[go: up one dir, main page]
Scribd
Upload
102 views4 pages

Compulsory Internal Assignment (Advanced Cyber Forensics 2)

Uploaded by

Ramaiah Selvam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
102 views4 pages

Compulsory Internal Assignment (Advanced Cyber Forensics 2)

Uploaded by

Ramaiah Selvam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

4/16/24, 2:15 PM Compulsory Internal Assignment (CBCS SEMESTER PATTERN)

Compulsory Internal Assignment (CBCS SEMESTER


PATTERN) Upto C23 Batch

Welcome : SANGEETH P T (A22105PCI6110)


Subject Name : ADVANCED CYBER FORENSICS(SPCI202) - Assessment - 2 Menu

1. The file attributes on a Linux system are stored in a special “attribute block” and is referenced
by

refatr
inode
lsnode
attrib

2. The output format of the timeliner plugin which is output compatible with the Simile data-
visualization framework created by MIT

xlsx
text
xml
csv

3. A free tool that is used to dump Windows memory is

BelkaSoft Live RAM Capturer


F-Response
Guidance Winen
HBGary Fastdump PRO

4. If an investigator wants to recover the deleted email files then one needs to create an image of
the entire hard disk and has to look for which file format?

xml
emlx
xmls
exlm

5. Which of the following components can be termed as digital evidence in a crime scene? (i)
Operating system artifacts and special files (ii) Cloud storage (iii) GPS devices

(i) and (ii)


(i), (ii) and (iii)

www.ideunom.ac.in/mcq/questionpaper_pg.php?eGprSTdzUmk0R3hKMDkyYWJrZTMzYnU3NFlvMCszZ25qWWVSajlNTFdPNDBwSXI5YkZsM… 1/4
4/16/24, 2:15 PM Compulsory Internal Assignment (CBCS SEMESTER PATTERN)

(i) only
(ii) only

6. After shutting down a VM, which files are deleted?

.VMSD and .VMDK


.VSWP and .VMDK
.VMSD and .VMSS
.VSWP and .VMSS

7. What type of artifacts can be extracted from a web browser? (i) Screenshots (ii) Financial
information (iii) Cookies

(i) and (ii)


(i), (ii) and (iii)
(iii) only
(ii) only

8. The passwords for user accounts are generally stored in which file?

/etc/pswrd
/etc/pwd
/etc/password
/etc/shadow

9. Which command allows a user to collect information regarding network connections on a


Windows system?

netcat
netrule
netinfo
netstat

10. Like the traditional MBR, what does GPT also use instead of the early CHS address?

logical address
logical block address
logical partition address
logical table address

11. An event that is not necessarily significant, however, may indicate the possible occurrence of a
future problem is

Error
Warning
Failure Audit
Information

12. The cookie that expires after an individual logs out of the website or closes the browser is

Persistent Cookie
Session Cookie

www.ideunom.ac.in/mcq/questionpaper_pg.php?eGprSTdzUmk0R3hKMDkyYWJrZTMzYnU3NFlvMCszZ25qWWVSajlNTFdPNDBwSXI5YkZsM… 2/4
4/16/24, 2:15 PM Compulsory Internal Assignment (CBCS SEMESTER PATTERN)

Elapse Cookie
Temporary Cookie

13. Which is the virtual dumping ground of a Linux system that is a shared scratch space, and as
such all users have write permissions to this directory?

Cache
Virtual space
/tmp
Partition space

14. Name the Internet layer protocol that helps TCP/IP network components find other devices in
the same broadcast domain.

ARP
SFTP
SMTP
UDP

15. Understanding the requirements and ensuring that the correct equipment and information is
available refers to which phase of the cloud storage forensic framework?

Commence
Preparation
Evidence source identification
Collection

16. The ELF file structure that holds the file offset, entry size, and number of program header
entries is

e_entry
e_phentsize
e_type
e_shentsize

17. The phase of the cloud storage forensic framework which ensures the need to understand the
“what, where, when, who, why, and how” of an investigation and to determine the boundaries of
an investigation is

Commence
Preparation
Evidence source identification
Collection

18. Integrating the command ipconfig /displaydns into your live response toolkit and acquiring
memory with KnTTools are analysed during the investigation of

DNS Cache
Browser
Network Traffic
Socket

www.ideunom.ac.in/mcq/questionpaper_pg.php?eGprSTdzUmk0R3hKMDkyYWJrZTMzYnU3NFlvMCszZ25qWWVSajlNTFdPNDBwSXI5YkZsM… 3/4
4/16/24, 2:15 PM Compulsory Internal Assignment (CBCS SEMESTER PATTERN)

19. The ELF file structure that tells you the file type—whether it is an executable, relocatable
image, shared library, or a core dump.

e_type
e_ident
e_struct
e_phnum

20. What is a non-interactive program that helps the operating system and applications perform
their tasks?

Driver
Configuration program
Service
Kernal

SAVE

www.ideunom.ac.in/mcq/questionpaper_pg.php?eGprSTdzUmk0R3hKMDkyYWJrZTMzYnU3NFlvMCszZ25qWWVSajlNTFdPNDBwSXI5YkZsM… 4/4

You might also like