When an investigator contacts by telephone the domain administrator or controller listed by a Who is lookup to request all e-mails sent and received for a user account be preserved, what U.S.C. statute authorizes this phone call and obligates the ISP to preserve e-mail records?

Item 2If you come across a sheepdip machine at your client site, what would you infer?

In a computer forensics investigation, what describes the route that evidence takes from the time you find it until the case is closed or goes to court?

How many characters long is the fixed-length MD5 algorithm checksum of a critical system file?

You are working on a thesis for your doctorate degree in Computer Science. Your thesis is based on HTML, DHTML, and other web-based languages and how they have evolved over the years.You navigate to archive. org and view the HTML code of news.com. You then navigate to the current news.com website and copy over the source code. While searching through the code, you come across something abnormal: What have you found?

You are using DriveSpy, a forensic tool and want to copy 150 sectors where the starting sector is 1709 on the primary hard drive. Which of the following formats correctly specifies these sectors?

A honey pot deployed with the IP 172.16.1.108 was compromised by an attacker. Given below is an excerpt from a Snort binary capture of the attack. Decipher the activity carried out by the attacker by studying the log. Please note that you are required to infer only what is explicit in the excerpt.(Note: The student is being tested on concepts learnt during passive OS fingerprinting, basic TCP/IP connection concepts and the ability to read packet signatures from a sniff dump.)03/15-20:21:24.107053 211.185.12

The newer Macintosh Operating System is based on:

Before you are called to testify as an expert, what must an attorney do first?

You are contracted to work as a computer forensics investigator for a regional bank that has four 30 TB storage area networks that store customer dat

Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish? dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

You have been asked to investigate the possibility of computer fraud in the finance department of a company. It is suspected that a staff member has been committing finance fraud by printing cheques that have not been authorized. You have exhaustively searched all data files on a bitmap image of the target computer, but have found no evidence. You suspect the files may not have been saved. What should you examine next in this case?

The following is a log file screenshot from a default installation of IIS 6.0.

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet. You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.

When needing to search for a website that is no longer present on the Internet today but was online few years back, what site can be used to view the website collection of pages?view the website? collection of pages?

What type of equipment would a forensics investigator store in a StrongHold bag?

What method of copying should always be performed first before carrying out an investigation?

With regard to using an antivirus scanner during a computer forensics investigation, you should:

If a PDA is seized in an investigation while the device is turned on, what would be the proper procedure?

Davidson Trucking is a small transportation company that has three local offices in DetroitMichigan. Ten female employees that work for the company have gone to an attorney reporting that male employees repeatedly harassed them and that management did nothing to stop the problem. Davidson has employee policies that outline all company guidelines, including awareness on harassment and how it will not be tolerated. When the case is brought to court, whom should the prosecuting attorney call upon for not uphol

When investigating a network that uses DHCP to assign IP addresses, where would you look to determine which system (MAC address) had a specific IP address at a specific time?

When performing a forensics analysis, what device is used to prevent the system from recording data on an evidence disk?

John is working on his company policies and guidelines. The section he is currently working on covers company documents; how they shouldJohn is working on his company? policies and guidelines. The section he is currently working on covers company documents; how they should be handled, stored, and eventually destroyed. John is concerned about the process whereby outdated documents are destroyed. What type of shredder shouldJohn write in the guidelines to be used when destroying documents?