Chapter 09: Digital Forensics Analysis and Validation

¡Supera tus tareas y exámenes ahora con Quizwiz!

____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.

Brute-force

One way to hide partitions is with the Windows disk partition utility, ____.

diskpart

You begin a digital forensics case by creating a(n) ____.

investigation plan

The term ____ comes from the Greek word for "hidden writing."

steganography

In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover.

subpoenas

Private-sector cases, such as employee abuse investigations, might not specify limitations in recovering data.

True

Several password-cracking tools are available for handling password-protected data or systems.

True

Some encryption schemes are so complex that the time to crack them can be measured in days, weeks, years, and even decades.

True

The defense request for full discovery of digital evidence applies only to criminal cases in the United States.

True

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

BestCrypt

Progressing to make any current encryption schemes obsolete

Quantum computing

A file containing the hash values for every possible password that can be generated from a computer's keyboard

Rainbow table

WinHex provides several hashing algorithms, such as MD5 and ____.

SHA-1

Designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure

Salting password

____ alters hash values, which makes cracking passwords more difficult.

Salting passwords

Limit a civil investigation

Court orders for discovery

The original file with no hidden message

Cover-media

Program used to clean all data from the target drive you plan to use

Digital Intelligence PDWipe

____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity.

Digital forensics tools, hexadecimal editors

____ increases the time and resources needed to extract, analyze, and present evidence.

Scope creep

Marking bad clusters data-hiding technique is more common with ____ file systems.

FAT

Autopsy for Windows cannot analyze data from image files from other vendors.

False

Autopsy for Windows cannot perform forensics analysis on FAT file systems.

False

Most organizations keep e-mail for longer than 90 days.

False

When viewing two files that look the same, but one has an invisible digital watermark, they appear to be the same file, except for their sizes.

False

Defines the investigation's goal and scope, the materials needed, and the tasks to perform

Investigation plan

AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.

KFF

Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values.

MD5

To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes.

NSRL

A password recovery program available from AccessData

PRTK

____ recovery is becoming more common in digital forensic analysis.

Password

____ is defined as hiding messages in such a way that only the intended recipient knows the message is there.

Steganography

The converted cover-media file that stores the hidden message

Stego-media

For static acquisitions, remove the original drive from the computer, if practical, and then check the date and time values in the system's CMOS.

True

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

True

One of the most critical aspects of computer forensics

Validating digital evidence

The data-hiding technique ____ changes data from readable code to data that looks like binary executable code.

bit-shifting

Data ____ involves changing or manipulating a file to conceal information.

hiding

Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.

key escrow

Criminal investigations are limited to finding data defined in the search ____.

warrant


Conjuntos de estudio relacionados

QUESTIONS - Property and Casualty Policy provisions and Contract Law

View Set

Chapter 2 - the management environment (O)

View Set

316 Exam 2 review including past Quizzes

View Set