When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

Checking for apps that start automatically in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Check for current PIDS in NTUSER.DAT

Examining the broadcast address for the system in HKLM\System\CurrentControlSet\Services\VxD\MSTCP

Examining the size of pagefile.sys in HKLM\System\CurrentControlSet\Control\SessionManager\MemoryManagement

Timelining

Quiz

•

Other

•

12th Grade

•

Practice Problem

•

Medium

shyrlyn valdez

Used 2+ times

FREE Resource

10 questions

Show all answers

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which of the following artifacts are considered as the Windows Forensic Trinity?

Filesystem Metadata

Registry

Windows Event Logs

Windows Startup

Answer explanation

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What point is used to examine the temporal proximity in the timeline?

Slope Point

Pivot Point

Parrot Point

No Point

Answer explanation

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NTFS Timestamps: Time the data content of a file was last modified

M

A

C

B

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The most famous super timeline tool is Plaso

True

False

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

If you are in a rush, is it better to create a supertimeline? Why or Why not?

Yes. Supertimeline is quicker to generate than filesystem timeline.

No. Just do filesystem timeline. Supertimeline is not a quick process to run

No. I don't want to do timelining

Yes. Supertimeline is not a quick to generate and I like to provide the analysis the next day.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What tool outputs metadata about the events extracted from log2timeline

plasm

pinfo

fls

mactime

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following can be detected by timeline analysis?

Anti-Forensics

Covert Tunneling

Covid

Influenza

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

13 questions

Five Nights At Freddy's: Security Breach Quiz

Quiz

•

KG - Professional Dev...

10 questions

Human Capital Formation

Quiz

•

12th Grade

10 questions

Music Theory Assessment #2

Quiz

•

9th - 12th Grade

13 questions

football of world

Quiz

•

1st Grade - University

13 questions

Anime 99

Quiz

•

9th Grade - Professio...

12 questions

greeting and numbers

Quiz

•

1st - 12th Grade

10 questions

Infancy

Quiz

•

4th Grade - Professio...

10 questions

Star Wars

Quiz

•

KG - Professional Dev...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Other

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

12 questions

Add and Subtract Polynomials

Quiz

•

9th - 12th Grade

13 questions

Model Exponential Growth and Decay Scenarios

Quiz

•

9th - 12th Grade

27 questions

7.2.3 Quadrilateral Properties

Quiz

•

9th - 12th Grade

7 questions

Amoeba Sisters Dihybrid Cross Punnett Square

Interactive video

•

9th - 12th Grade

10 questions

The Holocaust: Historical Overview

Interactive video

•

9th - 12th Grade

10 questions

Key Features of Quadratic Functions

Interactive video

•

8th - 12th Grade

11 questions

Exponent Quotient Rules A1 U7

Quiz

•

9th - 12th Grade

Timelining

10 questions

Which of the following artifacts are considered as the Windows Forensic Trinity?

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

What point is used to examine the temporal proximity in the timeline?

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system

NTFS Timestamps: Time the data content of a file was last modified

The most famous super timeline tool is Plaso

If you are in a rush, is it better to create a supertimeline? Why or Why not?

What tool outputs metadata about the events extracted from log2timeline

Which of the following can be detected by timeline analysis?

What tool can be used to filter events collected by log2timeline

When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

The image shows the SI and FN times for files in the C:\temp directory. Which of the following files contains normal file attributes?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Timelining

10 questions

Which of the following artifacts are considered as the Windows Forensic Trinity?

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.Understanding all three areas and how they interrelate is a skill worth working towards.

What point is used to examine the temporal proximity in the timeline?

Use the pivot to look before and after in your timeline to get a better idea of whathappened on the system

NTFS Timestamps: Time the data content of a file was last modified

The most famous super timeline tool is Plaso

If you are in a rush, is it better to create a supertimeline? Why or Why not?

What tool outputs metadata about the events extracted from log2timeline

Which of the following can be detected by timeline analysis?

What tool can be used to filter events collected by log2timeline

When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

The image shows the SI and FN times for files in the C:\temp directory. Which of the following files contains normal file attributes?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system