Digital Forensics CH10-12

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

tethereal

____ is the text version of Ethereal, a packet sniffer tool.

Circular Logging

______ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.

PCAP

Most packet sniffer tools can read anything captured in ____ format.

3

Most packet sniffers operate on layer 2 or ____ of the OSI model.

False

Steganography cannot be used with file formats other than image files.

False

You can always rely on the return path in an e-mail header to show the source account of an e-mail message.

Graphic Editors

You use _________ to create, modify, and save bitmap, vector, and metafile graphics files.

Packet Sniffers

____ are devices and/or software placed on a network to monitor traffic.

Helix

____ can be used to create a bootable forensic CD and perform a live acquisition.

Network Forensics

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.

Network

____ forensics is the systematic tracking of incoming and outgoing traffic on your network.

Layered Network Defense Strategies

____ hide the most valuable data at the innermost part of the network.

RegMon

____ is a Sysinternals command that shows all Registry data in real time on a Windows computer.

mbox

Some e-mail systems store messages in flat plaintext files, known as a(n) _____ format.

True

Bitmap images are collections of dots, or pixels, that form an image.

True

For computer investigators, tracking intranet e-mail is relatively easy because the accounts use standard names established by the network or e-mail administrator.

print

For older UNIX applications, such as mail or mailx, you can print the e-mail headers by using the ____ command.

True

If a graphics file is fragmented across areas on a disk, first you must recover all the fragments to re-create the file.

Header Data

If you can't open an image file in an image viewer, the next step is to examine the file's _________.

Temporary

In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.

.pst

In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of _______.

SYN Flood

In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

@

In an e-mail address, everything after the __ symbol represents the domain name.

False

Operating systems do not have tools for recovering image files.

chntpw

The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password.

PsKill

The PSTools ____ kills processes by name or process ID.

Honeynet

The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.

TIFF

The file format XIF is derived from the more common ____ file format.

Configuration

The files that provide helpful information to an e-mail investigation are log files and ______ files.

EXIF

The majority of digital cameras use the _______ format to store digital pictures.

/var/log

Typically, UNIX installations are set to store logs such as maillog in the ______ directory.

Literary works

Under copyright laws, computer programs may be registered as _______.

Tcpslice

____ is a good tool for extracting information from large Libpcap files.

Snort

____ is a popular network intrusion detection system that performs packet capture and analysis in real time.

PsTools

____ is a suite of tools created by Sysinternals.

dcfldd

____ is the U.S. DoD computer forensics lab's version of the dd command that comes with Knoppix-STD.

Lossy

______ compression compresses data by permanently discarding bits of information in the file.

Bitmap

_______ images store graphics information as grids of individual pixels.

Insertion

_______ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.

Steganography

________ is the art of hiding information inside image files.

Substitution

________ steganography replaces bits of the host file with other bits of data.

Vector Graphics

_________ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

Steganography

_________ has also been used to protect copyrighted material by inserting digital watermarks into a file.

False

Network forensics is a fast, easy process.

Honeypot

A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it.

Tcpdump

A common way of examining network traffic is by running the ____ program.

JPEG

A(n) ______ file has a hexadecimal header value of FF D8 FF E0 00 10.

False

All e-mail servers are databases that store multiple users' e-mails.

Client/Server Architechture

E-mail messages are distributed from one central server to many connected client computers, a configuration called _______.

True

E-mail programs either save e-mail messages on the client computer or leave them on the server.

Transaction

Exchange logs information about changes to its data in a(n) ____ log.

Bootable Linux

Helix operates in two modes:Windows Live (GUI or command line) and ____.

True

Like UNIX e-mail servers, Exchange maintains logs to track e-mail communication.

Zombies

Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.

True

PsList from PsTools allows you to list detailed information about processes.

Carving

Recovering pieces of a file is called _______.

Demosaicing

The process or converting raw picture data to another format is referred to as _________.

Hexadecimal

The simplest way to access a file header is to use a(n) ________ editor.

Options

To retrieve e-mail headers in Microsoft Outlook, right-click the e-mail message, and then click _____ to open the Message Options dialog box. The Internet headers text box at the bottom of the dialog box contains the message header.

False

When intruders break into a network, they rarely leave a trail behind.

CTRL + C

When working on a Windows environment you can press ____ to copy the selected text to the clipboard.

Copyright

When working with image files, computer investigators also need to be aware of ________ laws to guard against copyright violations.

GUI

With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or disk.

True

With many computer forensics tools, you can open files with external viewers.

True

With the Knoppix STD tools on a portable CD, you can examine almost any network system.


Kaugnay na mga set ng pag-aaral

Information Security Chapter 9 Review Questions

View Set

MAN3025- Lesson 03- Organizational and Social Responsibility

View Set

Preterite of stem-changing -ir verbs

View Set

Ch. 7 Review of Buddhism, Confucianism, Daoism and Legalism

View Set

Insurance Policies - Provisions, riders, and options

View Set

Chapter 6 Exam: Life Insurance Premiums, Proceeds, and Beneficiaries

View Set

Chapter 1: An Overview of Special Education

View Set

Module4: Operating systems and file management

View Set

BADM Quiz 4 The mean and Standard Deviation Multiple Choice

View Set

Chapter 38: Caring for Clients With Cerebrovascular Disorders

View Set