- (Exam Topic 4)
On NTFS file system, which of the following tools can a forensic Investigator use In order to identify timestomping of evidence files?

1. A. wbStego
2. B. Exiv2
3. C. analyzeMFT
4. D. Timestomp

Correct Answer: D

- (Exam Topic 1)
George is the network administrator of a large Internet company on the west coast. Per corporate policy, none of the employees in the company are allowed to use FTP or SFTP programs without obtaining approval from the IT department. Few managers are using SFTP program on their computers. Before talking to his boss, George wants to have some proof of their activity. George wants to use Ethereal to monitor network traffic, but only SFTP traffic to and from his network.
What filter should George use in Ethereal?

1. A. src port 23 and dst port 23
2. B. udp port 22 and host 172.16.28.1/24
3. C. net port 22
4. D. src port 22 and dst port 22

Correct Answer: D

- (Exam Topic 1)
If a suspect computer is located in an area that may have toxic chemicals, you must:

1. A. coordinate with the HAZMAT team
2. B. determine a way to obtain the suspect computer
3. C. assume the suspect machine is contaminated
4. D. do not enter alone

Correct Answer: A

- (Exam Topic 4)
SO/IEC 17025 is an accreditation for which of the following:

1. A. CHFI issuing agency
2. B. Encryption
3. C. Forensics lab licensing
4. D. Chain of custody

Correct Answer: C

- (Exam Topic 1)
Frank is working on a vulnerability assessment for a company on the West coast. The company hired Frank to assess its network security through scanning, pen tests, and vulnerability assessments. After discovering numerous known vulnerabilities detected by a temporary IDS he set up, he notices a number of items that show up as unknown but Questionable in the logs. He looks up the behavior on the Internet, but cannot find anything related. What organization should Frank submit the log to find out if it is a new vulnerability or not?

1. A. APIPA
2. B. IANA
3. C. CVE
4. D. RIPE

Correct Answer: C