1
In your own words, what is the difference between active and passive evidence acquisition? Give an example of each.
2
In your own words, define the “protocal analysis”. Please don’t say that it is a tool.
3
In your own words, define the term “packet analysis”
4
In your own words, “flow analysis” (emphasize on patterns)
5
Please explain (in your own words) why it is advisable not to transmit your flow export data via UDP. What is a preferable protocol to use?
6
Ethernet (802.3) is designed to use CSMA/CD, but Wireless protocols (802.11) are designed to use CSMA/CA. What is the difference between two methods and briefly why (in your own words) is there a difference
7
Using one to two sentences, please explain what a CAM table is and what its forensic value is.
8
Using three to four sentences, please explain what the forensic value is in searching a network switch. Please focus on the major types of evidence that you might find and what value that evidence would have in an investigation.
9
Using two to four sentences, please explain why a forensic examiner would want to examine an enterprise level firewall when investigating a network intrusion case. Please focus on the vital forensic evidence that is stored on a firewall with respect to data exfiltration and intranet access.
