Guide to Computer Forensics and Investigations 5th Edition Chapter 8 Review Questions
4. What type of compression uses an algorithm that allows viewing the graphics file without losing any portion of the data?
Lossless Compression
11. When viewing a file header, you need to include hexadecimal information to view the image. True or False?
True
12. When recovering a file with ProDiscover, your first objective is to recover cluster values. True or False?
True
9. Each type of graphics file has a unique header containing information that distinguishes it from other types of graphics files. True or False?
True
6. Digital pictures use data compression to accomplish which of the following goals? (Choose all that apply.) a. Save space on a hard drive. b. Provide a crisp and clear image. c. Eliminate redundant data. d. Produce a file that can be e-mailed or posted on the Internet.
Answer : a&d
17. Which of the following is true about JPEG and TIF files? a. They have identical values for the first 2 bytes of their file headers. b. They have different values for the first 2 bytes of their file headers. c. They differ from other graphics files because their file headers contain more bits. d. They differ from other graphics files because their file headers contain fewer bits.
Answer : b
19. Some clues left on a drive that might indicate steganography include which of the following? a. Multiple copies of a graphics file b. Graphics files with the same name but different file sizes c. S-Tools and Stegowatch in the suspect' s All Programs list d. All of the above
Answer : d
1. Graphics files stored on a computer can't be recovered after they are deleted. True or False?
False
10. Copyright laws don't apply to Web sites. True or False?
False
15. Only one file format can compress graphics files. True or False?
False
16. A JPEG file is an example of a vector graphic. True or False?
False
5. When investigating graphics files, you should convert them into one standard format. True or False?
False
18. What methods do steganography programs use to hide data in graphics files? (Choose all that apply.) a. Insertion b. Substitution c. Masking d. Carving
answer : a&b
14. A JPEG file uses which type of compression? a. WinZip b. Lossy c. Lzip d. Lossless
answer : b
20. What methods are used for digital watermarking? (Choose all that apply.) a. Implanted subroutines that link to a central Web server automatically when the watermarked file is accessed b. Invisible modification of the LSBs in the file c. Layering visible symbols on top of the image d. Using a hex editor to alter the image data
answer : b&c
2. When you carve a graphics file, recovering the image depends on which of the following skills? a. Recovering the image from a tape backup b. Recognizing the pattern of the data content c. Recognizing the pattern of the file header content d. Recognizing the pattern of a corrupt file
answer : c
8. In JPEG files, what's the starting offset position for the JFIF label? a. Offset 0 b. Offset 2 c. Offset 6 d. Offset 4
answer : c
7. The process of converting raw images to another format is called which of the following? a. Data conversion b. Transmogrification c. Transfiguring d. Demosaicing
answer : d
13. Bitmap (.bmp) files use which of the following types of compression? a. WinZip b. Lossy c. Lzip d. Lossless
answer: d
3. Explain how to identify an unknown graphics file format that your digital forensics tool doesn't recognize.
examine a copy of the file with a hexadecimal editor to find the hex code for the first several bytes of the file.
