Networking 978-0123742681 Chapter 21 Quiz

Chapter 21

Network Basics for Digital Investigators

– Be aware of the reasons that digital investigators have to have a thorough understanding of

networks.

– Be aware of the hardware and protocols that constitute a network.

– Be aware of the various network technologies a digital investigator is likely to encounter.

– Be aware of the tools that assist in network investigations.

Chapter Guide

All digital investigators require some understanding of networks since most computers we encounter are

connected to one. In fact, computers have become network-centered and it is no longer sufficient to only

think of digital evidence on storage media. To comprehend traces of Internet activities left on personal

computers and to establish continuity of offense, digital investigators require knowledge of evidence that

exists on surrounding networks. These sources include server logs, network devices, and traffic on both

wired and wireless networks.

connect to a remote system such as a backbone router as shown here:

On August 15 at 11:20 EDT, Telnet was used to connect from a Windows machine to a public

Internet router (see www.traceroute.org for a list of route servers).

C:\> telnet route-server.ip.tiscali.net

+———–———-———-———-————–———-—+

| |

| TISCALI International Network – Route Monitor |

| (AS3257) |

route-server.ip.tiscali.net>who

Line User Host(s) Idle Location

* 2 vty 0 idle 00:00:00

pool-141-157-94-144.balt.east.verizon.net

Interface User Mode Idle Peer Address

route-server.ip.tiscali.net>show log

In addition to demonstrating client-server interaction, this exercise gives routers and the Internet

backbone a tangible form that students may not otherw

that it is 16:30 Central European Time (GMT + 1) whereas the time according to the Windows host was

In addition, the Open System Interconnection (OSI) model is used in this chapter to give the reader an

understanding of the different functions of networks and the types of crime and associated evidence that

exist. The OSI model is comprised of seven layers summarized here:

# Name Summary

1 Physical Media that carries data (e.g., network cable)

2 Data-link Enables basic network connectivity between computers connected directly

by the same network technology (e.g., Ethernet)

Data in each layer are encapsulated by lower layers. For example, an e-mail message is encapsulated in an

IP datagram, which in turn is encapsulated in an Ethernet frame. Notably, the OSI model does not fit

Multiple Choice Questions

1. An understanding of networks helps with which of the following:

2. When a Windows system connects to a shared folder on another Windows machine on the

Internet, which of the following protocols are used?

3. Hosts that connect two or more networks are called:

4. Which of the following are Layer 7 protocols?

5. Which of the following is a wireless protocol?

6. Ethernet uses which of the following technologies?

7. Which of the following is a Layer 2 address?

8. Another name for a hub is:

9. Currently, the most widely used Internet protocols are:

10. The OSI reference model divides Internets into seven layers. Choose the correct order, by

layer.

11. The layer that actually carries data via cables or radio signals is the:

12. A hub joins hosts at the physical level whereas a switch joins them at the _____ layer.

13. The layer responsible for managing the delivery of data is the:

14. ___is a transport layer protocol.

15. Which of the following network technologies uses a fiber-optic medium?

True or False Questions

1. An understanding of networks is only necessary for investigating computer intrusions and

Denial Of Service attacks.

2. It is possible to reconstruct events surrounding a crime scene using only evidence on

3. Ethernet frames are encapsulated within IP datagrams.

4. A switch prevents eavesdropping on a network.

5. TCP connections only carry data in one direction.

6. Capturing network traffic at the physical layer gives investigators access to application

layer data such as web pages viewed and images downloaded.

7. TCP is a Layer 4 protocol.

8. TCP addresses can be used to track down an offender.

9. Every mobile telephone has a unique Electronic Serial Number (ESN) and Mobile ID

Number (MIN).

10. Mobile telephones can be used to locate the person using them.

11. TCP/IP enables computers using different network technologies to communicate.

13. MAC addresses are uniquely associated with an NIC whereas IP addresses can be

changed.

14. A single, prolonged NetBIOS connection can be made up of multiple TCP/IP

connections.

15. Individuals who can access the physical layer have unlimited access to all of the data on

the network unless it is encrypted.

Discussion Questions

1. Give an example of the type of digital evidence that can be found at each layer of the OSI

2. In Figure 21.13, identify each layer and describe its purpose.

3. Child pornographers are connecting to the home networks of innocent individuals via

insecure wireless access points. How can this help or hinder a digital investigation?

4. What Internet servers do you access regularly and what activities might those systems

record in log files?