Information Technology /Cyber-Security: Virtual Machine Forensics
Cyber-Security: Virtual Machine Forensics
This deck covers key concepts and tools related to virtual machine forensics and cyber-security, including hypervisors, network protocols, and defense strategies.
Type 2 hypervisors cannot be used on laptops
False
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/39
Key Terms
Term
Definition
Type 2 hypervisors cannot be used on laptops
False
Which tool lists all open network sockets, including those hidden by rootkits?
Memoryze
Network logs record traffic in and out of a network
True
Virtual machines (VMs) help offset hardware costs for companies
True
When intruders break into a network, they rarely leave a trail behind
False
In network forensics, you have to restore the drive to see how malware that attackers have installed on the system works
True
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Type 2 hypervisors cannot be used on laptops | False |
Which tool lists all open network sockets, including those hidden by rootkits? | Memoryze |
Network logs record traffic in and out of a network | True |
Virtual machines (VMs) help offset hardware costs for companies | True |
When intruders break into a network, they rarely leave a trail behind | False |
In network forensics, you have to restore the drive to see how malware that attackers have installed on the system works | True |
Which project was developed to make information widely available in an attempt to thwart Internet and network hackers? | Honeynet |
Which product responded to the need for security and performance by producing different CPU designs? | Virtualization Technology (VT) |
Which type of forensics can help you determine whether a system is truly under attack or a user has inadvertently installed an untested patch or custom program? | Network Forensics |
Which network protocol analyzer can be programmed to examine TCP headers to find the SYN flag? | Tethereal |
On which OSI model layers do most packet analyzers operate? | Layers 2 and 3 |
Which network defense strategy, developed by the National Security Agency (NSA), has three modes of protection? | Defense in Depth |
In which type of attack does the attacker keep asking the server to establish a connection? | SYN flood |
Before attempting to install a type 2 hypervisor, you need to enable virtualization in the BIOS before attempting to create a VM | True |
Which format can be read by most packet analyzer tools? | Pcap |
Which tool was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files? | Netdude |
Virtual machines are now common for both personal and business use | True |
What term is used for the machines used in a DDoS attack? | Zombies |
Which tool is useful for extracting information from large Libpcap files? | Tcpslice |
What type of software runs virtual machines? | A Hypervisor |
What determines how long a piece of information lasts on a system? | Order of volatility |
A honeywall is a computer set up to look like any other machine on your network, but it lures the attack to it | False |
Type 1 hypervisors are usually the ones you find loaded on a suspect machine | False |
Which tool allows network traffic to be viewed graphically | Etherape |
Which type of virtual machine software is typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage? | Type 1 |
A forensic image of a VM includes all snapshots | False |
To find network adapters, you use command in Windows and the command in Linux | ipconfig, ifconfig |
A layered network defense strategy puts the most valuable data where? | In the innermost layer |
Packet analyzers examine what layers of the OSI model? | Layer 2 and 3 |
Which of the following file extensions are associated with VMware virtual machines? | .vmx, .log, and .nvram |
In VirtualBox, a(n) file contains settings for virtual hard drives | .vbox |
Which Registry key contains associations for file extensions? | HKEYCLASSESROOT |
The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of _ and . | RAM, storage |
When do zero day attacks occur? | On the day the application or OS is released, before the vendor is aware of the vulnerability |
You can expect to find a type 2 hypervisor on what type of device? | Desktop, Smartphone, Tablet |
Which of the following is a clue that a virtual machine has been installed on a host system? | Virtual network adapter |
Virtual Machine Extensions (VMX) are part of which of the following? | Intel Virtualized Technology |
What are the three modes of protection in the DiD strategy? | People, Technology, Operations |
Tcpslice can be used to retrieve specific timeframes of packet captures | True |