Curso Unit 2: … 2.
4 Gra… Unit 2 …
Unit 2 Quiz
LINUX/UNIX ACQUISITION UNIT QUIZ
Graded quizzes are open to veri ed students. Students who are seeking a veri ed
certi cate must achieve a nal course grade average of at least 80%. You are allowed two
attempts per question unless otherwise noted.
If you have a question about any of the quiz questions, do not post about it in a discussion.
Please contact the RITx Support Team.
Unit 2: Question 1
1/1 point (graded)
What information is typically lost when a computer is shut down? (Select all that apply.)
Current network connections
Data in RAM
/etc directory on disk
Running processes
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 2
1/1 point (graded)
To nd out when a Linux machine was rebooted, a forensic investigator uses the
command:
[Link] 1/6
� uname
uptime
date
ifcon g
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 3
1/1 point (graded)
To nd a root-owned SetUID (SUID) le, we use the command:
(Hint: watch the demonstration video Collect Information from a Live System)
egrep –uid 0 suid
nd / -uid 0 –perm -4000 2>/dev/null
ls / | egrep suid
which suid
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 4
1/1 point (graded)
Which of these commands can transfer the retrieved data from one system to another?
transfer
[Link] 2/6
� pipe
nc
netstat
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 5
1/1 point (graded)
When using netcat to transfer a dd image of an entire drive across a network to a machine
with the IP address [Link], which command would be used to invoke netcat on the
receiving machine?
nc –l –p 9999 | [Link]
dd if=/dev/hda1 | nc [Link] 9999
nc –l –p 9999 > [Link]
dd if=/dev/hda | netcat –l -p 9999
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 6
1/1 point (graded)
Which of these is not a forensic imaging tool?
dc dd
dd
[Link] 3/6
� ldd
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 7
1/1 point (graded)
Which of these tools can acquire memory remotely?
Fmem
F-Response
Linux Memory Extractor (LiME)
Live Response
Memdump
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 8
0/1 point (graded)
True or False: When you use FTK Imager to acquire a disk image, you do not need to use a
write blocker. You are only allowed one attempt for this question.
True
False
Ha realizado 1 de 1 intento
[Link] 4/6
� Enviar
Unit 2: Question 9
1/1 point (graded)
When using dd to carve out the data that belongs to a partition from a whole drive dd
image, we use the command:
bs and count
conv
seek and count
skip and count
Enviar Ha realizado 1 de 2 intentos
Unit 2: Question 10
1/1 point (graded)
Which of these Linux/Unix commands will show a list of network connections on a
Linux/Unix system? (Select two.)
netstat
uptime
lsof
ps
Enviar Ha realizado 1 de 2 intentos
[Link] 5/6
