6. Digital and Specialized Forensics

Network Forensics — Quiz

Test your understanding of network forensics with 5 practice questions.

Practice Questions

Question 1

Which command-line tool on a Linux workstation allows passive packet capture into a file for later analysis?

Question 2

In Windows event logs, which log category records detailed information about user authentication and authorization events?

Question 3

Given an event timestamp of 2025-09-23 14:00 UTC and a local timezone offset of UTC-05:00, what is the local time?

Question 4

Which TCP ports are used by default for FTP control and data connections?

Question 5

In NetFlow logs, what does a 'flow' represent?