CS 449 Mid Term

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Of the 7 disk wiping utilities analyzed, how many were shown to be effective?

1 (Evidence Eliminator)

What is a file carver?

Forensic tools that analyze the data on a drive without regard for the actual logical organization of the disk.

What are the two structures of a hard disk drive?

Geometric structure and a set of nested data structures.

How long will an alternate data stream persist?

Life of the attached file as long as that file/folder remains in the NTFS file structure.

List two core areas of modern computer forensics

Log analysis, timeline analysis, key-stroke capture and analysis, and system imaging.

What is the name of the DOS partition at the beginning of a drive that contains the boot code and partition table?

Master Boot Record (MBR)

What is computer activity mining?

Recovery of information about a computer user or a computer's use, from the computer itself

What does BRAP forensics do?

Reveals stored data as well as information about user behavior.

List 3 federal laws that mandate IT standards.

Sarbanes-Oxley (SOX), Gramm-Leach-Bliley (GLB), Health Insurance Portability and Accountability Act (HIPAA), Federal Information Security Management Act (FISMA).

What is the Windows equivalent of "root privilege"?

Session ID = 0 (Administrative Privilege)

Why do the disk wiping utilities frequently miss small files that are stored in the MFT?

Since the users are unaware of the location of the data and the area where MFT entries exist is not slack space.

What are two techniques for image watermarking?

Spatial Domain and Frequency Domain

What were the two early incarnations of data hiding mentioned in the article? '

Storage of data on out of standard tracks on floppy disks beyond the reach of the OS AND Storage information in non-data fields of network packets.

Eleven digital disk warrens in Windows and Unix file systems were discussed in this article. List 5

Swap files, renamed files, steganography, encrypted files, and compressed files.

(T/F) Bad blocks/sectors (e.g., $BadClus in NTFS) are not accessible to the operating system.

true

What is a digital watermark?

A digital signal or pattern inserted into a digital document (text, graphics, multimedia presentations)

What is the term used to describe data that was unaffected by the disk wiping?

Data residue (data leftover)

How does digital watermarking work?

A signal/pattern is digitally imposed onto a document before sale or distribution.

What is the primary goal of digital watermarking?

Adding sufficient metadata to a message to establish ownership, provenance, source, etc.

What is Microsoft's version of a resource fork?

Alternate Data Streams

Give 2 uses of digital watermarks.

Authentication, and checking for non-repudiable duplication and transmission.

Give two examples of BRAP forensics.

Boutique computer activity mining and personal privacy management.

What was the name of the Windows built-in disk wiping utility?

Cipher

Four organizations were mentioned that promote specific security standards. List 2 of them.

Control Objectives for Information and related Technology (COBIT), Federal Information System Controls Audit Manual (FISCAM), Certified Information System Auditors (CISA), BSI 7799/ISO 17799/ISO 27001 standards.

What is the primary measure of risk in the principle of least privilege model?

Controls. (amount of controls given to the user)

Provide two examples of nonphysical data hiding.

Cryptography, Steganography, and watermarking.

Give 3 examples of digital fingerprinting.

Cyclic redundancy checking, checksum algorithms (both for error detection), and RSA Data Security's use of message digests.

What is the feature that allows modification of the characteristics of a hard drive (e.g., the number of available clusters)?

Device Configuration Overlay

List two characteristics of effective watermarks.

Difficult/Impossible to remove and Survive common document modifications (Compressing, cropping), and Easily detectable and removable by authorized users (Ex. law enforcement agencies)

How does digital watermarking differ from encryption?

Digital watermarking leaves the original image or file intact and recognizable (whereas encryption will cause digital documents to be unviewable without a decryption key).

What is the other category of utilities that are designed to be used prior to repurposing or recycling disk drives?

Disk sanitizers / Disk purgers.

(T/F) The number of tracks/cylinders recognized by a disk controller has to be the same as the number of tracks/cylinders recognized by the operating system.

False

What is the primary goal of steganography?

Hiding the communication of the message.

What is the name of the area of a secondary storage device where vendors could store data that is protected from normal user activities?

Host Protected Area (HPA)

In what file is the cache and URL history organized and stored on a Windows computer?

INDEX.DAT file.

According to the article, hidden data may be thought of as a special case of what?

Intentionally 'dark data' and unintentional dark data (data concealed, undiscovered, misplaced, absent, accidentally erased, etc.)

Windows doesn't delete file data. What does it do when the delete file command is executed?

It marks the physical space that the files occupied as unallocated and available for reuse.

Do disk wiping utilities typically clean the registry hive?

No, because messing with the registry is dangerous says Microsoft, but some vendors encourage it.

Did the majority of disk wiping utilities effectively remove small datafiles that were present in the MFT?

No, because the majority of disk wiping utilities have small files stored in $MFT intact.

Were the majority of disk wiping utilities effective at removing Alternate Data Streams?

No, most disk wipers left behind a trace of information (that might contain proprietary or security implications)

What is the primary goal of cryptography?

Obscuring the content (not the communication) of a message. **Obscure -> Hide

What is the name given to the unused sectors at the end of a partition that cannot be accessed by the operating system?

Partition Slack

What are the two main categories of watermarking techniques?

Text and Image

What are the three common techniques for watermarking text?

Text line coding(Text line itself is shifted up/down), word-space coding(Spacing between words altered), and character encoding (shapes of character have minor alterations).

What is "ram slack?"

The data from memory that is used as padding for the last sector when the file is not an exact multiple of the sector size.

What was the problem with cipher?

The file EFSTMPWP occasionally takes up space where the OS has no breathing space and hangs up.

What are the two problems caused when a disk sanitizer fails to overwrite old MFT entries?

The file and directory names commonly reveal content AND If the file is small enough $DATA(reference to the actual content) contains all original data.

What part of the files are deleted when the recycle bin on a Windows computer is emptied?

The metadata of the files in the recycle bin. (Nothing is deleted)

What is media analysis/file system forensics?

The practice of recovering data from non-volatile(devices where memory can be stored even after power is down) storage devices.

What does an IT security model do?

They attempt to circumscribe (limit) and quantify some measure of risk as the function of real or potential vulnerabilities and threats.

What is the primary measure of risk in the time-based security model?

Time

List 3 of the different security models that have been recommended by professionals and organizations in IT mentioned in the article.

Time-based security, intrusion detection, and intrusion prevention.

Why were "cookies" developed?

To be able to store information about the client-server exchange for subsequent connections.

How did the cipher work?

Wipes disks by filling a file (EFSTMPWP) with enough data to consume all available non-allocated space.

(T/F) Hidden data may be stored in bad blocks/sectors (e.g., $BadClus in NTFS).

True

What are the two main classes of digital watermarks?

Visible and Invisible watermarking.

What is the name of the remaining area of a partition on a hard drive that cannot be accessed by the operating system by conventional means?

Volume Slack

What is the example given in the article of dark data that resides within light data?

Watermarking


Set pelajaran terkait

Disorders Featuring Somatic Symptoms (Quiz #3a)

View Set

EDUCATION 108 - EB/MU - 2.23.18 - CHAPTER 6 - Head Start and Early Head Start: Empowering Change from Within

View Set

Chapter 1 Social Media Marketing

View Set

POLITICAL SCIENCE 1602 FINAL EXAM PRACTICE

View Set

1.02 Quiz: Ideas and Imagination

View Set

B394: Drugs and Behavior - Exam 2

View Set