Computer Forensics exam 1 Ch 1-5

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

how many rounds does DES have?

16

you are investigating a breach of a file server that resulted in several stolen files. Which federal law is most likely to apply?

18 USC 1030, Fraud and related activity in connection with computers

what is the key length used for DES?

56

Bob was asked to make a copy of all the evidence from the compromised system. Melanie did a DOS copy of all the files on the system. What would be the primary reason for you to recommend for or against using a disk-imaging tool?

A simple DOS copy will not include deleted files, file slack, and other information

what Linux command can be used to create a hash?

MD5sum

which of the following is an asymmetric cryptography algorithm invented by three mathematicians in the 1970s?

RSA

________ is the most commonly used hashing algorithm

SHA1

which of the following drives would be least susceptible to damage when dropped?

SSD

which of the following is an example of a multialphabet cipher?

Vigenere

in steganography, the ________ is the data to be covertly communicated. In other words, it is the message you want to hide

payload

when cataloging digital evidence, the primary goal is to do what?

preserve evidence integrity

if the computer is turned on when you arrive, what does the Secret Service recommend you do?

shut down according to recommended Secret Service procedure

hiding messages inside another medium is referred to as

steganography

which file might contain data that was live in memory and not stored on the hard drive

swap file

What is the essence of the Daubert Standard?

that only tools or techniques that have been accepted by the scientific community are admissible at trial

which of the following is important to the investigator regarding logging?

the logging methods, log retention, location of stored logs

what is the purpose of hashing a copy of a suspect drive?

to check for changes

what is the starting point for investigating denial of service attacks?

tracing the packets

it is legal for employers to monitor work computers

true

spyware is legal

true

the Caesar cipher is the oldest known encryption method

true

you should make at least two bitstream copies of a suspect drive

true

which of the following encryption algorithms uses three key ciphers in a block system and uses the Rijndael algorithm?

AES

you need to image a server that is set up with RAID 5. How would you approach this?

Image the entire array as a single disk.

where would you seek evidence that ophcrack had been used on a Windows Server 2008 machine?

In the logs of the server, look for the reboot of the system

the most common way steganography is accomplished is via

LSB

what type of encryption uses a different key to encrypt the message than it uses to decrypt the message?

asymmetric

in steganography, the _______ is the stream or file into which the data is hidden

carrier

In a computer forensics investigation, describe the route that evidence takes from the time you find it until the case is closed or goes to court

chain of custody

which of the following crimes is most likely to leave email evidence

cyberstalking

what Linux command can be used to wipe a target drive?

dd

logic bombs are often perpetrated by

disgruntled employees

when investigating a virus, what is the first step?

document the virus

what is the most important reason that you not touch the actual original evidence any more than you have to?

each time you touch digital data, there is some chance of altering it

RAID 4 should be acquired as individual disks

false

Your roommate can give consent to search your computer

false

evidence need not be locked if it is at a police station

false

it is acceptable, when you have evidence in a vehicle, to stop for a meal, if the vehicle is locked

false

the MD5 message-digest algorithm is used to

hash a disk to verify that a disk has not altered when you examine it

why should you not all cable connections for a computer you want to seize as evidence?

in case other devices were connected

what is the primary reason to take cyberstalking seriously

it can be a prelude to real-world violence

to preserve digital evidence, an investigator should

make two copies of each evidence item using different imaging tools

an improvement on the Caesar cipher that uses more than one shift is called a

multialphabet substitution

it takes _________ occurrence(s) of overextending yourself during testimony to ruin your career

only one


Ensembles d'études connexes

io psych ch. 4 - psychological testing

View Set

SCALED AGILE FRAMEWORK Scrum Master

View Set