2023美亚杯个人赛

1、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉所用手机移动运营商公司的名称 What is the name of the telecommunication company that Li Dahui’s mobile phone is using

image-20241105084608573

2、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机安装了什么即时通讯软件 (Instant Messaging App)? What instant messaging app is installed on Li Dahui’s mobile phone

A:WhatsApp B:LINE

C:微信 D:Signal

E:QQ

image-20241105084849759

3、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机安装了什么反追踪软件? What anti-tracking software is installed on Li Dahui’s mobile phone? 提示: 所有答案字母都用小写字母并用xxx_xxx_xxxxxxx_xxxxxx_xxxx格式作答 Tips: Please answer the question as below format in lowercase letters

4、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉的手机是什么时间成功登入WhatsApp? At what time did Li Dahui’s mobile phone successfully log into WhatsApp?

image-20241105085733138

5、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉登入WHATSAPP时的认证短码是什么? What was the verification code that Li Dahui used to log into WhatsApp? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers

见上题图

6、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉到美丽好化妆品公司的入职时间是何时?When did Li Dahui join the Beauty Good Cosmetics Company

image-20241105090425111

7、参考 ‘ Android.bin ‘ 回答以下题目 With reference to ‘Android.bin’ to answer below question 李大辉曾于什么时间使用了图像编辑软件? At what time did Li Dahui use image editing software?

image-20241105091018760

image-20241105091036545

15、给出正在进行Nmap扫瞄的计算机互联网协议地址?提示: 以IPV4格式给出答案 (

image-20241105091433485

16、有多少个Nmap扫瞄正在同时进行?提示:请给出阿拉伯数字作答

17、当计算机正在扫瞄8.8.8.8,namp相关的指令是什么

18.当计算机正在扫瞄45.33.32.156,namp相关的指令是什么

image-20241105091910159

19.国强被指派设定一个DHCP服务器,该服务器需借出最后100个的IP地址,以下哪个IP地址会是被借出的IP地址

A. 10.1.4.255

B. 10.1.4.100

C. 10.1.4.254

D. 10.1.4.1

常识题

27、参考’ Mac OS.img ‘ 文件回答以下题目 With reference to ‘ Mac OS.img ‘ file to answer below question 在’ Mac OS.img ‘ 档中使用了哪种分区方案?Which partition scheme was used in the ‘ Mac OS.img ‘

image-20241105095929356

28、参考’ Mac OS.img ‘ ‘文件回答以下题目 With reference to ‘ Mac OS.img ‘ file to answer below question ‘ Mac OS.img ‘ 档的文件系统的正确描述是什么?What is the correct description of the file system in the ‘ Mac OS.img ‘

image-20241105100424148

29、参考’ Mac OS.img ‘ 文件回答以下题目 With reference to ‘ Mac OS.img ‘ file to answer below question 从文件“Car.rtfd”中删除了哪个文件?Which file was deleted from the file “Car.rtfd”? 提示:答案需包括副文件名,并以全小写字母作答,例如 answer.docx Tips: The answer must be in lowercase and include file extension. Example: answer.docx

根据目录下的文件名进行定位备份

image-20241105101245327

30、参考’ Mac OS.img ‘文件回答以下题目,请提供’ Mac OS.img ‘ 映像文件被“fsck”命令检查的具体时间。

31、参考 ‘ Mac OS.img ‘ 文件回答以下题目 With reference to ‘ Mac OS.img ‘ file to answer below question 在 .dmg 档中删除了多少个文件

image-20241105102523115

32、参考 ‘ Window Artifacts.E01 ‘ 内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question Elvis Chui 总共登入过该计算机多少次? According to the windows registry record of “Window Artifacts.E01”, how many times has Elvis Chui logged into this computer

image-20241105103723762

33、参考 ‘ Window Artifacts.E01 ‘ 内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 该计算机的操作系统是在哪一个时区? What is the time zone of the operating system of this computer?

image-20241105103800809

34、参考 ‘ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 该计算机的操作系统于何时安装? (以计算机系统时区回答) When was the operating system of this computer installed? (Answer in the time zone of the computer system)

见上题图

35、参考’ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 哪(几)个程序会于操作系统启动时自动执行? Which program(s) would be automatically executed upon operating system startup

image-20241105104007392

36、参考’ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 该计算机内安装了以下哪一个程序? Which one of the following programs was installed on this computer?

image-20241105104052913

37、参考’ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 计算机内的OneDrive程序版本是什么? What is the version of the OneDrive program installed on this computer?

image-20241105104204510

38、参考’ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 计算机有一个正在连接的网络接口,该接口连接DHCP服务器的IP地址是多少? What is the IP address of DHCP server. ? 提示: 以 IPV4格式回答 Answer: Please answer in IPV4 format

image-20241105104349113

39、参考’ Window Artifacts.E01 ‘内的Windows 注册表回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 该计算机何时连接过一只U盘? (以计算机系统时区回答) When was a USB flash drive last connected to this computer? (Answer in the time zone of the computer system)

image-20241105104436213

40、参考’ Window Artifacts.E01 ‘回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question Elvis Chui 将哪几个文本文件放在回收站中? Which text files did Elvis Chui put into the recycle bin?

image-20241105104514065

41、参考’ Window Artifacts.E01 ‘ 回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question Elvis Chui在什么时间删除了第一个文本文件? (以计算机系统时区回答) What time did Elvis Chui delete the first text file? (Answer in the time zone of the computer system)

image-20241105104618105

42、题目内容请看题目描述。参考 ‘ Window Artifacts.E01 ‘回答以下题目,Elvis Chui删除的第一个文本文件的文件名是什么?

见上题图

43、参考 ‘ Window Artifacts.E01 ‘ 回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question Elvis Chui删除的第一个文本文件在什么时间创建? (以计算机系统时区回答) When was the text file first deleted by Elvis was created? (Answer in the time zone of the computer system)

image-20241105104850872

44、参考 ‘ Window Artifacts.E01 ‘ 回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question Elvis Chui计划于2023年7月15日20点5分有什么活动? What is Elvis Chui’s plan at 8:05 PM on July 15, 2023? 提示: 答案请与文件内的文字与大细阶相同 Tips: Please answer the exact words and uppercase/lowercase leters shown in the file

image-20241105105612121

45、参考 ‘ Window Artifacts.E01 ‘ 回答以下题目 With reference to ‘ Window Artifacts.E01 ‘ file to answer below question 该计算机执行STEAM.EXE总共多少次? How many times has STEAM.EXE been opened on this computer? 提示: 请用阿拉伯数字作答 Tips: Please answer in arabic numbers

image-20241105105830955

53、参考’ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ to answer below question 根据 ‘ com.apple.ios.StoreKitUIService.plist ‘ , 这部电话是什么型号? According to ‘ com.apple.ios.StoreKitUIService.plist ‘, what is the model of this phone

image-20241105141157976

54、参考 ‘ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ to answer below question 根据com.apple.ios.StoreKitUIService.plist,上述电话的文件系统是什么? According to com.apple.ios.StoreKitUIService.plist, what is the file system of the phone in question

苹果用的文件系统就是APFS

55、参考 ‘ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ folder to answer below question 根据ChatStorage.sqlite,哪些对话已锁定? According to ChatStorage.sqlite where chats are stored, which conversations are locked

image-20241105143715530

56、参考 ‘ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ folder to answer below question 根据ChatStorage.sqlite,有多少段录音对话? According to ChatStorage.sqlite, how many recorded conversations are there? 提示: 请以阿拉伯数字作答 Tips: Please answer in arabic numbers

image-20241105144645479

57、参考 ‘ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ folder to answer below question Apple Cocoa Core Data timestamp 是由什么时间开始? From what time does the Apple Cocoa Core Data timestamp start

常识题

image-20241105145850661

59、参考 ‘ IOS ‘ 文件夹回答以下题目 With reference to ‘ IOS ‘ to answer below question 根据Photos.sqlite数据库中,下列哪个选项对IMG_0008.HEIC的描述是错的? According to the ‘ Photos.sqlite ‘ database, which of the following descriptions of IMG_0008.HEIC is incorrect?

60.、**[填空题] 根据 ’ sms(ios).db ’ 的资料,全局唯一标识符(GUID): DD31C26F-1D72-DE0F-431E-EF98F104402D显示的信息是什么?提示:答案需要与信息一样(答案包括中文字、阿拉伯数字与符号) (1分)**你的 Uber 驗證碼為 3666. 請勿分享此驗證碼.

image-20241105152520724

61.、[多选题] 根据 ’ com.burbn.instagram.plist ’ 及 ’ com.facebook.Facebook.plist ’ 手机安装了实时通讯软件Facebook及Instagram的那个版本

image-20241105153204783

image-20241105153053826

62、 **[填空题] 根据 ’ ChatStorage(ios).sqlite ’ , 用户数据Peter Chow (85262012141)在什么日期和时间(以UTC +8时区)曾经通过实时通讯软件送出一个信息(内容为: I am already home)

image-20241105153858797

63、根据影片IMG_0687.MOV的原数据,找出影片拍摄时间

64.、**[单选题] 根据 ’ CallHistory(ios).storedata ‘,哪份表格显示了通话记录

image-20241105154747123

65.、**[填空题] 根据 ’ com.apple.sharingd.plist ‘,这部手机的隔空投送的身份标识号(AirDrop ID)是什么

image-20241105154911448

66.、**[填空题] 根据 ’ Accounts3.sqlite ‘,这部手机的苹果使用者账号 (Apple ID) 是什么

image-20241105155106836

88、[填空题] 在 Windows 10 中 \Users\qqqqq\Downloads,视频文件(mixkit-two-women-laying-together-925-medium.mp4)在MFT 中分成多少个Data Cluster 储存

image-20241105181106417

89、题目内容请看题目描述。参考’ Windows 10 ‘ 文件夹回答以下题目,在 Windows 10 中 \Users\qqqqq\Downloads\ mixkit-two-woman-laying-together-925-medium.mp4 的last Access 时间是多少

image-20241105181721753

90、题目内容请看题目描述。参考’ Windows 7 ‘ 文件夹回答以下题目,在 Windows 7 中 \Users\Allen\Desktop,有1个MP3 文件 (例:unlock-me-149058.mp3),用户使用什么程序打开该MP3 文件

image-20241105182016765

91、题目内容请看题目描述。参考’ Windows 7 ‘ 文件夹回答以下题目,在 Windows 7 中 ‘ \Users\Allen\Desktop ‘有1个MP3 文件 (unlock-me-149058.mp3),该文件的Zone identiflier为’3’。上述’3’字代表哪一个security Zone

常识题

92、题目内容请看题目描述。参考’ Windows 7 ‘ 文件夹回答以下题目,在 Windows 7 中 \Users\Allen\Desktop有1个MP3 文件 (unlock-me-149058.mp3),该文件从哪个网站下载

image-20241105182757860

93、参考’ Windows 7 ‘ 文件夹回答以下题目 With reference to ‘ Windows 7 ‘ folder to answer below question 在 Windows 7 中 \Users\Allen\Downloads 内有mp3文件 (miracle.mp3), 更改名称时间

image-20241105183603346

94、题目内容请看题目描述。参考’ Windows 7 ‘ 文件夹回答以下题目,在 Windows 7 中 \Users\Allen\Downloads 内有mp3文件 (miracle.mp3), mp3文件更改名称前的名称是什么

使用取证大师的文件溯源功能

image-20241105184409305

95、参考’ Windows 7 ‘ 文件夹回答以下题目 With reference to ‘ Windows 7 ‘ folder to answer below question 在 Windows 7中有多少个文件曾被potplayer 播放

image-20241105184928679

96、题目内容请看题目描述。参考’ Windows 7 ‘ 文件夹回答以下题目,在 Windows 7中, potplayer最后播放的文件名

image-20241105185745219