Combo with "Digital Forensics CH10-11" and 1 other

¡Supera tus tareas y exámenes ahora con Quizwiz!

PCAP

Most packet sniffer tools can read anything captured in ____ format.

3

Most packet sniffers operate on layer 2 or ____ of the OSI model.

chntpw

The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password.

PsKill

The PSTools ____ kills processes by name or process ID.

Honeynet

The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.

Literary works

Under copyright laws, computer programs may be registered as _______.

False

Steganography cannot be used with file formats other than image files.

Graphic Editors

You use _________ to create, modify, and save bitmap, vector, and metafile graphics files.

Network

____ forensics is the systematic tracking of incoming and outgoing traffic on your network.

False

Network forensics is a fast, easy process.

True

If a graphics file is fragmented across areas on a disk, first you must recover all the fragments to re-create the file.

Packet Sniffers

____ are devices and/or software placed on a network to monitor traffic.

Helix

____ can be used to create a bootable forensic CD and perform a live acquisition.

Network Forensics

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.

Layered Network Defense Strategies

____ hide the most valuable data at the innermost part of the network.

RegMon

____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.

True

Bitmap images are collections of dots, or pixels, that form an image.

Header Data

If you can't open an image file in an image viewer, the next step is to examine the file's _________.

SYN Flood

In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

False

Operating systems do not have tools for recovering image files.

TIFF

The file format XIF is derived from the more common ____ file format.

EXIF

The majority of digital cameras use the _______ format to store digital pictures.

Tcpslice

____ is a good tool for extracting information from large Libpcap files.

Snort

____ is a popular network intrusion detection system that performs packet capture and analysis in real time.

PsTools

____ is a suite of tools created by Sysinternals.

dcfldd

____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.

tethereal

____ is the text version of Ethereal, a packet sniffer tool.

Lossy

______ compression compresses data by permanently discarding bits of information in the file.

Bitmap

_______ images store graphics information as grids of individual pixels.

Insertion

_______ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.

Steganography

________ is the art of hiding information inside image files.

Substitution

________ steganography replaces bits of the host file with other bits of data.

Vector Graphics

_________ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

Steganography

_________ has also been used to protect copyrighted material by inserting digital watermarks into a file.

False

When intruders break into a network, they rarely leave a trail behind.

Honeypot

A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.

Tcpdump

A common way of examining network traffic is by running the ____ program.

JPEG

A(n) ______ file has a hexadecimal header value of FF D8 FF E0 00 10.

Bootable Linux

Helix operates in two modes:Windows Live (GUI or command line) and ____.

Zombies

Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.

True

PsList from PsTools allows you to list detailed information about processes.

Carving

Recovering pieces of a file is called _______.

Demosaicing

The process or converting raw picture data to another format is referred to as _________.

Hexadecimal

The simplest way to access a file header is to use a(n) ________ editor.

Copyright

When working with image files, computer investigators also need to be aware of ________ laws to guard against copyright violations.

True

With many computer forensics tools, you can open files with external viewers.

True

With the Knoppix STD tools on a portable CD, you can examine almost any network system.


Conjuntos de estudio relacionados

The Social Construction of Difference-Race, Class, Gender, and sexuality

View Set

Ch. 11 The Cardiovascular system

View Set

BIOS/UEFI 3.10.9 Practice Questions, 3.9.6 Practice Questions Troubleshooting Memory, 3.8.8 Practice Questions Memory Installation, 3.8.8 Practice Questions Memory Installation

View Set

Cognitive Psychology - Conscious Thought, Unconscious Thought

View Set

Architecture State Assessment Review 1

View Set