Question 171
Recovery of the deleted partition is the process by which the investigator evaluates and extracts the deleted partitions.
Question 172
What advantage does the tool Evidor have over the built-in Windows search?
Question 173
Preparing an image drive to copy files to is the first step in Linux forensics. For this purpose, what would the following command accomplish?
dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync
Question 174
Kyle is performing the final testing of an application he developed for the accounting department.
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command.
What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }
His last round of testing is to ensure that the program is as secure as possible. Kyle runs the following command.
What is he testing at this point?
#include #include int main(int argc, char
*argv[]) { char buffer[10]; if (argc < 2) { fprintf (stderr, "USAGE: %s string\n", argv[0]); return 1; } strcpy(buffer, argv[1]); return 0; }
Question 175
Sally accessed the computer system that holds trade secrets of the company where she Is employed. She knows she accessed It without authorization and all access (authorized and unauthorized) to this computer Is monitored. To cover her tracks. Sally deleted the log entries on this computer. What among the following best describes her action?