CCT121 Chapter 9

Ace your homework & exams now with Quizwiz!

In steganalysis, cover-media is which of the following?

The file a steganography tool uses to host a hidden message, such as a JPEG or an MP3 file

Scope creep happens when an investigation goes beyond the bounds of its original description.

True

The Known File Filter (KFF) can be used for which of the following purposes?

~Filter known program files from view. ~Compare hash values of known files with evidence files

Which forensic image file format creates or incorporates a validation hash value in the image file?

~SMART ~Expert Witness ~AFF

Commercial encryption programs often rely on key escrow technology to recover files if a password or passphrase is lost.

True

The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the password length.

True

After you shift a file's bits, the hash value remains the same.

False

Steganography is used for which of the following purposes?

Hiding data

The National Software Reference Library provides what type of resource for digital forensics examiners?

A list of MD5 and SHA1 hash values for all known OSs and applications

Password recovery is included in all forensics tools.

False

Which of the following represents known files you can eliminate from an investigation?

Files associated with an application

Suppose you're investigating an e-mail harassment case. Generally, is collecting evidence for this type of case easier for an internal corporate investigation or a criminal investigation?

Internal corporate investigation because corporate investigators typically have ready access to company records

Block-wise hashing has which of the following benefits for forensics examiners?

Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect's drive

Rainbow tables serve what purpose for digital forensics examinations?

Rainbow tables contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords.

If an application uses salting when creating passwords, what concerns should a forensics examiner have when attempting to recover passwords?

Salting can make password recovery extremely difficult and time consuming

You're using Disk Management to view primary and extended partitions on a suspect's drive. The program reports the extended partition's total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information?

There's a hidden partition

For which of the following reasons should you wipe a target drive?

~To ensure the quality of digital evidence you acquire ~To make sure unwanted data isn't retained on the drive


Related study sets

urinary tract infection practice questions

View Set

IT Security: Defense against the digital arts - Authentication

View Set

Corporations 3. Directors and Officers

View Set

Chapter 27 - Soft Tissue Injuries

View Set

Music of Multicultural America midterm

View Set

Operating Systems: Chapter 1 - Key Terms

View Set