D431 Digital Forensics in Cybersecurity - Set 3 - Part 1

Correct Answer: To receive email

IMAP is used to receive email messages from a mail server and operates on port 143.

Correct Answer: Malware that activates when specific conditions are met

A logic bomb is a piece of malicious code that remains dormant until specific conditions are met, such as a particular date or a user action.

Correct Answer: To intercept and log network traffic for analysis

A sniffer is used to capture and log network traffic, which can be analyzed later for signs of malicious activity or security breaches.

Correct Answer: Security log

The security log records successful and failed login attempts, making it crucial for forensic analysis of login activities.

Correct Answer: To receive emails

POP3 is used to receive emails from a mail server, working on port 110.

Correct Answer: Forensic SIM Cloner

Forensic SIM Cloner is used to make a copy of the data stored on a SIM card, which can be important in mobile device investigations.

Correct Answer: The process of hiding data within other data, such as images

Steganography is the practice of hiding messages or information within non-suspicious data, such as embedding text within an image.

Correct Answer: Try all possible combinations of keys or passwords to gain access

A brute-force attack tries all possible combinations of keys or passwords until the correct one is found.

Correct Answer: Sparse infector virus

A sparse infector virus operates intermittently, making its malicious activities difficult to detect since they occur infrequently.

Correct Answer: To track the handling of evidence from its collection to its presentation in court

The chain of custody is a record of who has handled the evidence and when, ensuring that it remains unaltered and admissible in court.

Correct Answer: Storing the metadata and data of forensic images

AFF is a file format used to store forensic images and the associated metadata, supporting forensic analysis.

Correct Answer: A virus that avoids detection by acting sporadically

A sparse infector virus performs its malicious actions only sporadically, making it more difficult to detect and remove.

Correct Answer: Symmetric encryption

Symmetric encryption uses the same key for both encryption and decryption, making it faster but less secure if the key is compromised.

Correct Answer: A virus that changes its code to avoid detection

A polymorphic virus changes its code each time it infects a new file, making it harder for antivirus software to detect using signature-based methods.

Correct Answer: To create a bit-by-bit copy of a storage device for analysis

Forensic imaging involves creating an exact copy of a storage device, ensuring that the original data remains unaltered during investigation.

Correct Answer: The space between the logical end of a file and the end of the allocated storage block

File slack is the space between the logical end of a file and the end of the storage block it occupies, which can contain leftover data.

Correct Answer: To identify the phone with a user and a number

A SIM card stores a unique identifier for a mobile device, linking it to a user and a phone number.

Correct Answer: The Wireless Communications and Public Safety Act of 1999

The Wireless Communications and Public Safety Act governs the collection of GPS data for public safety purposes.

Correct Answer: To assess whether scientific testimony is based on valid reasoning and methodology

The Daubert standard is used by judges to assess whether expert testimony is scientifically valid and can be applied to the facts at issue.

Correct Answer: To define how partitions are organized on modern hard drives

The GUID Partition Table (GPT) is used to define how partitions are structured on modern hard drives, providing support for large storage capacities.