quiz 1

briefly describe the differences between brute force attacks and dictionary attacks to crack passwords

Brute force attacks- Use every possible letter, number, and character found on a keyboard. dictionary attacks- Uses common words found in the dictionary and tries them as passwords, Most use a variety of languages

if Mac OS, the _______ fork typically contains the user creates

Data

What is steganography? how might it affect your investigation?

The art of hiding information inside image files

If a file contains information, it always occupies at least one allocation block.

True

If a graphics file is fragmented across areas on a disk, first you must recover all the fragments to re-create the file.

True

With many computer forensics tools, you can open files with external viewers.

True

for static acquisitions, remove the original drive from the computer, if practical, and then check the dat and time values in the systems BIOS/CMOS

True

private sector cases, such as employee abuse investigation, might not specify limitation in recovering data

True

the internet is the best source for learning more about file formate and their extensions

True

recovering fragments of a file is called ______

carving

Mac OS is built with new apply files systems. the current version offers better security, encryption, and performance speeds, but users can mount HFS+ drives

false

Steganography cannot be used with file formats other than image files.

false

windows OSs do not have a kernel

false

You use ____ to create, modify, and save bitmap, vector, and metafile graphics files.

graphic editors

One way to hide partitions is with the windows disk partition utility _____

harddrive

if you can't open a graphics file in an image viewer, the next step is to examine the files _______

header data

Data ____ involves changing or manipulating a file to conceal information.

hiding

_______ contain file and directory metadata and provide a mechanism for linking data stored in data blocks

inodes

you begin a digital forensics case by creating a _______

investigation plan

what compatibility issues exist when connecting a NTFS formatted drive to an apple computer? What compatibility issues exist when connecting a HFS+ formatted drive to a windows computer

it won't connect to a apple computer at all but when it connects to the windows the computer will start just won't work

if MacOS, volumes have allocation blocks and ______ blocks

logical

______ compression compresses data by permanently discarding bits of information in the file

lossy

what is exchangeable image file (EXIF) data and how it might be useful to an investigation

metadata contained in a image file; can provide valuable information such as the camera that took the photo and if it was altered

_____ alters hash values, which makes cracking passwords more difficult

salting passwords

______ increases the time and resources needed to extract, analyze, and present evidence

scope creep

For target drives, use only recently wiped media that have been reformatted and inspected for computer viruses.

true

some encryption schemes are so complex that the time to crack them can be measured in days, weeks, years, and even decades

true

______ are based on mathematical instructions that defines lines, curves, texts, ovals, and other geometric shapes

vector graphics

criminal investigations are limited to finding data defined in search ______

warrants