Computer Lab for Rent
Meeting Room Rental
Training Facility Rental
Exam Testing Center
Purchase Exam Vouchers
Custom Course Development
Who We Are
Work With Us
Incident Handling for Practitioners Quiz
Incident Handling for Practitioners
Step 1 of 11
Wireshark can decrypt IEEE 802.11 WLAN data and user specified encryption keys?
What operating system do you not use in forensics?
What forensics software enables an examiner to view data and preserve evidence integrity with accepted file types for use in the court of law?
Select all that apply: What is the first step of incident handling?
In the Containment focus area, if data is being deleted, what is your first action?
Pull the power plug from the wall
Contact the System Owner
Capture volatile real-time data
Back up system data
What type of examination tools identifies images and files with hidden data inside other files?
Log management tools
Volatile data capture tools
System Monitor (Sysmon) of the Sysinternals toolset for Windows systems, proves valuable for incident handlers because it can?
None of the above
Hide its presence from potential malware and other system threats
Capture packets from network activity for later analysis
Record process creation, network connections, and file creation time data in the system background
When using EnCase, you have the ability to?
Generate high-level reports of metadata to analyze system activity
All of the above
Identify data origination, user activity, data access dates
Identify deleted files
Recover files and partitions
Which UNIX/Linux command or tool enables you to search for patterns of information with regular expressions as a forensic analyst or incident handler?
None of the above
When in the forensics process, what are the four main data sources?