Paul is a computer forensics investigator working for Tyler and Company Consultants. Paul has been called upon to help investigate a computer hacking ring broken up by the local police. Paul begins to inventory the PCs found in the hackers?hideout. Paul then comes across a PDA left by them that is attached to a number of different peripheral devices. What is the first step that Paul must take with the PDA to ensure the integrity of the investigation?

A. Place PDA, including all devices, in an antistatic bag

B. Unplug all connected devices

C. Power off all devices if currently on

D. Photograph and document the peripheral devices

One technique for hiding information is to change the file extension from the correct one to one that might not be noticed by an investigator. For example, changing a .jpg extension to a .doc extension so that a picture file appears to be a document. What can an investigator examine to verify that a file has the correct extension?

A. the File Allocation Table

B. the file header

C. the file footer

D. the sector map

Click on the Exhibit Button Paulette works for an IT security consulting company that is currently performing an audit for the firm ACE Unlimited. Paulette's duties include logging on to all the company's network equipment to ensure IOS versions are up-to-date and all the other security settings are as stringent as possible. Paulette presents the following screenshot to her boss so he can inform the client about necessary changes need to be made. From the screenshot, what changes should the client company make?

A. The banner should include the Cisco tech support contact information as well

B. The banner should have more detail on the version numbers for the networkeQuipment

C. The banner should not state "only authorized IT personnel may proceed"

D. Remove any identifying numbers, names, or version information

What file structure database would you expect to find on floppy disks?

A. NTFS

B. FAT32

C. FAT16

D. FAT12

What is the "Best Evidence Rule"?

A. It states that the court only allows the original evidence of a document, photograph, or recording at the trial rather than a copy

B. It contains system time, logged-on user(s), open files, network information, process information, process-to-port mapping, process memory, clipboard contents, service/driver information, and command history

C. It contains hidden files, slack space, swap file, index.dat files, unallocated clusters, unused partitions, hidden partitions, registry settings, and event logs

D. It contains information such as open network connection, user logout, programs that reside in memory, and cache data