CHFI Study guides, Class notes & Summaries

CHFI - Chapter 7 (Network Forensics) with 100% Correct Answers Rated A+ In this type of attack, the attacker sends messages to the computer with an address that indicates the messages are coming from a trusted host. - IP Address Spoofing This is the process of gathering information about a network that may help in an attacking the network. - Enumeration This attack refers to the exploitation of a session-token generation mechanism or token security controls, such that the attacker can ...

CHFI Tools Questions and Answers | Latest update Already Passed in linux can be used locate residual data - DD Tool a. Networking/protocol stack tool and function - Netstat tool a. Allow view of information in the name resolution cache in a Windows machine - Nbtstat in Windows a. Allows view of routing table - 5. Route print i. A tool that blocks modification of the source drive - Write blocker a. DeepSpar Recovery Environment is a free Windows-based application b. DeepSpar Operations...

CHFI test Completed with 100% Verified Solutions | Already Passed do not turn the computer off or on, run any programs, or attempt to access data on a computer - the first step required in preparing a computer for forensics investigation is the sniffing recording acquisition and analysis of the the network traffic and event logs in order to investigate a network security incident - network forensics which of the follwing commands shows you the names of all open shared files on a server ...

CHFI Test 1 with 100% Verified Solutions | Already Graded 18 USC §1030 covers: - fraud and related activity in connection with computers This Federal statute covers child pornography. - 18 USC 2252A This rule involves rulings on evidence. - Rule 103 Sara is an Assistant U.S. Attorney. She knows that this rule covers the general admissibility of relevant evidence. - Rule 402 This person provides legal advice about the investigation and any potential legal issues in the forensic inves...

CHFI study guide Completed with 100% Verified Solutions What is the first step required in preparing a computer for forensics investigation? - Do not turn the computer off or on, run any programs, or attempt to access data on a computer. True or false? Network forensics can be defined as the sniffing, recording, acquisition and analysis of the network traffic and event logs in order to investigate a network security incident. - True What command shows you the names of all open shared f...

CHFI Rules Exam with 100% Verified Solutions | Already Passed Rule 101 - Scope - govern proceedings in the courts of the United States Rule 102 - Purpose and Construction - to secure fairness in administration, elimination of unjustifiable expense and delay, and promotion of growth and development of the law of evidence to the end that the truth may be ascertained and proceedings justly determined. Rule 103 - Ruling on Evidence Rule 105 - Limited Admissibility - the court, upon request...

CHFI Missed Questions and Answers | Latest update 100% Pass What technique used by Encase makes it virtually impossible to tamper with evidence once it has been acquired? A. Every byte of the file(s) is given an MD5 hash to match against a master file B. Every byte of the file(s) is verified using 32-bit CRC C. Every byte of the file(s) is copied to three different hard drives D. Every byte of the file(s) is encrypted using three different method - B. Every byte of the file(s) is veri...

CHFI Final Exam Study Guide with 100% Verified Solutions Key steps for Forensic Investigation - 1. Identify the Computer Crime. 2. Collect Primary Evidence. 3. Obtain court warrant for seizure (if required). 4. Perform first responder Procedures. 5. Seize evidence at the crime scene. 6. Transport Evidence to the forensic laboratory. 7. Create 2-bit stream copies of the evidence. 8. Generate MD5 checksum on the images. 9. Chain of Custody. 10. Store the original evidence in a secure ...

CHFI Exam Questions and Answers with 100% Correct Solutions What is the First Step required in preparing a computer for forensics investigation? A. Do not turn the computer off or on, run any programs, or attempt to access data on a computer B. Secure any relevant media C. Suspend automated document destruction and recycling policies that may pertain to any relevant media or users at Issue D. Identify the type of data you are seeking, the Information you are looking for, and the urgenc...

CHFI Chapter 5-6 Questions with 100% Verified Solutions Windows: When a user deletes a file, the OS does not actually delete the file, it - marks the file name in the Master File Table (MFT) with a special character. This character represents that the space once occupied by the file is ready for use FAT - The OS replaces the first letter of the deleted filename with - E5H, Corresponding clusters of that file are marked unused, even though they are not empty. Until these clusters are ...