When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

Checking for apps that start automatically in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Check for current PIDS in NTUSER.DAT

Examining the broadcast address for the system in HKLM\System\CurrentControlSet\Services\VxD\MSTCP

Examining the size of pagefile.sys in HKLM\System\CurrentControlSet\Control\SessionManager\MemoryManagement

Timelining

Quiz

•

Other

•

12th Grade

•

Practice Problem

•

Medium

shyrlyn valdez

Used 2+ times

FREE Resource

10 questions

Show all answers

1.

MULTIPLE SELECT QUESTION

45 sec • 1 pt

Which of the following artifacts are considered as the Windows Forensic Trinity?

Filesystem Metadata

Registry

Windows Event Logs

Windows Startup

Answer explanation

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

2.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What point is used to examine the temporal proximity in the timeline?

Slope Point

Pivot Point

Parrot Point

No Point

Answer explanation

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system

3.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

NTFS Timestamps: Time the data content of a file was last modified

M

A

C

B

4.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The most famous super timeline tool is Plaso

True

False

5.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

If you are in a rush, is it better to create a supertimeline? Why or Why not?

Yes. Supertimeline is quicker to generate than filesystem timeline.

No. Just do filesystem timeline. Supertimeline is not a quick process to run

No. I don't want to do timelining

Yes. Supertimeline is not a quick to generate and I like to provide the analysis the next day.

6.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What tool outputs metadata about the events extracted from log2timeline

plasm

pinfo

fls

mactime

7.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following can be detected by timeline analysis?

Anti-Forensics

Covert Tunneling

Covid

Influenza

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

11 questions

Ecuador

Quiz

•

KG - 12th Grade

10 questions

Types of Card Catalogue

Quiz

•

9th - 12th Grade

14 questions

Quiz D-Day

Quiz

•

9th - 12th Grade

8 questions

Meme Quiz

Quiz

•

1st Grade - Professio...

10 questions

Research 2

Quiz

•

12th Grade

11 questions

Hero Gayab Mode On

Quiz

•

6th - 12th Grade

10 questions

Driving Theory Test: Alertness

Quiz

•

KG - Professional Dev...

15 questions

will be doing/will have done

Quiz

•

8th - 12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Other

20 questions

-AR -ER -IR present tense

Quiz

•

10th - 12th Grade

15 questions

Making Inferences

Quiz

•

7th - 12th Grade

12 questions

Add and Subtract Polynomials

Quiz

•

9th - 12th Grade

7 questions

How James Brown Invented Funk

Interactive video

•

10th Grade - University

15 questions

Atomic Habits: Career Habits

Lesson

•

9th - 12th Grade

20 questions

Banking

Quiz

•

9th - 12th Grade

15 questions

Exponential Growth and Decay Word Problems Practice

Quiz

•

9th - 12th Grade

18 questions

AP Bio Insta-Review Topic 6.1*: DNA & RNA Structure

Quiz

•

9th - 12th Grade

Timelining

10 questions

Which of the following artifacts are considered as the Windows Forensic Trinity?

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

What point is used to examine the temporal proximity in the timeline?

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system

NTFS Timestamps: Time the data content of a file was last modified

The most famous super timeline tool is Plaso

If you are in a rush, is it better to create a supertimeline? Why or Why not?

What tool outputs metadata about the events extracted from log2timeline

Which of the following can be detected by timeline analysis?

What tool can be used to filter events collected by log2timeline

When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

The image shows the SI and FN times for files in the C:\temp directory. Which of the following files contains normal file attributes?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Timelining

10 questions

Which of the following artifacts are considered as the Windows Forensic Trinity?

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.Understanding all three areas and how they interrelate is a skill worth working towards.

What point is used to examine the temporal proximity in the timeline?

Use the pivot to look before and after in your timeline to get a better idea of whathappened on the system

NTFS Timestamps: Time the data content of a file was last modified

The most famous super timeline tool is Plaso

If you are in a rush, is it better to create a supertimeline? Why or Why not?

What tool outputs metadata about the events extracted from log2timeline

Which of the following can be detected by timeline analysis?

What tool can be used to filter events collected by log2timeline

When examining a system that has been mounted as a virtual image, which of the following techniques could identify persistent malware?

The image shows the SI and FN times for files in the C:\temp directory. Which of the following files contains normal file attributes?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

The three core areas of focus are filesystem metadata, windows artifact data, and Windows registry information.
Understanding all three areas and how they interrelate is a skill worth working towards.

Use the pivot to look before and after in your timeline to get a better idea of what
happened on the system