Intro to Digital Forensics Chapter 9 Review Questions

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the password length. True or False?

True

After you shift a file's bits, the hash value remains the same. True or False?

False

Password recovery is included in all computer forensics tools. True or False?

False

________________ happens when an investigation goes beyond the bounds of its original description.

Scope creep

Which forensic image file format creates or incorporates a validation hash value in the image file? (Choose all that apply.) a. Expert Witness b. SMART c. AFF d. dd

a and b

The National Software Reference Library provides what type of resource for digital forensics examiners?

a list of MD5 and SHA1 hash values for all known OSs and applications

FTK's Known File Filter (KFF) can be used for which of the following purposes? (Choose all that apply.) a. Filter known program files from view. b. Calculate hash values of image files. c. Compare hash values of known files to evidence files. d. Filter out evidence that doesn't relate to your investigation.

a. Filter known program files from view. c. Compare hash values of known files to evidence files.

Block-wise hashing has what benefits for forensics examiners?

allows validating sector comparisons between known files

Steganography is used for which of the following purposes? a. Validating data b. Hiding data c. Accessing remote computers d. Creating strong passwords

b

You're using Disk Manager to view primary and extended partitions on a suspect's drive. The program reports the extended partition's total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information? a. The disk is corrupted. b. There's a hidden partition. c. Nothing; this is what you'd expect to see. d. The drive is formatted incorrectly.

b

Which of the following represents known files you can eliminate from an investigation? (Choose all that apply.) a. Any graphics files b. Files associated with an application c. System files the OS uses d. Any files pertaining to the company

b. Files associated with an application c. System files the OS uses

Suppose you're investigating an e-mail harassment case. Generally, is collecting evidence for this type of case easier for an internal corporate investigation or a criminal investigation? a. Criminal investigation because subpoenas can be issued to acquire any needed evidence quickly b. Criminal investigation because law enforcement agencies have more resources at their disposal c. Internal corporate investigation because corporate investigators typically have ready access to company records d. Internal corporate investigation because ISPs almost always turn over e-mail and access logs when requested by a large corporation

c

For which of the following reasons should you wipe a target drive? a. To ensure the quality of digital evidence you acquire b. To make sure unwanted data isn't retained on the drive c. Neither of the above d. Both a and b

d. Both a and b

Rainbow tables serve what purpose for digital forensics examinations?

file containing the hash values for every possible password that can be generated

Commercial encryption programs often rely on a technology known as _______________ to recover files if a password or passphrase is lost.

key escrow

If an application uses salting when creating passwords, what concerns should a forensics examiner have when attempting to recover passwords?

recovering passwords can take longer

In steganalysis, cover-media is which of the following?

the content of a file used for a steganography messages


Kaugnay na mga set ng pag-aaral

Psychlearn9 - between groups and within group research design

View Set

Sickle Cell Anemia NCLEX QUESTIONS

View Set

patho/pharm preload virus afterload quiz

View Set

MMG 301 Module 14 Homework questions

View Set

Chapter 5: Analyze Data to Make Informed Clinical Judgments

View Set

Ch. 3 Adjusting the Accounts questions

View Set