1. ROUTER LOGS record all incoming and outgoing traffic.

2. In WEB-BASED email, messages are displayed and saved as WEB PAGES in the browser’s
cache folders.
3. The goals of email crimes violators investigations are
a. Find who is behind the crime
b. Collect the evidence
c. Present your findings
d. Build a case
4. The SPOOFING email can be used to commit fraud.
5. The STEGHIDE is a software used to hide a secret text message and/or file in an image of
sound file.
6. The STUXNET is a computer worm used to spy on and subvert industrial system such as
uranium plants in Iran.
7. The WORM is a malware with ability to spread independently through network.
8. The goal of HONEYNET PROJECT is to provide awareness information and tools about
attack methods.
9. The ___ is a piece of hardware device connected to a computer that records chats,
emails, internet and others.
10. The PACKET SNIFFERS is a device or software that monitor network traffic.
11. *This network tool is a free tool used to examine windows product. SYSINTERNALS
12. The network forensic is a very long and TEDIOUS process that’s why standard
procedures were developed.
13. These several tools to capture the RAM are:
a. Mantech Memory DD
b. Win32dd
c. winen.exe from Guidance Software
d. BackTrack 3.
14. The steps of performing live acquisitions are:
a. Create or download a bootable forensic CD
b. Make sure you keep a log of all your actions
c. A network drive is ideal as a place to send the information you collect
d. Copy the physical memory (RAM)
e. The next step varies, depending on the incident you’re investigating
f. Be sure to get a forensic hash value of all files you recover during the live
acquisition
15. Live acquisitions are especially useful when you are dealing with active NETWORK
intrusions or attacks.
16. Layered network defense strategy is a set of layers of PROTECTION to hide the most
valuable data of the inner most part of the network.
17. The investigator must check REGISTRY for clues that virtual machine had been installed
or uninstalled.
18. Investigation must know how to detect a VIRTUAL MACHINE installed on a host, acquire
an image of virtual machine, and use virtual machines to examine MALWARE.
19. The VIRTUAL MACHINES are important in today’s networks.