Computer Forensics Interview Questions & Answers

4 avg. rating (80% score) - 1 votes

Computer Forensics Interview Questions & Answers

Did you know that computer Forensics jobs are very much in demand. Here in our site we provide you with the complete Computer Forensics interview Question and Answers on our page. To be more precise Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. There are numerous leading companies that offer various job positions in Computer Forensics like Sales Executive/Office, Scientific Officer- Mobile Forensics Section, GAP Inc Technology - Security Analyst - Ediscovery & Forensics, Cyber Forensics Expert, Senior Sales Executive - Government Sales, Digital Forensic Analysts, Senior Sales Executive, Information Security Computer Forensics, CHFI (Computer Hacking Forensic Investigator) or CISA, Information Security Computer Forensics and many other roles too. To know more visit our site wisdomjobs.com.

Computer Forensics Interview Questions

Computer Forensics Interview Questions
    1. Question 1. What Is Md5 Checksum?

      Answer :

      MD5 checksum is a 128 bit value that helps identify the uniqueness of a file. You can have two file names, but each will have a different checksum. You use these checksums to compare two different files to identify if they are the same.

    2. Question 2. Name Some Common Encryption Algorithms That Are Used To Encrypt Data?

      Answer :

      Some common ones include triple DES, RSA, Blowfish, Twofish and AES.

    3. Question 3. What Is An .iso File?

      Answer :

      An ISO file contains an application or CD image of several files and executables. Most app software can be made into an ISO that you then mount as a virtual drive and can browse files within the ISO. New Windows versions come with internal ISO mounting capabilities.

    4. Question 4. What Is A Sam File?

      Answer :

      A SAM, or Security Accounts Manager, file is a file specifically used in Windows computers to store user passwords. It’s used to authenticate both remote and local Windows users, and can be used to gain access to a user’s computer.

    5. Question 5. What Is Data Mining?

      Answer :

      Data mining is the process of recording as much data as possible to create reports and analysis on user input. For instance, you can mine data from various websites and then log user interactions with this data to evaluate which areas of a website are accessed by users when they are logged in.

    6. Question 6. What Is Data Carving?

      Answer :

      Data carving is different than data mining in that data carving searches through raw data on a hard drive without using a file system. Data carving is essential for computer forensics investigators to find data when a hard drive’s data is corrupted.

    7. Question 7. What Operating Systems Do You Use?

      Answer :

      Most computer forensic experts know at least one operating system well. Be honest with this question, but you should know either Windows, Linux or Mac operating systems well.

    8. Question 8. What Type Of Email Analysis Experience Do You Have?

      Answer :

      Computer forensics relies on email analysis. You should be experienced with email servers such as MS Exchange and free web-based platforms such as Gmail and Yahoo.

    9. Question 9. What Is Steganography?

      Answer :

      Steganography conceals a message within a message. In other words, someone can send an email message with content that says one thing, but every third word comprises a second message that makes sense to a recipient.

    10. Question 10. What Are Some Common Port Numbers?

      Answer :

      TCP port numbers are the virtual connections created by computers and applications. Common port numbers are 21 for FTP, 80 for web services, 25 for SMTP and 53 for DNS.

    11. Question 11. Describe The Sha-1 Hash?

      Answer :

      The secure hash algorithm 1 is a hash algorithm that creates a 160-bit or 20-byte message digest.

    12. Question 12. How Would You Handle Retrieving Data From An Encrypted Hard Drive?

      Answer :

      First determine the encryption method used. For simple encryption types, try finding the configuration file. Use tools such as EaseUS Data Recovery, Advanced EFS Data Recovery or Elcomsoft Forensic Disk Decryptor. You can also use brute force methods.

    13. Question 13. What Port Does Dns Run Over?

      Answer :

      53

    14. Question 14. What Are Some Security Issues Related To The Cloud?

      Answer :

      The biggest issue is the increased potential for data breaches or exfiltration as well as the potential for account hijacking. The Man in Cloud Attack is a new threat specific to Cloud usage. It is similar to the MitM attack, where an attacker steals the user token which is used to verify devices without requiring additional logins. Cloud computing introduces insecure API usage, which is discussed on the OWASP Top 10 Vulnerabilities list.

    15. Question 15. Describe Some Of The Vulnerabilities Listed On The Owasp Top 10 Vulnerabilities List?

      Answer :

      This list is updated yearly with the current top 10 application security risks. Cross-site scripting is one item that has been on the list year after year. But others on the most current list include injections such as SQL, OS and LDAP, security misconfigurations, sensitive data exposure and under-protected APIs.

    16. Question 16. What Is An Acl?

      Answer :

      An access control list. It is a list used to grant users and processes access to system resources.

    17. Question 17. How Would You Be Able To Tell At The Hex Level That A File Has Been Deleted In Fat12?

      Answer :

      Run fsstat against the FAT partition to gather details. Run fls to get information about the image files. This will return information about deleted files and the metadata information.

    18. Question 18. What Are Some Tools Used To Recover Deleted Files?

      Answer :

      Recuva, Pandora Recovery, ADRC data recovery, FreeUndelete, Active UNDELETE, Active partition or File recovery and more.

    19. Question 19. If You Needed To Encrypt And Compress Data For Transmission, Which Would You Do First And Why?

      Answer :

      Compress then encrypt. Because encryption takes up resources and can be cumbersome to perform, it makes sense to compress the data first.

    20. Question 20. What Is The Difference Between Threat, Vulnerability And Risk?

      Answer :

      A threat is what a potential attacker poses, by potentially using a system vulnerability that was never identified as a risk. Using this answer provides context for the three terms together, but you can define them separately.

      • A threat is the possibility of an attack.
      • A vulnerability is a weakness in the system.
      • Risks are items that may cause harm to the system or organization.

    21. Question 21. Describe Your Home Network?

      Answer :

      In cybersecurity-related positions, interviewers often want to know your interest in security spills over into your personal life as well. Make sure you know the security features of your router or your specific ISP. Be sure to mention any additional security measures you have added to your home network.

All rights reserved © 2018 Wisdom IT Services India Pvt. Ltd DMCA.com Protection Status

Computer Security Tutorial