Digital Forensics CH10-12
tethereal
____ is the text version of Ethereal, a packet sniffer tool.
Circular Logging
______ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.
PCAP
Most packet sniffer tools can read anything captured in ____ format.
3
Most packet sniffers operate on layer 2 or ____ of the OSI model.
False
Steganography cannot be used with file formats other than image files.
False
You can always rely on the return path in an e-mail header to show the source account of an e-mail message.
Graphic Editors
You use _________ to create, modify, and save bitmap, vector, and metafile graphics files.
Packet Sniffers
____ are devices and/or software placed on a network to monitor traffic.
Helix
____ can be used to create a bootable forensic CD and perform a live acquisition.
Network Forensics
____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.
Network
____ forensics is the systematic tracking of incoming and outgoing traffic on your network.
Layered Network Defense Strategies
____ hide the most valuable data at the innermost part of the network.
RegMon
____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.
mbox
Some e-mail systems store messages in flat plaintext files, known as a(n) _____ format.
True
Bitmap images are collections of dots, or pixels, that form an image.
True
For computer investigators, tracking intranet e-mail is relatively easy because the accounts use standard names established by the network or e-mail administrator.
For older UNIX applications, such as mail or mailx, you can print the e-mail headers by using the ____ command.
True
If a graphics file is fragmented across areas on a disk, first you must recover all the fragments to re-create the file.
Header Data
If you can't open an image file in an image viewer, the next step is to examine the file's _________.
Temporary
In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.
.pst
In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of _______.
SYN Flood
In a(n) ____ attack, the attacker keeps asking your server to establish a connection.
@
In an e-mail address, everything after the __ symbol represents the domain name.
False
Operating systems do not have tools for recovering image files.
chntpw
The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password.
PsKill
The PSTools ____ kills processes by name or process ID.
Honeynet
The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.
TIFF
The file format XIF is derived from the more common ____ file format.
Configuration
The files that provide helpful information to an e-mail investigation are log files and ______ files.
EXIF
The majority of digital cameras use the _______ format to store digital pictures.
/var/log
Typically, UNIX installations are set to store logs such as maillog in the ______ directory.
Literary works
Under copyright laws, computer programs may be registered as _______.
Tcpslice
____ is a good tool for extracting information from large Libpcap files.
Snort
____ is a popular network intrusion detection system that performs packet capture and analysis in real time.
PsTools
____ is a suite of tools created by Sysinternals.
dcfldd
____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.
Lossy
______ compression compresses data by permanently discarding bits of information in the file.
Bitmap
_______ images store graphics information as grids of individual pixels.
Insertion
_______ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.
Steganography
________ is the art of hiding information inside image files.
Substitution
________ steganography replaces bits of the host file with other bits of data.
Vector Graphics
_________ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.
Steganography
_________ has also been used to protect copyrighted material by inserting digital watermarks into a file.
False
Network forensics is a fast, easy process.
Honeypot
A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.
Tcpdump
A common way of examining network traffic is by running the ____ program.
JPEG
A(n) ______ file has a hexadecimal header value of FF D8 FF E0 00 10.
False
All e-mail servers are databases that store multiple users' e-mails.
Client/Server Architechture
E-mail messages are distributed from one central server to many connected client computers, a configuration called _______.
True
E-mail programs either save e-mail messages on the client computer or leave them on the server.
Transaction
Exchange logs information about changes to its data in a(n) ____ log.
Bootable Linux
Helix operates in two modes:Windows Live (GUI or command line) and ____.
True
Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.
Zombies
Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.
True
PsList from PsTools allows you to list detailed information about processes.
Carving
Recovering pieces of a file is called _______.
Demosaicing
The process or converting raw picture data to another format is referred to as _________.
Hexadecimal
The simplest way to access a file header is to use a(n) ________ editor.
Options
To retrieve e-mail headers in Microsoft Outlook, right-click the e-mail message, and then click _____ to open the Message Options dialog box. The Internet headers text box at the bottom of the dialog box contains the message header.
False
When intruders break into a network, they rarely leave a trail behind.
CTRL + C
When working on a Windows environment you can press ____ to copy the selected text to the clipboard.
Copyright
When working with image files, computer investigators also need to be aware of ________ laws to guard against copyright violations.
GUI
With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or disk.
True
With many computer forensics tools, you can open files with external viewers.
True
With the Knoppix STD tools on a portable CD, you can examine almost any network system.
