HW 07: Ch 12 Investigating Windows

HW 07: Ch 12 Investigating Windows

Click 'check' on each question or your score will not be recorded. resources:

windows special folders ntfs.com

Windows cmdline ref how ntfs works Case Study lecture notes

Note: we are not performing a lab on Windows that covers the commands in this homework. Refer to the lecture notes or resources for help. In particular, see Windows commandline reference for syntax on shell commands.

01. Connecting a USB stick to a Windows PC adds an entry to which log file? A. the SetupAPI text log

B. the usb.log C. both A & B

A B C check CORRECT.

02. What action will alter this registry key?

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Storage\RemovableMedia A. Connecting an internal hard disk

B. Connecting a USB flash drive

A B check CORRECT

03. This Windows shell command redirects the shell command history to a file. doskey /h > j:\evidence\mdevidence-doskey.txt

T F check CORRECT

04. Which Windows shell command will display disk usage and append that output to a file?

A. chkdsk >> f:\evidence\evidence.txt B. du > f:\evidence\evidence.txt

A B check CORRECT

05. What will these windows shell commands do?

cd "\documents and settings\student\my documents"> xcopy *.* f:\evidence_files /s /k /v

A. Perform a recursive copy of all files in and below the "my documents" folder B. include empty subfolders

C. retain read-only attributes D. verify the copy

A B C D check CORRECT.

06. What will this shell command do? find /i /c "confidential" *.*

A. counts the lines that contain the word confidential in the specified files B. looks at all files in the current folder

C. will ignore case when performing the pattern match

D. looks for the pattern "confidential" including the double quotes

A B C D check CORRECT.

07. Which of the following is a correct listing of some metadata that Windows maintains on files under its supported filesystems?

A. FAT-32: file ownership and file permissions by user B. NTFS: file ownership and file permissions by user C. ext3: file ownership and file permissions by user D. FAT-16: nothing

A B C D check CORRECT.

08. One partition on a single hard disk may be formatted with NTFS and a second partition on the same hard disk may be formatted with ext3 or fat32.

T F check CORRECT.

09. The root level folder in Windows XP and above that holds a folder for each particular user is

A. Documents and Settings B. Local Settings

A B check CORRECT.

10. The last modified date on the user registry file will show the last time the user accessed the machine.

T F check CORRECT

11. What file on a Windows PC maintains dated information about all web sites that a user visits?

A. Internet History file B. cookie file C. both A and B

A B C check CORRECT

12. How can you show that a user copied a file from a particular computer onto some removeable media such as a USB drive?

A. If you Open Windows Event Viewer you will always an entry for this activity. B. If you have the removeable media in question and look for the file.

C. If the file was moved rather than copied the file will be in Recycle Bin. D. If the user opened the file in Word and then saved it to the flash disk you can view the Most Recently Used list.

A B C D check CORRECT.

13. In the "Temporary Internet Files" folder in Windows you can find files that record all visits to websites; i.e., a history of Internet usage including timestamps.

T F check CORRECT.

14. A Windows SID

A. is a security identifier used to determine access to a resource. B. is unique across a given system.

C. can be changed by the user.

D. requires an Oracle database of access tokens.

A B C D check CORRECT.

15. What does the Windows 'tree' command do ?

A. gives an overview of the directory structure on the disk B. gives an overview of the disk usage similar to 'du' in Unix C. is similar to pstree in Unix

D. displays the information graphically

A B C D check CORRECT.

16. NTUSER.DAT file is a user registry file that holds personal preferences and settings.

T F check CORRECT

17. There is a single Recycle Bin (referenced by one icon on the desktop) that consolidates the Recycle Bin files off all logical disks, including removeable media (e.g., flash drives). What happens once the removeable media is removed? A. the Recycle Bin files for that media disappear.

B. the Recycle Bin files for that media remain in the Bin until it is emptied.

A B check CORRECT

18. What is true after these shell commands are executed? Assume rabbit.jpg is a viewable JPG image file.

echo "this is a test" > test.txt type rabbit.jpg > test.txt:mypix del rabbit.jpg

C:\WINNT\system32\mspaint test.txt:mypix // Cmd #1 more test.txt // Cmd #2

A. Cmd #1 will display an error since test.txt is not an image B. Cmd #2 will display "this is a test"

C. both A & B

A B C check CORRECT

19. The Windows Event Viewer can be used to view A. system log files.

B. upcoming scheduled events on the system.

A B check CORRECT

20. Passwords that are encrypted by software such as ssh (secure shell) can potentially be found in clear text in which file?

A. pagefile.sys B. hiberfil.sys C. both A & B

A B C check CORRECT

21. Assume you are editing foo.doc in Microsoft Word on a Windows machine. You are not using any external media to store the file. Where might portions or all foo.doc be extracted from the hard disk this machine?

A. pagefile.sys B. hiberfil.sys

C. a volume shadow copy file

D. a deleted temporary file created by Word for this file

A B C D check CORRECT.

22. What is true about public-key cryptography?

A. It relies on symmetric cryptographic protocols.

B. DES is often a protocol used in public-key cryptography.

C. If Alice and Bob want secrecy Alice encrypts her msg with Bob's private key. D. If Alice wants to authenticate a msg she encrypts it with her private key.

A B C D check CORRECT.

ComputeScore Right: Wrong: Percent: (Must be 100% for credit) Errors:

Name (first name only): 3-digit ID: Sleipnir Username: