This assignment covers chapters 4, 5, and 6 in the Network Intrusion Analysis e-Book Question 1 Often referred to as evidence that can be found on the host or "victim" machine "forensics, this part of the examination focuses on locating any artifacts, malware, registry keys and any other Question 2 Probably one of the easiest methods for the analysis of a data set is to search for Unicode text or strings Question 3 The starting point of the network analysis will be dictated by the event or that reported the incident in the first place Question 4 topology of the network To conduct a complete network analysis, the examiner must have a firm understanding of both the physical and in question Question 5 Volatile data is data that will be lost once is removed from the system. This data reside in RAM Question 6 When examining a compromised host as part of any computer security incident, Question 7 information from within these two end points Question 8 analysis plays a large role in the analysis carving is a method to search through this type of data, in our case memory dumps, for file signatures and footers and "carve" the devices are any network device that was in the path of the intrusion Question 9 is a network intrusion prevention and detection system (IPS/IDS) that was developed by Sourcefire Question 10 is essentially the command line version of Wireshark