- (Exam Topic 3)
Gill is a computer forensics investigator who has been called upon to examine a seized computer. This computer, according to the police, was used by a hacker who gained access to numerous banking institutions to steal customer information. After preliminary investigations, Gill finds in the computer’s log files that the hacker was able to gain access to these banks through the use of Trojan horses. The hacker then used these Trojan horses to obtain remote access to the companies’ domain controllers. From this point, Gill found that the hacker pulled off the SAM files from the domain controllers to then attempt and crack network passwords. What is the most likely password cracking technique used by this hacker to break the user passwords from the SAM files?
Correct Answer:
D
- (Exam Topic 2)
Which of the following Registry components include offsets to other cells as well as the LastWrite time for the key?
Correct Answer:
C
- (Exam Topic 3)
While collecting Active Transaction Logs using SQL Server Management Studio, the query Select * from
::fn_dblog(NULL, NULL) displays the active portion of the transaction log file. Here, assigning NULL values implies?
Correct Answer:
B
- (Exam Topic 1)
When conducting computer forensic analysis, you must guard against _______ So that you remain focused on the primary job and insure that the level of work does not increase beyond what was originally expected.
Correct Answer:
B
- (Exam Topic 1)
Which is a standard procedure to perform during all computer forensics investigations?
Correct Answer:
A
