While looking through the IIS log file of a web server, you find the following entries What is evident from this log file?

A.

Web bugs

B.

Cross site scripting

C.

Hidden fields

D.

SQL injection is possible

Which of the following data structures stores attributes of a process, as well as pointers to other attributes and data structures?

A.

Lsproc

B.

DumpChk

C.

RegEdit

D.

EProcess

What file is processed at the end of a Windows XP boot to initialize the logon dialog box?

A.

NTOSKRNL.EXE

B.

NTLDR

C.

LSASS.EXE

D.

NTDETECT.COM

The following is a log file screenshot from a default installation of IIS 6.0. 

What time standard is used by IIS as seen in the screenshot?

A.

UTC

B.

GMT

C.

TAI

D.

UT

The investigator wants to examine changes made to the system’s registry by the suspect program. Which of the following tool can help the investigator?

A.

TRIPWIRE

B.

RAM Capturer

C.

Regshot

D.

What’s Running

Data is striped at a byte level across multiple drives, and parity information is distributed among all member drives.

What RAID level is represented here?

A.

RAID Level 0

B.

RAID Level 5

C.

RAID Level 3

D.

RAID Level 1

Which US law does the interstate or international transportation and receiving of child pornography fall under?

A.

§18. U.S.C. 1466A

B.

§18. U.S.C 252

C.

§18. U.S.C 146A

D.

§18. U.S.C 2252

Heather, a computer forensics investigator, is assisting a group of investigators working on
a large computer fraud case involving over 20 people. These 20 people, working in
different offices, allegedly siphoned off money from many different client accounts. Heather
responsibility is to find out how the accused people communicated between each other.
She has searched their email and their computers and has not found any useful evidence.
Heather then finds some possibly useful evidence under the desk of one of the accused.
In an envelope she finds a piece of plastic with numerous holes cut out of it. Heather then
finds the same exact piece of plastic with holes at many of the other accused peoples
desks. Heather believes that the 20 people involved in the case were using a cipher to
send secret messages in between each other. What type of cipher was used by the accused in this case?

A.

Grill cipher

B.

Null cipher

C.

Text semagram

D.

Visual semagram

What will the following command accomplish in Linux?
fdisk /dev/hda

A.

Partition the hard drive

B.

Format the hard drive

C.

Delete all files under the /dev/hda folder

D.

Fill the disk with zeros

John is working as a computer forensics investigator for a consulting firm in Canada. He is
called to seize a computer at a local web caf purportedly used as a botnet server. John
thoroughly scans the computer and finds nothing that would lead him to think the computer
was a botnet server. John decides to scan the virtual memory of the computer to possibly
find something he had missed. What information will the virtual memory scan produce?

A.

It contains the times and dates of when the system was last patched

B.

It is not necessary to scan the virtual memory of a computer

C.

It contains the times and dates of all the system files

D.

Hidden running processes

Which among the following search warrants allows the first responder to get the victim’s computer information such as service records, billing records, and subscriber information from the service provider?

A.

Citizen Informant Search Warrant

B.

Electronic Storage Device Search Warrant

C.

John Doe Search Warrant

D.

Service Provider Search Warrant

While presenting his case to the court, Simon calls many witnesses to the stand to testify. Simon decides to call Hillary Taft, a lay witness, to the stand. Since Hillary is a lay witness, what field would she be considered an expert in?

A.

Technical material related to forensics

B.

No particular field

C.

Judging the character of defendants/victims

D.

Legal issues