What is the First Step required in preparing a computer for forensics investigation?
A. Do not turn the computer off or on, run any programs, or attempt to access data on a
B. Secure any relevant media
C. Suspend automated document destruction and recycling policies that may pertain to any
relevant media or users at Issue
D. Identify the type of data you are seeking, the Information you are looking for, and the urgency
level of the examination
Network forensics can be defined as the sniffing, recording, acquisition and analysis of the
network traffic and event logs in order to investigate a network security incident.
Which of the following commands shows you the names of all open shared files on a server and
number of file locks on each file?
A. Net sessions
B. Net file
D. Net share
The Recycle Bin exists as a metaphor for throwing files away, but it also allows user to retrieve
and restore files. Once the file is moved to the recycle bin, a record is added to the log file that
exists in the Recycle Bin.
Which of the following files contains records that correspond to each deleted file in the Recycle
A. INFO2 file
B. INFO1 file
C. LOGINFO2 file
D. LOGINFO1 file