command that shows all Registry data in real time on a
Windows computer.

__________is the process of collecting and analyzing raw network data and
systematically tracking network trafic to ascertain how an attack was carried out or
how an event occurred on a network

The PSTools ____ kills processes by name or process ID

____ are devices and/or software placed on a network to monitor traffic.
One way to compare your results and verify your new forensic tool is by using a
____, such as HexWorkshop, or WinHex.

______ is used to capture and analyze network traffic.

You begin any computer forensics case by creating a(n) ________

In ______ phase of forensic investigation the phase data and evidences related to the i
The major goal of network forensics is _____________.

DiD stands for _________________________.

IDS stands for __________________.

which is the common method to examine the network traffic?

_________ is a collection of free tools for examining Windows products.

___________ used to examine e-mail headers or IRC logs.

AFF stands for ____________

_____ gets propagated through networks and technologies like SMS, Bluetooth
wireless medium, USBs and infrared to affect mobile phones.

_____ is the protection of smart-phones, phablets, tablets, and other portable tech-de

Activate____When youre required it to use otherwise turn it off for security

DNS stands for _____.

______ types of cyber attacks involve the attacker hijacking your unique session ID
number.

Full form of DDoS attack is _______.

E-mail programs save messages on the ____ or leave them on the server.

Determining message origin is referred to as _____.

E-mail administrator can disable logging or use circular logging also called ______.
The mail log file also contains information about____.

To examine emails we use_____ software tool.

To reconstruct past internet activties we used _____ software tool.

The purpose of an ____ is to detect attacks from both outside and inside an
organization.
The process of collecting and analyzing raw network data and tracking network
traffic systematically is called _____.

______ are devices or software placed on a network to monitor traffic.

In a real-time environment to open saved trace files from packet captures ___can be
used.
The ___ projects was developed to make information widely available in an attempt
to thwart Internet and network attackers.

In _____ attacks, hundreds or even thousands of machines can be used.

In DDoS attacks, hundreds or even thousands of machines can be used. These
machines are known as ________.
Attackers look for holes in networks and OSs and exploit these weaknesses before
patches are available are called ______ .
The Honeynet Project involves installing honeypots and _____at different locations
in the world.
A ___ is a computer set up to look like any other machine on your network; its
purpose is to lure attackers to your network, but it contains no information of real
value.
_____ are computers set up to monitor what’s happening to honeypots on your
network and record what attackers are doing.
_________ includes sending, posting, or sharing negative, harmful, false, or mean
content about someone else on social media.
_______ is a form of blogging that allows users to post very brief, simple text
updates.

Yahoo! Messenger sometimes abbreviated ________.

Yahoo! Messenger was an _______ and associated protocol provided by Yahoo.

The ______ is the client's underlying network protocol .

________ networks serve as a platform for publishing online content in a way that
facilitates discovery, commenting and sharing.

The mapping of a local IP address to a public IP address is done by using ________.

A technique for sending requests through a set of intermediate endpoints is called
________.
A file on a web server that enables the execution of programs on that server is
referred to as a ________.

_______ tool is used to listen for packets arriving at a network interface.

Packets arrives at network interface is stored in ______ format.

_________ forensics tools can recover deleted Outlook and Outlook Express
messages.

Which of the following is not a Type of content on a social media?

______ is a popular microblogging site.

________ sites are set up so people can collect links to
pages they like online and share them with their friends.

A ______ is a small text file that is deposited on a user’s computer by a web server.

The _____ records information as the e-mail travels from the sender to the receiver.
________ is a type of online chat program which offers real time text as well as
audio video and image files transmission over the internet.
______ can be used to alias a hostname to another hostname.
Attorneys can now submit documents electronically in many courts; the standard
format in federal courts is ____
_______provide additional resource material not included in the body of the report.
Typically, report writers use one of two numbering systems: decimal numbering or
____ numbering.
____ is a written list of objections to certain testimony or exhibits.
Regarding a trial, the term ____ means rejecting potential jurors.
Environmental and ____ issues are your primary concerns when you're working at
the scene to gather information about an incident or a crime.

Certain files, such as the ____ and Security log in Windows XP, might lose essential
network activity records if the power is terminated without a proper shutdown.

Real-time surveillance requires ____ data transmissions between a suspect's

computer and a network server.
____ involves recovering information from a computer that was deleted by mistake
or lost during a power surge or server crash, for example.
____ involves preventing data loss by using backups, uninterruptible power supply
(UPS) devices, and off-site monitoring.
The ____ group manages investigations and conducts forensic analysis of systems
suspected of containing evidence related to an incident or a crime.
In general, a criminal case follows three stages: the complaint, the investigation, and
the ____.
Based on the incident or crime, the complainant makes a(n) ____, an accusation or
supposition of fact that a crime has been committed.
In a criminal or public case, if you have enough information to support a search
warrant, the prosecuting attorney might direct you to submit a(n) ____.
It's the investigator's responsibility to write the affidavit, which must include ____
(evidence) that support the allegation to justify the warrant.
The affidavit must be ____ under sworn oath to verify that the information in the
affidavit is true.
Without a warning banner, employees might have an assumed ____ when using a
company's computer systems and network accesses.

In addition to warning banners that state a company's rights of computer ownership,

businesses should specify a(n) ____ who has the power to conduct investigations.

Most computer investigations in the private sector involve ____.

In cyber law terminology ‘DoS’ means_________

Programs that multiply like viruses but spread from computer to computer are calle
Act of attempting to acquire information such as usernames, passwords, and credit
card details by masquerading as a trustworthy entity is called__________
The practice of making a transmission appears to come from an authorized user____
Which section of IT Act covers most of the common crimes arising out of
“Unauthorised Access”

Section 66C of IT Act deals with________

Information Technology Amendment Act form in year______
Punishment for sending offensive massages through communication service are
belong_______
Digital Signature Certificate is requirement under various applications
The legal process leading to a trial with the purpose of proving criminal or civil liabil
A person whose testimony is based on personal observation; not considered to be an
expert in a particular field.
Destroying or concealing evidence; this action is subject to sanctions

As a standard practice,___________ you used in designated file folders or evidence c

 CorrectOp
Option 1 Option 2 Option 3 Option 4 tion
Lossless
Hashing Data acquisition Lossy Compression compression Option2

Passive Static Live Local Option3

Disk-to -network
Disk - to - disk copy copy Disk-to-image file copy Sparse data copy Option3

Recover the data Destroy the data Copy the data Load the data Option1
A windows bootup
A SCSI boot up disk disk A writer-blocker Windows XP Option3

Copying Analyzing Opening Reading Option1

Open Data Online Data
Optical Disc Drive Optical Disk Driver
Duplicator Delivery Option1

Computer Security Computer Security Computer Security

Computer Security
Incident Response Incident Response Incident Request
Internet Response Team
Team Task Team
Option1
Examination,Acquisit Examination,Collect
Examination,Analysis,Ac Examination,Analysi
ion,Testing,Documen ion,Analysis,Reporti
quisition,Documentation s,Reporting,Testing
tation ng Option2

Cryptography Tomography Steganography Chorography

Option3

Cryptography Steganography Data compression Chorography

Option1

EnCase Bulk Extractor FTK imager ExifTool

Option3

Backup copy Forensic copy Custody copy Evidence copy Option2

Honeywall Honeypot Honeynet Honeyhost Option2

Broadcast Forensics Computer Forensics Network Foresics Traffic Forensics Option3

Network Computer Criminal Server Option1

Netdump Slackdump Coredump Tcpdump Option4

 TDMA FDMA CDMA EDGE Option1

TCP port scan Protocol analysis Web proxies Network Forensics Option4

GSMCon Department
MOBILedit!of SIMedit 3GPim Option2
Defense Computer Computer Analysis
Federal Rules of Forensics and Response Team
Evidence (FRE) Laboratory (DCFL) DIBS (CART) Option4

Data recovery Network forensics Computer forensics Disaster recovery Option1

Guidance EnCase NTI SafeBack DataArrest SnapCopy ProDiscover Basic Option4

recovery
mobile workstation forensic workstation forensic lab workstation Option2

ILook SAFE Incident Response Investigator Option2

raw bitcopy dcfldd man Option3

backup file firmware image file recovery copy Option3

rawcp dd d2dump dhex Option2

Validation Discrimination Acquisition Reconstruction Option2

Drive-imaging Disk editors Workstations Write-blockers Option4

EnCase PsTools R-Tools Knoppix Option2

Honeywall Honeypot Honeynet Honeyhost Option1

PsReg RegExplorer RegMon RegHandle Option3

Data recovery Network forensics Computer forensics Disaster recovery Option2

PsExec PsList PsKill PsShutdown Option3

 Packet sniffers Bridges Hubs Honeypots Option1

disk imager write-blocker bit-stream copier disk editor Option4

Xplico FireEye RedLine SANS SIFT Wireshark
Option4
investigation plan risk assessment report evidence custody form investigation report
Option1
Analysis Reporting Collection Examination
Option3
investigative analysis collect evidence. preserve evidence data hiding
Option2
Digital Information Development In
Data Interface Definition Defense In Depth
Display Depth
Option4
Intrusion Detection Investigation Internet Detection
Interface Digital System
System Detection System Service Option1
Interface digital Internet Detection
IDS's TCPdump program
system Service Option3
Sysinternals sniffers PsList PsSuspend
Option1
PsGetSid PsExec Ngrep PsList
Option3
Advanced Forensics Access Forensics Additional Forensics Access Forensics
Format Format Format Form Option1
Worms Antivirus Malware Multimedia files
Option3
OS security Database security Cloud security Mobile security
Option4
Flash light App update Bluetooth Rotation
Option3
Domain name Domain name
Domain name server system Domain name service standard Option2
Man-in-the-Middle
Attacks Malware DDoS Zero day attack Option1

Daniel of server Daniel of system Daniel of service Daniel of source Option3

Storage media Client computer Attackers computer Network Option2

Tracking Spying Tracing Decrypting Option3

Log sharing Log rotation Log list Log flip Option2

POP2 and IMAP4 POP3 and IMAP6 POP2 and IMAP6 POP3 and IMAP4 Option4
Access data ftk Access data ftk
imager toolkit Encase imager Sysinternals suite Option2
Browser history Network resource
examiner analyser Network support manager Backup supporter Option1
Intrusion Detection Internet Detection Intranet Detection System Interface Detection
System (IDS) System (IDS) (IDS) System (IDS) Option4
Network/internet
forensic Email forensic Mobile forensic Social media forensic Option1

Packet decryptor Packet bomb Packet responser Packet analyzers Option4

Wireshark Tcp Ip Udp Option1

Honeypot Honeywalls Honeynet Honeypet Option3

DDoM DDiD DDoP DDoS Option4

Wampire Zombies Warewolf Ghost Option2

DDoS attacks Zombie attacks zero day attacks. One day attacks Option3

Honeywalls Honeydet Honeypet Honeyhalls Option1

Honeypot Honeynet Honeywalls Honeypet Option1

Honeypot Honeynet Honeywalls Honeypet Option3

Cyberbullying Cybercrime Cybersharing Cyber forensics Option1

Micro-blogging Macro-blogging Mini-blogging Mass-blogging Option1

YIM YiM
Advertisement- Y!M YLM Option3
supported social
Advisory-supported instant
mediamessaging
client clientAdvertisement-supported interface
Advertisement-supported
client Option4
instant messaging cl
Facebook messenger Yahoo messenger Instagram messenger
client client Twitter messenger client client Option2

Online sharing Website Blogging/publishing Www Option3

Onion Routing NAT AS BGP Option2

Onion Routing NAT AS BGP Option1

 Onion Routing NAT webshell BGP Option3

tcpdump pcap ping who Option1

tcpdump pcap ping who Option2

AccessData FTK Wireshark Browser forensic tool sysinternal tool Option1

Post comment excel file photos Option3

Facebook Instagram Tumblr yahoo Option3

microblogging social bookmarking social gaming Apps Option2

comment cookie photos email Option2

header body image file Option1

Instant Messaging(IM)email Facebook Twitter Option1

A record NS Record CNAME record MS Record Option3
Portable Document Microsoft Word Encapsulated Postscript
Postscript (PS)
Format (PDF) (DOC) (EPS) Option1
Conclusion References Discussion Appendixes Option4

legal-sequential roman-sequential arabic-sequential letter-sequential Option1

Defendant Empanelling the jury Plaintiff Motion in limine Option4
voir dire rebuttal strikes venireman Option3

Legal Safety Corporate Physical Option2

Password log Word log Io.sys Event log Option4

Poisoning Sniffing Blocking Preventing Option2

Data recovery Network forensics Computer forensics Disaster recovery Option1

Computer forensics Data recovery Disaster recovery Network forensics Option3

Network intrusion detection

Computer investigations Incident response Litigation Option2

Litigation Allegation Blotter Prosecution Option4

 Litigation Allegation Blotter Prosecution Option2

Blotter Exhibit report Litigation report Affidavit Option4

Litigation Prosecution Exhibits Reports Option3

Notarized Examined Recorded Challenged Option1

Line of authority Right of privacy Line of privacy Line of right Option2

Authorized requester Authority of line Line of right Authority of right Option1

Misuse of
E-mail abuse computing assets Internet abuse VPN abuse Option2
Disc operating
Distant operator Service
Denial of Service System Distribution of system Option1
Worms Virus Boot trojan Option1
email bombing Spamming Cyber stalking Phishing
Option4
Hacking Spoofing Spamming spamdexing Option2
Section 66 Section 67 Section 73 Section 74
Option1
Punishment for Identity
Cyber stalking Email bombing
Theft Unauthorised Access Option3
2000 2001 2008 2009 Option3

66A 65 66B 66F Option1

Statutory Legislative Govenmental Voluntary Option1
Litigation Allegation Blotter Prosecution Option1

lay witness Complainant End user Investigator Option1

expert Spoliation lay witness deposition Option2
chain of custody of successful output
get too little or too much
collect evidence and evidence supports information
when running
record the tools the integrity analysis Option1