Chapter 08: Recovering Graphics Files
The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03.
XIF
When working with image files, computer investigators also need to be aware of ____ laws to guard against copyright violations.
copyright
Graphics file format that uses lossless compression
PNG
Short for "picture elements"
Pixels
Gnome graphics editor
GIMP
A disk editor tool
Hex workshop
____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.
Insertion
Graphics file format that uses lossy compression
JPEG
The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes.
JPEG
____ compression compresses data by permanently discarding bits of information in the file.
Lossy
Combinations of bitmap and vector images
Metafile graphics
collection of pixels stored in rows to make images easy to print
Raster image
____ is a data-hiding technique that uses host files to cover the contents of a secret message.
Steganography
Bitmap images are collections of dots, or pixels, in a grid format that form a graphic.
True
The Internet is the best source for learning more about file formats and their extensions.
True
Steganalysis tools are also called ____.
steg tools
With many computer forensics tools, you can open files with external viewers.
True
____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.
Vector graphics
Recovering fragments of a file is called ____.
carving
The process of converting raw picture data to another format is referred to as ____.
demosaicing
The uppercase letter ____ has a hexadecimal value 41.
"A"
Drawing program that creates vector files
Adobe Illustrator
____ images store graphics information as grids of pixels.
Bitmap
Process of coding of data from a larger form to a smaller form
Data compression
Most digital photographs are stored in the ____ format.
EXIF
A graphics program creates and saves one of three types of image files: bitmap, vector, or XIF.
False
All TIF files start at position zero (offset 0 is the first byte of a file) with hexadecimal 49 49 3B.
False
Operating systems do not have tools for recovering image files.
False
Steganography cannot be used with file formats other than image files.
False
Determines the amount of detail that is displayed
Resolution
____ has been used to protect copyrighted material by inserting digital watermarks into a file.
Steganography
____ steganography replaces bits of the host file with other bits of data.
Substitution
The image format XIF is derived from the more common ____ file format.
TIF
If a graphics file is fragmented across areas on a disk, you must recover all the fragments before re-creating the file.
True
The two major forms of steganography are insertion and substitution.
True
Under copyright laws, maps and architectural plans may be registered as pictorial, graphic, and sculptural works.
True
You use ____ to create, modify, and save bitmap, vector, and metafile graphics.
graphics editor
If you can't open a graphics file in an image viewer, the next step is to examine the file's ____.
header data
The simplest way to access a file header is to use a(n) ____ editor
hexadecimal
Under copyright laws, computer programs may be registered as ____.
literary works
