Network Forensics Lab 5

Name:

G#:

Lab Questions:

 ANSWERS MUST BE IN COMPLETE SENTENCES FOR FULL CREDIT.

 USE YOUR OWN WORDS.
 YOU WILL NOT RECEIVE CREDIT FOR QUESTIONS THAT ASK FOR DEFINITIONS OR EXAMPLES IF
YOU USE THE ONES GIVEN IN THE DIRECTIONS.

1) Google ARP spoofing. Write a definition below in your own words.

2) What is promiscuous mode (in the context of a packet sniffer):

3) In your own words, describe the three-way handshake?

4) Where and how are cookies stored?

5) What types of information might you find in the internet history files that might be of forensic
interest?

6) How might a criminal use a key logger?

7) How might an investigator use a key logger? What legal authority would be required before a
keylogger could be used?

8) What federal laws might be violated by unauthorized use of a key logger?

©2007, Updated 2014, 2015, 2021 Anne Marchant, Rebecca J. Pollard, Alex Mbaziir
1
By submitting this assignment, I certify I have abided by all requirements of the GMU honor code. I certify that
this is entirely my own work, no unauthorized sources have been used, and all sources used have been properly
cited.
 Network Forensics Lab 5

©2007, Updated 2014, 2015, 2021 Anne Marchant, Rebecca J. Pollard, Alex Mbaziir
2
By submitting this assignment, I certify I have abided by all requirements of the GMU honor code. I certify that
this is entirely my own work, no unauthorized sources have been used, and all sources used have been properly
cited.