Computer Forensics Chapter 8
Some clues left on a drive that might indicate steganography include which of the followign?
Multiple copies of a graphics file graphics files with the same name but different file sizes steganography programs in the suspect's all programs list
When you carve a graphics file, recovering the image depends on which of the following skills?
Recognizing the pattern of the file header content
The XIF format is an image format produced by the Nuance PaperPort scanning program.
True
least significant bit (LSB)
the lowest bit value in a byte
false positives
the results of keyword searches that contain the correct match but aren't relevant to the investigation
Form of compression using algorithm similar to rounding off decimal values to elimiinate data.
Vector Quantization
Copyright laws don't apply to websites
FALSE
When recovering a file with ProDiscover, you first objective is to recover cluster values
TRUE
The _____ format was developed as a standard for storing metadata in image files
exif
vector graphics
graphics basedon mathematical insturctions to form, curves, text and other geometric shapes
metafile graphics
graphics files that are combinations of bitmap and vector images
What methods do steganography programs use to hide data in graphcis files
insertion subsititution
what methods are used in digital watermarking
invisible modification of the LSBs in the file layering visible symbols on top of the image
What file type starts at offset 0 with a hexidecimal value of FFD8
jpeg
pixels
small dots used to create images
carving
the process of recovering file fragments that are scattered across a disk
The ______ format is a proprietary format used by Adobe Photoshop
.psd
How many bits are required to create a pixel capable of displaying 65,536 differnet colors?
16 bits
______different colors can be displayed by a 24 bit colored pixel.
16,777,216
______defines percisely how copyright laws pertain to graphics
1976 Copyright Act
All TIF files start at offset 0 with what 6 hexadecimal characters?
49 49 2A
Inversion is one of the two major forms of steganography
False
ProDiscover adds an .eoi extension automatically on all copied clusters the Recovery Clusters function exports.
False
When you decompress data that uses a lossy compression algorithm, you regain data lost by compression.
False
a JPEG file uses which type of compression
Lossy
Select below the utility that is not a lossless compression utility.
Lzip
_____ graphics file combines bitmap and vector graphics types.
Metafile
Graphics files that are combinations of Bitmap and Vector images
Metafile Graphics
When looking at a byte of infomraiton in binary, such as 11101100, what is the first bit on the left referred to as?`
Most Significant Bit (MSB)
JPEG files, what's the starting offset positionn for the JFIF label?
Offset 6
Collections of pixels stored in rows rather than a grid making graphics easier to print
Raster Images
________is not considered to be a non-standard graphics file format?
.dxf
Collection of pixels in a grid format forming a graphic.
Bitmap Images
Process of converting raw picture data to another format.
Demosaicing
A JPEG file is an example of a vector graphic
FALSE
Graphics files stored on a computer can't be recovered after they are delted
FALSE
Only one fiel format can compress graphics files
FALSE
The IEEE's website is the best source for learning more about file formats and their extenstions.
FALSE
When investigating graphics files, you should convert them into one standard format
FALSE
For EXIF JPEG file, the hexadecimal value starting at offset 2 is?
FFE1
Each type of graphics file has a unique header contianing information that distinguishes it from other tpes of graphics files
TRUE
When viewing a file header, you need to include hexadecimal information to view the image
TRUE
Which of the following is true about JPEG and TIF files?
They have differnet values for the first 2 bytes of their file headers
A standard JFIF JPEG file has a header value of FF D8 FF E0 from offset 0 and the label name JFIF starting at offset 6.
True
Bitmap images store graphics informaiton as grids of pixels, short for "picture elements"
True
Each graphics files type has a unique header value
True
Graphics files are created and saved in a graphics editor, such as Microsoft Paint, Adobe Freehand MX, Adobe Photoshop or Gnome GIMP.
True
lossless compression
a compression method in which no data is lost
lossy compression
a compression method that permanently discards bits of information in a file
Exhangeable Image File (Exif)
a file format the japan electronics and information technology industries associaation developed as a standard for storing metadata in JPEG and TIF files
raw file format
a file format typically found on higher-end digital cameras
vector quantization
a form of compression that uses an algorithm similar to rounding off decimal vlaues to eliminate unnecessary bits of data
salvaging
another term for carving, used outside north america
bitmap images
collections of dots, or pixels in a grid format that form a graphic
raster images
collections of pixels stored in rows rather than a grid, as with bitmap images, to make graphics easier to print
standard graphics file formats
common graphics file formats that most graphics programs and image viewers can open
vector graphics file formats
common graphics file formats that most graphics programs and image viewers can open
The process of converting raw picture data to another format is called_______
demosaicing
the process of converting raw images to another format is called which of the following?
demosaicing
nonstandard graphics file formats
less common graphics file formats, incuding proprietary formats, newer formats, formats that most image viewers don't recognize, and oldr or obsolete formats
Bitmap (.bmp) fies use hwich of the followign tyes of compression
lossless
The Lempel-Ziv-Welch (LZW) algorithm is used in compression.
lossless
What type of compression uses an algorithm that allows viewing the graphics file without losing any poriton of the data?
lossless
Digital pictures use data compression to accomplish which of the following goals?
save space on a hard drive produce a file that can be emailed or posted on the internet
The _________format is not considered to be a standard graphics file format.
tga
resolution
the density of pixels displayed onscreen, which governs image quality
most significant bit (MSB)
the hightest bit value in a byte
data compression
the process of coding data form a larger form to a smaller form
demosaicing
the process of converting raw picture data to another format, such as JPEG or TIF
Explain how to identify an unknown graphics file format that your digital forensics tool doesnt' recognize
you need to examine a coy of the unknown file with a hexadecimal editor to find the hex code for the first several bytes of the file. then you need to examine the other known file types with similar or identical eader values to see wheather you can confirm its file type
