ctc328 chapter solutions 8-11

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Each type of graphics file has a unique header containing information that distinguishes it from other types of graphics files. True or False?

True

Internet e-mail accessed with a Web browser leaves files in temporary folders. True or False?

True

When viewing a file header, you need to include hexadecimal information to view the image. True or False?

True

Suppose you're investigating an e-mail harassment case. Generally, is collecting evidence for this type of case easier for an internal corporate investigation or a criminal investigation?

Internal corporate investigation because corporate investigators typically have ready access to company records

Tcpslice can be used to retrieve specific timeframes of packet captures. True or False?

True

The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the password length. True or False?

True

To analyze e-mail evidence, an investigator must be knowledgeable about an e-mail server's internal operations. True or False?

True

When recovering a file with ProDiscover, your first objective is to recover cluster values. True or False?

True

Which of the following is a clue that a virtual machine has been installed on a host system?

Virtual network adapter

In VirtualBox, a(n) ____________________ file contains settings for virtual hard drives.

.vbox

Which of the following file extensions are associated with VMware virtual machines?

.vmx, .log, and .nvram

Graphics files stored on a computer can't be recovered after they are deleted. True or False?

False

A JPEG file uses which type of compression?

Lossy

After you shift a file's bits, the hash value remains the same. True or False?

False

Steganography is used for which of the following purposes?

Hiding data

A forensic image of a VM includes all snapshots. True or False?

False

What methods do steganography programs use to hide data in graphics files? (Choose all that apply.)

Insertion Substitution

Virtual Machine Extensions (VMX) are part of which of the following?

Intel Virtualized Technology

In steganalysis, cover-media is which of the following?

The file a steganography tool uses to host a hidden message, such as a JPEG or an MP3 file

A layered network defense strategy puts the most valuable data where?

In the innermost layer

Packet analyzers examine what layers of the OSI model?

Layers 2 and 3

To trace an IP address in an e-mail header, what type of lookup service can you use? (Choose all that apply.)

A domain lookup service, such as www.arin.net, www.internic.com, or www.whois.net Any Web search engine

12. The National Software Reference Library provides what type of resource for digital forensics examiners?

A list of MD5 and SHA1 hash values for all known OSs and applications

When do zero day attacks occur? (Choose all that apply.)

Before a patch is available Before the vendor is aware of the vulnerability

What information is not in an e-mail header? (Choose all that apply.)

Blind copy (bcc) addresses Contents of the message

When you access your e-mail, what type of computer architecture are you using?

Client/server

The process of converting raw images to another format is called which of the following?

Demosaicing

You can expect to find a type 2 hypervisor on what type of device? (Choose all that apply.)

Desktop Smartphone Tablet

When searching a victim's computer for a crime committed with a specific e-mail, which of the following provides information for determining the e-mail's originator? (Choose all that apply.)

E-mail header Firewall log

6. Which forensic image file format creates or incorporates a validation hash value in the image file? (Choose all that apply.)

Expert Witness SMART AFF

A JPEG file is an example of a vector graphic. True or False?

False

Copyright laws don't apply to Web sites. True or False?

False

Only one file format can compress graphics files. True or False?

False

Password recovery is included in all forensics tools. True or False?

False

When investigating graphics files, you should convert them into one standard format. True or False?

False

You can view e-mail headers in Notepad with all popular e-mail clients. True or False?

False

Which of the following represents known files you can eliminate from an investigation? (Choose all that apply.)

Files associated with an application System files the OS uses

The Known File Filter (KFF) can be used for which of the following purposes? (Choose all that apply.)

Filter known program files from view. Compare hash values of known files to evidence files.

Which Registry key contains associations for file extensions?

HKEY_CLASSES_ROOT

What methods are used for digital watermarking?

Invisible modification of the LSBs in the file Layering visible symbols on top of the image

Bitmap (.bmp) files use which of the following types of compression?

Lossless

Phishing does which of the following?

Lures users with false promises

Which of the following is a current formatting standard for e-mail?

MIME

The term "via Frontend Transport" in a header indicates that the e-mail is on which of the following?

Microsoft Exchange Server

In JPEG files, what's the starting offset position for the JFIF label

Offset 6

What's the main piece of information you look for in an e-mail message you're investigating?

Originating e-mail domain or IP address

What are the three modes of protection in the DiD strategy?

People, technology, operations

Block-wise hashing has which of the following benefits for forensics examiners?

Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect's drive

The number of VMs that can be supported per host by a type 1 hypervisor is generally determined by the amount of __________ and ______________.

RAM, storage

Rainbow tables serve what purpose for digital forensics examinations?

Rainbow tables contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords.

When you carve a graphics file, recovering the image depends on which of the following skills?

Recognizing the pattern of the file header content

When confronted with an e-mail server that no longer contains a log with the date information you require for your investigation, and the client has deleted the e-mail, what should you do?

Restore the e-mail server from a backup

If an application uses salting when creating passwords, what concerns should a forensics examiner have when attempting to recover passwords?

Salting can make password recovery extremely difficult and time consuming.

Digital pictures use data compression to accomplish which of the following goals? (Choose all that apply.)

Save space on a hard drive. Produce a file that can be e-mailed or posted on the Internet.

___________________ happens when an investigation goes beyond the bounds of its original description

Scope creep

Sendmail uses which file for instructions on processing an e-mail message?

Sendmail.cf

E-mail headers contain which of the following information? (Choose all that apply.)

The sender and receiver e-mail addresses An ESMTP number or reference number The e-mail servers the message traveled through to reach its destination

You're using Disk Management to view primary and extended partitions on a suspect's drive. The program reports the extended partition's total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information?

There's a hidden partition.

Which of the following is true about JPEG and TIF files?

They have different values for the first 2 bytes of their file headers

Router logs can be use for validating what types of e-mail data?

Tracking flows through e-mail server ports

All e-mail headers contain the same types of information. True or False?

True

Explain how to identify an unknown graphics file format that your digital forensics tool doesn't recognize.

You need to examine a copy of the unknown file with a hexadecimal editor to find the hex code for the first several bytes of the file. Then you need to examine other known file types with similar or identical header values to see whether you can confirm its file type.

Some clues left on a drive that might indicate steganography include which of the following? (Choose all that apply.)

a. Multiple copies of a graphics file b. Graphics files with the same name but different file sizes c. Steganography programs in the suspect's All Programs list

To find network adapters, you use the ________ command in Windows and the _______________ command in Linux.

ipconfig, ifconfig

Commercial encryption programs often rely on _____________________ technology to recover files if a password or passphrase is lost.

key escrow

Which of the following types of files can provide useful information when you're examining an e-mail server?

log files

What type of compression uses an algorithm that allows viewing the graphics file without losing any portion of the data?

lossless

In Microsoft Outlook, what are the e-mail storage files typically found on a client computer?

pst and .ost

On a UNIX-like system, which file specifies where to save different types of e-mail log files?

syslog.conf


Ensembles d'études connexes

Exam 1 Development and Mobility

View Set

4. Specific Behavior Change Procedures

View Set

Consumer Purchasing and Wise Buying Strategies

View Set

nclex GU, Pediatric GU questions Nclex, renal gu nclex, Renal & GU- NCLEX, GU NCLEX 3500, NCLEX GU

View Set

BIOL21403: Marine Ecology and Physiology

View Set

Communication Entrance Practice Exam

View Set

MARK3336 Ch. 7 Video: Atlanta Hawks Arena Is Geared Toward Digital Experience

View Set

Comptia Network+ 1.0 Networking Fundamentals

View Set