( computer forensics ) Working with Windows and CLI Systems
1. DART can be used to boot a Windows computer. True or False?
2. RAM can be captured most safely after a computer is shut down. True or False?
3. DART acquisition tools include which of the following? (Choose all that apply.) a) OSForensics b) DumpIt c) RamCapture d) Tcpdump
4. You can use TestDisk to search both Windows and Linux partitions. True or False?
5. DART includes password recovery tools. True or False?
1. The Registry contains how many hives? a) Three b) Two c) Five d) Six
2. How many user accounts are disabled? a) Two b) Seven c) One d) Three
3. The SAM hive uses PIDs to store information on user accounts. True or False?
4. Name two SID values that indicate whether an account was created automatically.
5. The Key Properties pane in Registry Viewer shows when user accounts have changed their passwords. True or False?
1.What’s the computer name of this system? a) mnmsrv b) GCFI5E c) HAL d) MSDTC
2. What’s the time zone setting for this computer? a) EST b) MST c) CST d) PST
3. How many mounted devices on this system have assigned drive letters?
4. What information is stored in the Enum folder? a) User account information b) Password information c) File locations d) Hardware and software values
5. The SYSTEM hive contains configuration data for passwords. True or False?
1. The ntuser.dat file contains information on multiple account holders. True or False?
2. What’s the e-mail account for the Denise user? a) [email protected] b) [email protected] c) [email protected] d) [email protected]
3. The ntuser.dat file contains information on which of the following? (Choose all that apply.) a) Drive letter designations b) Personalized desktop settings c) PID key d) MRU devices
4. Password decryption tools often need which of the following to retrieve user passwords? (Choose all that apply.) 1. SYSTEM hive 2. SAM hive 3. ntuser.dat file 4. Enum folder
5. The ntuser.dat file is in which of the following paths?
ANSWERS
1. DART can be used to boot a Windows computer. TRUE
2. RAM can be captured most safely after a computer is shut down. FALSE
3. DART acquisition tools include which of the following? b)DumpIt & c)RamCapture
4. You can use TestDisk to search both Windows and Linux partitions. TRUE
5. The SYSTEM hive contains configuration data for passwords. TRUE
_____________________________________________________________________
ANSWERS
1. The Registry contains how many hives? d) SIX
2. How many user accounts are disabled? d)THREE
3. The SAM hive uses PIDs to store information on user accounts. TRUE
4. Name two SID values that indicate whether an account was created automatically. 501 and 1000
5. The Key Properties pane in Registry Viewer shows when user accounts have changed their passwords. TRUE
Get Answers For Free
Most questions answered within 1 hours.