Which of the following tools helps forensic experts analyze user activity in the Microsoft Edge browser?

Philip, a forensic officer, was tasked with investigating a crime scene. In this process, he created bit-by-bit copies of the suspect drive and retrieved all the disk images using the dd command.

Which of the following data acquisition image formats is extracted by Philip in the above scenario?

Which of the following hives in the Windows Registry hierarchical database is volatile in nature and contains file-extension association information and programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data?

Identify the malware analysis technique in which the investigators must take a snapshot of the baseline state of the forensic workstation before malware execution.

Benoy, a security professional at an organization, extracted Apache access log entries to view critical information about all the operations performed on a web server. The Apache access log extracted by Benoy is given below:

“10.10.10.10 - Jason [17/Aug/2019:00:12:34 +0300] "GET /images/content/bg_body_1.jpg HTTP/1.0" 500 1458”

Identify the HTTP status code in the Apache access log entry above that indicates the response was successful.

James, a forensic specialist, was appointed to investigate an incident in an organization. As part of the investigation, James is attempting to identify whether any external storage devices are connected to the internal systems. For this purpose, he employed a utility to capture the list of all devices connected to the local machine and removed suspicious devices.

Identify the tool employed by James in the above scenario.

Which of the following data acquisition formats supports the Lempel-Ziv–Markov chain (LZMA) algorithm for compression?

Kelly, a professional hacker, used her laptop to perform illegal cyber activities for monetary gain on many victims. She securely locked her laptop using BitLocker software. Using this tool, she locked an entire volume using a secret key to deny access to the system.

Identify the anti-forensic technique used by Don in the above scenario.

Wesley, a professional hacker, deleted a confidential file in a compromised system using the “/bin/rm/” command to deny access to forensic specialists.

Identify the operating system on which Don has performed the file carving act.

An investigator wants to extract information about the status of the network interface cards (NICs) in an organization’s Windows-based systems. Identify the command-line utility that can help the investigator detect the network status.

Which of the following layers of the TCP/IP model includes protocols such as Frame Relay, SMDS, Fast Ethernet, SLIP, PPP, FDDI, ATM, Ethernet, and ARP to enable a machine to deliver the desired data to other hosts in the same network?

Which of the following Tor relay nodes in the Tor circuit is designed to transfer data in an encrypted format?

Which of the following network protocols creates secure tunneling through which content obfuscation can be achieved?

Cheryl, a forensic expert, was recruited to investigate a malicious activity performed by an anonymous hackers’ group on an organization’s systems. Using an automated tool, Cheryl was able to extract the malware file and analyze the assembly code instructions, which helped him understand the malware’s purpose.

Which of the following tools helped Cheryl extract and analyze the assembly code of the malware?

A forensic investigator is collecting volatile data such as system information and network information present in the registries, cache, DLLs, and RAM of digital devices through its normal interface.

Identify the data acquisition method the investigator is performing.

Which of the following techniques is defined as the art of hiding data “behind” other data without the target’s knowledge, thereby hiding the existence of the message itself?

Sarah, a forensic investigator, is working on a criminal case. She was provided with all the suspect devices. Sarah employs an imaging software tool for duplicating the original data from the suspect devices. However, the tool she employed failed to image the data as the suspect version of the drive was very old and incompatible with imaging software. Hence, Sarah used an alternative data acquisition technique and succeeded in imaging the data.

Which of the following types of data acquisition techniques did Sarah employ in the above scenario?

Which of the following layers of the TCP/IP model serves as the backbone for data flow between two devices in a network and enables peer entities on the source and destination devices to communicate with each other?

Jack, a forensic investigator, was appointed to investigate a Windows-based security incident. In this process, he employed an Autopsy tool to recover the deleted files from unallocated space, which helps in gathering potential evidence.

Which of the following functions of Autopsy helped Jack recover the deleted files?

Clark, a digital forensic expert, was assigned to investigate a malicious activity performed on an organization’s network. The organization provided Clark with all the information related to the incident. In this process, he assessed the impact of the incident on the organization, reasons for and source of the incident, steps required to tackle the incident, investigation team required to handle the case, investigative procedures, and possible outcome of the forensic process.

Identify the type of analysis performed by Clark in the above scenario.

Steve, a professional hacker, attempted to hack Alice’s banking account. To accomplish his goal, Steve used an automated tool to guess Alice’s login credentials. The tool uses a trial-and-error method by attempting all possible combinations of usernames and passwords to determine the valid credentials.

Identify the type of attack initiated by Steve in the above scenario.

Which of the following commands can an investigator use to parse GPTs of both types of hard disks, including those formatted with either UEFI or MBR?