CS 307 9 and 10
There are ____ searching options for keywords which FTK offers.
2
The uppercase letter ____ has a hexadecimal value of 41.
A
drawing program that creates vector files
Adobe Illustrator
FTK cannot perform forensics analysis on FAT12 file systems.
False
Steganography cannot be used with file formats other than image files.
False
Gnome graphics editor
GIMP
tool used to rebuild image file headers
Hex Workshop
____________________ search catalogs all words on the evidence disk so that FTK can find them quickly.
Indexed
____ steganography replaces bits of the host file with other bits of data.
Insertion
AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.
KFF
____ compression compresses data by permanently discarding bits of information in the file.
Lossy
Microsoft image viewer
Microsoft Office Picture Manager
One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it.
Norton DiskEdit
short for "picture elements"
Pixels
____ has also been used to protect copyrighted material by inserting digital watermarks into a file.
Steganography
____ steganography replaces bits of the host file with other bits of data.
Substitution
With many computer forensics tools, you can open files with external viewers.
True
image format derived from the TIFF file format
XIF
Recovering pieces of a file is called ____.
carving
If you can't open an image file in an image viewer, the next step is to examine the file's ____.
header data
In FTK ____ search mode, you can also look for files that were accessed or changed during a certain time period.
indexed
graphics file format that uses lossy compression
jpeg
combinations of bitmap and vector images
metafile graphics
____ recovery is a fairly easy task in computer forensic analysis.
password
Under copyright laws, maps and architectural plans may be registered as ____.
pictorial, graphic, and sculptural works
____ are handy when you need to image the drive of a computer far away from your location or when you don't want a suspect to be aware of an ongoing investigation.
remote acquisitions
are also called steg tools
steganalysis tools
The term ____ comes from the Greek word for"hidden writing."
steganography
