HW 07: Ch 12 Investigating Windows



Similar documents
Windows Offline Files

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

The Einstein Depot server

Optional Lab: Data Backup and Recovery in Windows Vista

1! Registry. Windows System Artifacts. Understanding the Windows Registry. Organization of the Windows Registry. Windows Registry Viewer

FILE TRANSFER PROTOCOL (FTP) SITE

Lab 20: Cryptography

Lab - Data Backup and Recovery in Windows Vista

IT Essentials v4.1 LI Upgrade and configure storage devices and hard drives. IT Essentials v4.1 LI Windows OS directory structures

Using SSH Secure FTP Client INFORMATION TECHNOLOGY SERVICES California State University, Los Angeles Version 2.0 Fall 2008.

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

Windows 7: Current Events in the World of Windows Forensics

PGP Portable Quick Start Guide Version 10.2

Web File Management with SSH Secure Shell 3.2.3

Accessing your Staff (N and O drive) files from off campus

New ehealth Computer Account User Information. July 2014

Mapping the ITS File Server Folders to Mosaic Windows

1. Set Daylight Savings Time Create Migrator Account Assign Migrator Account to Administrator group... 4

Samsung Drive Manager FAQ

Hyperoo 2 User Guide. Hyperoo 2 User Guide

HP ProtectTools Embedded Security Guide

Installing the SSH Client v3.2.2 For Microsoft Windows

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

How To Restore An Org Server With Anor Backup For Windows (Oracle)

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Lab: Data Backup and Recovery in Windows XP

User Manual for Data Backups

Linux Overview. Local facilities. Linux commands. The vi (gvim) editor

Part 3: Accessing Local drives and printers from the Terminal Server

ilaw Installation Procedure

Centre for Learning and Academic Development. IT Training. File Management. Windows Vista. Version 1.0

Introduction to MS WINDOWS XP

USB 2.0 Flash Drive User Manual

PGP Desktop Quick Start Guide version 9.6

Lab 8: Configuring Backups

X.509 Certificate Generator User Manual

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

Access Instructions for United Stationers ECDB (ecommerce Database) 2.0

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok

AccuGuard Desktop and AccuGuard Server User Guide

Lab - Data Backup and Recovery in Windows XP

PRiSM Security. Configuration and considerations

Digital Forensics Tutorials Acquiring an Image with Kali dcfldd

For Mac User Directions, see page 5

TIBCO Fulfillment Provisioning Session Layer for FTP Installation

Networking Lab - Vista Public Network Sharing

New Technologies File System (NTFS) Priscilla Oppenheimer. Copyright 2008 Priscilla Oppenheimer

Password Protection Application for Verbatim USB Flash Drives

Instructions for Accessing the Advanced Computing Facility Supercomputing Cluster at the University of Kansas

University of Toronto

Recover Data Like a Forensics Expert Using an Ubuntu Live CD

File Management Where did it go? Teachers College Summer Workshop

NSS Volume Data Recovery

Housekeeping Your PC

How to Setup Auto Recording for MyPBX U100/200/300

Symantec Backup Exec Desktop Laptop Option ( DLO )

Zmanda Cloud Backup Frequently Asked Questions

How to Encrypt your Windows 7 SDS Machine with Bitlocker

DIGIPASS CertiID. Getting Started 3.1.0

CLC Server Command Line Tools USER MANUAL

File Management and File Storage

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

IBM WebSphere Application Server Version 7.0

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

IBM Rapid Restore PC powered by Xpoint - v2.02 (build 6015a)

Instructions for downloading and installing the GPS Map update

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

After going through this lesson you would be able to:

JAVS Scheduled Publishing. Installation/Configuration... 4 Manual Operation... 6 Automating Scheduled Publishing... 7 Windows XP... 7 Windows 7...

Uploading files to a web server using SSH Secure Shell 3.2.9

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

USING CAMPUS ANYWARE OVER THE VPN (WINDOWS XP)

Direct Storage Access Using NetApp SnapDrive. Installation & Administration Guide

SIMS Multi-user Installation Instructions

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

SecureVault Online Backup Service FAQ

INPS Remote Vision MIQUEST Training Manual

Understanding Backup and Recovery Methods

MySQL Quick Start Guide

PC Instructions for Miller LiveArc Software

Lab 18: Access Control/Audit

Windows BitLocker Drive Encryption Step-by-Step Guide

Hadoop Basics with InfoSphere BigInsights

Q. If I purchase a product activation key on-line, how long will it take to be sent to me?

WinSCP Tutorial 01/28/09: Y. Liow

DriveLock Quick Start Guide

information security and its Describe what drives the need for information security.

FileCloud Security FAQ

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

2.6.1 Creating an Acronis account Subscription to Acronis Cloud Creating bootable rescue media... 12

ScoMIS Encryption Service

File Management Using Microsoft Windows

How to configure the DBxtra Report Web Service on IIS (Internet Information Server)

Ad Hoc (Temporary) Accounts Instructions

6 USING WINDOWS XP 6.1 INTRODUCTION

HP LeftHand SAN Solutions

Transcription:

1 of 7 5/15/2015 2:40 AM HW 07: Ch 12 Investigating Windows Click 'check' on each question or your score will not be recorded. resources: windows special folders ntfs.com Windows cmdline ref how ntfs works Case Study lecture notes Note: we are not performing a lab on Windows that covers the commands in this homework. Refer to the lecture notes or resources for help. In particular, see Windows commandline reference for syntax on shell commands. 01. Connecting a USB stick to a Windows PC adds an entry to which log file? A. the SetupAPI text log B. the usb.log C. both A & B 02. What action will alter this registry key? HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Storage\RemovableMedia A. Connecting an internal hard disk B. Connecting a USB flash drive 03. This Windows shell command redirects the shell command history to a file. doskey /h > j:\evidence\mdevidence-doskey.txt

2 of 7 5/15/2015 2:40 AM 04. Which Windows shell command will display disk usage and append that output to a file? A. chkdsk >> f:\evidence\evidence.txt B. du > f:\evidence\evidence.txt 05. What will these windows shell commands do? cd "\documents and settings\student\my documents"> xcopy *.* f:\evidence_files /s /k /v A. Perform a recursive copy of all files in and below the "my documents" folder B. include empty subfolders C. retain read-only attributes D. verify the copy 06. What will this shell command do? find /i /c "confidential" *.* A. counts the lines that contain the word confidential in the specified files B. looks at all files in the current folder C. will ignore case when performing the pattern match D. looks for the pattern "confidential" including the double quotes 07. Which of the following is a correct listing of some metadata that Windows maintains on files under its supported filesystems? A. FAT-32: file ownership and file permissions by user B. NTFS: file ownership and file permissions by user C. ext3: file ownership and file permissions by user D. FAT-16: nothing

3 of 7 5/15/2015 2:40 AM 08. One partition on a single hard disk may be formatted with NTFS and a second partition on the same hard disk may be formatted with ext3 or fat32. 09. The root level folder in Windows XP and above that holds a folder for each particular user is A. Documents and Settings B. Local Settings 10. The last modified date on the user registry file will show the last time the user accessed the machine. 11. What file on a Windows PC maintains dated information about all web sites that a user visits? A. Internet History file B. cookie file C. both A and B 12. How can you show that a user copied a file from a particular computer onto some removeable media such as a USB drive?

4 of 7 5/15/2015 2:40 AM A. If you Open Windows Event Viewer you will always an entry for this activity. B. If you have the removeable media in question and look for the file. C. If the file was moved rather than copied the file will be in Recycle Bin. D. If the user opened the file in Word and then saved it to the flash disk you can view the Most Recently Used list. 13. In the "Temporary Internet Files" folder in Windows you can find files that record all visits to websites; i.e., a history of Internet usage including timestamps. 14. A Windows SID A. is a security identifier used to determine access to a resource. B. is unique across a given system. C. can be changed by the user. D. requires an Oracle database of access tokens. 15. What does the Windows 'tree' command do? A. gives an overview of the directory structure on the disk B. gives an overview of the disk usage similar to 'du' in Unix C. is similar to pstree in Unix D. displays the information graphically 16. NTUSER.DAT file is a user registry file that holds personal preferences and settings.

5 of 7 5/15/2015 2:40 AM 17. There is a single Recycle Bin (referenced by one icon on the desktop) that consolidates the Recycle Bin files off all logical disks, including removeable media (e.g., flash drives). What happens once the removeable media is removed? A. the Recycle Bin files for that media disappear. B. the Recycle Bin files for that media remain in the Bin until it is emptied. 18. What is true after these shell commands are executed? Assume rabbit.jpg is a viewable JPG image file. echo "this is a test" > test.txt type rabbit.jpg > test.txt:mypix del rabbit.jpg C:\WINNT\system32\mspaint test.txt:mypix // Cmd #1 more test.txt // Cmd #2 A. Cmd #1 will display an error since test.txt is not an image B. Cmd #2 will display "this is a test" C. both A & B 19. The Windows Event Viewer can be used to view A. system log files. B. upcoming scheduled events on the system.

6 of 7 5/15/2015 2:40 AM 20. Passwords that are encrypted by software such as ssh (secure shell) can potentially be found in clear text in which file? A. pagefile.sys B. hiberfil.sys C. both A & B 21. Assume you are editing foo.doc in Microsoft Word on a Windows machine. You are not using any external media to store the file. Where might portions or all foo.doc be extracted from the hard disk this machine? A. pagefile.sys B. hiberfil.sys C. a volume shadow copy file D. a deleted temporary file created by Word for this file 22. What is true about public-key cryptography? A. It relies on symmetric cryptographic protocols. B. DES is often a protocol used in public-key cryptography. C. If Alice and Bob want secrecy Alice encrypts her msg with Bob's private key. D. If Alice wants to authenticate a msg she encrypts it with her private key.

7 of 7 5/15/2015 2:40 AM ComputeScore Right: Wrong: Percent: (Must be 100% for credit) Errors: Name (first name only): 3-digit ID: Sleipnir Username: SubmitHomework StartOver

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information