Crowdly

Add to Chrome

Universities
learning.devinci.fr
Forensic (MESIIN485025)

Forensic (MESIIN485025)

Looking for Forensic (MESIIN485025) test answers and solutions? Browse our comprehensive collection of verified answers for Forensic (MESIIN485025) at learning.devinci.fr.

Get instant access to accurate answers and detailed explanations for your course questions. Our community-driven platform helps students succeed!

winninit.exe is a legitimate process on a Windows workstation ?

What is the malware dilemma ?

View this question

RAM needs to go through CPU and Cache to query Data on Disk ?

What has to be obtain first to be able to get the process list in RAM ?

KPCR : Kernel Processor Control Region

EPROCESS : Executive Process list

PEB :

Process Environment Block

KDBG : Kernel Debugger Data Block

94%

View this question

In volatility 3, the isfinfo plugin helps you to get the version of the OS and the time of the dump ?

If I see this string "/krbtgt:09267d27ac91294c4d423dbf642187cb" in a commandline parameters, I should :

Change the password of the krbtgt twice in 10h interval.

29%

Tell the admin to activate the MFA

12%

Investigate deeper by dumping the associated process

100%

Ask the admin if it is a legitimate action from him

65%

worry that a Golden ticket has been made.

94%

View this question

pslist and psscan plugins are doing the same thing, they give same results except psscan gives the parent/ child relationships ?

mimikatz is a tool that helps attackers creating a Golden Ticket ?

scvhost.exe is a legit process on Windows systems ?

In RAM analysis, there is always multiple ways to detect something malicious or to get a specific information such as the private IP address or hostname og the machine ?

Want instant access to all verified answers on learning.devinci.fr?

Get Unlimited Answers To Exam Questions - Install Crowdly Extension Now!

Add to Chrome

Telegram Instagram TikTok Question Bank

Add to Chrome