Combo with "Digital Forensics CH10-11" and 1 other
PCAP
Most packet sniffer tools can read anything captured in ____ format.
3
Most packet sniffers operate on layer 2 or ____ of the OSI model.
chntpw
The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password.
PsKill
The PSTools ____ kills processes by name or process ID.
Honeynet
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.
Literary works
Under copyright laws, computer programs may be registered as _______.
False
Steganography cannot be used with file formats other than image files.
Graphic Editors
You use _________ to create, modify, and save bitmap, vector, and metafile graphics files.
Network
____ forensics is the systematic tracking of incoming and outgoing traffic on your network.
False
Network forensics is a fast, easy process.
True
If a graphics file is fragmented across areas on a disk, first you must recover all the fragments to re-create the file.
Packet Sniffers
____ are devices and/or software placed on a network to monitor traffic.
Helix
____ can be used to create a bootable forensic CD and perform a live acquisition.
Network Forensics
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.
Layered Network Defense Strategies
____ hide the most valuable data at the innermost part of the network.
RegMon
____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.
True
Bitmap images are collections of dots, or pixels, that form an image.
Header Data
If you can't open an image file in an image viewer, the next step is to examine the file's _________.
SYN Flood
In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
False
Operating systems do not have tools for recovering image files.
TIFF
The file format XIF is derived from the more common ____ file format.
EXIF
The majority of digital cameras use the _______ format to store digital pictures.
Tcpslice
____ is a good tool for extracting information from large Libpcap files.
Snort
____ is a popular network intrusion detection system that performs packet capture and analysis in real time.
PsTools
____ is a suite of tools created by Sysinternals.
dcfldd
____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.
tethereal
____ is the text version of Ethereal, a packet sniffer tool.
Lossy
______ compression compresses data by permanently discarding bits of information in the file.
Bitmap
_______ images store graphics information as grids of individual pixels.
Insertion
_______ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.
Steganography
________ is the art of hiding information inside image files.
Substitution
________ steganography replaces bits of the host file with other bits of data.
Vector Graphics
_________ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.
Steganography
_________ has also been used to protect copyrighted material by inserting digital watermarks into a file.
False
When intruders break into a network, they rarely leave a trail behind.
Honeypot
A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.
Tcpdump
A common way of examining network traffic is by running the ____ program.
JPEG
A(n) ______ file has a hexadecimal header value of FF D8 FF E0 00 10.
Bootable Linux
Helix operates in two modes:Windows Live (GUI or command line) and ____.
Zombies
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.
True
PsList from PsTools allows you to list detailed information about processes.
Carving
Recovering pieces of a file is called _______.
Demosaicing
The process or converting raw picture data to another format is referred to as _________.
Hexadecimal
The simplest way to access a file header is to use a(n) ________ editor.
Copyright
When working with image files, computer investigators also need to be aware of ________ laws to guard against copyright violations.
True
With many computer forensics tools, you can open files with external viewers.
True
With the Knoppix STD tools on a portable CD, you can examine almost any network system.
