cist 2612 ch 8-16

____ is a way to verify the names of domains a message is flowing through.

www.dkim.org

Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack.

zombiez

The uppercase letter ____ has a hexadecimal value 41.

"A"

Under copyright laws, computer programs may be registered as ____.

.literary works

In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____.

.pst

____ contains configuration information for Sendmail, helping the investigator to determine where the log files reside.

/etc/sendmail.cf

Typically, UNIX installations are set to store logs in the ____ directory.

/var/log

Marking bad clusters data-hiding technique is more common with ____ file systems.

FAT

The simplest way to access a file header is to use a(n) ____ editor

HEXADECIMAL

Data ____ involves changing or manipulating a file to conceal information.

HIDING

The 3G standard was developed by the ____ under the United Nations.

International Telecommunications Union

The JFIF ____ format has a hexadecimal value of FFD8 FFE0 in the first four bytes.

JPEG

Mandiant ____ lists all open network sockets, including those hidden by rootkits.

Memoryze

(Ch11) After you open e-mail headers, copy and paste them into a text document so that you can read them with a text editor, such as Windows ____.

Notepad+

In a(n) ____ attack, the attacker keeps asking your server to establish a connection.

SYN flood

____ steganography replaces bits of the host file with other bits of data.

Substitution

Global System for Mobile Communications (GSM) uses the ____ technique, so multiple phones take turns sharing a channel

Time Division Multiple access

Recovering fragments of a file is called ____.

carving

One way to hide partitions is with the Windows disk partition utility, ____.

diskpart

With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or drive.

gui

(Ch 8) If you can't open a graphics file in an image viewer, the next step is to examine the file's ____.

header

In Microsoft Exchange, a(n) ____ file is responsible for messages formatted with MAPI.

.edb

The data-hiding technique ____ changes data from readable code to data that looks like binary executable code.

BIT SHIFTING

People who want to hide data can also use advanced encryption programs, such as PGP or ____.

BestCrypt

____ images store graphics information as grids of pixels.

Bitmap

The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers.

Honeynet

The software that runs virtual machines is called a ____.

Hypervisor

You begin a digital forensics case by creating a(n) ____.

INVESTIGATION PLAN

TDMA refers to the ____ standard, which introduced sleep mode to enhance battery life.

IS-136

____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.

Insertion

Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure.

KEY ESCROW

(Ch 9) AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data.

KFF

____ compression compresses data by permanently discarding bits of information in the file.

Lossy

Many password-protected OSs and applications store passwords in the form of ____ or SHA hash values.

MD5

The SIM file structure begins with the root of the system (____).

MF

____ is a forensics software tool containing a built-in write blocker.

MOBILedit

(Ch 12) A lesser known tool used widely by government agencies is ____, which retrieves data from smartphones, GPS devices, tablets, music players, and drones.

Micro Systemation XRY

In a Windows environment, BitPim stores files in ____ by default.

My Documents\BitPim

For personal use, ____ have been replaced by iPods, iPads, and other mobile devices.

PDAs

WinHex provides several hashing algorithms, such as MD5 and ____.

SHA-1

____ cards are used in mobile devices to provide network authentication.

SIM

The term ____ comes from the Greek word for "hidden writing."

STEGANOGRAPHY

In civil and criminal cases, the scope is often defined by search warrants or ____, which specify what data you can recover.

SUBPOENAS

Steganalysis tools are also called ____

Steg tools

____ has been used to protect copyrighted material by inserting digital watermarks into a file.

Steganography

The ____ digital network divides a radio frequency into time slots.

TDMA

The image format XIF is derived from the more common ____ file format.

TIF

(Ch 10) A common way of examining network traffic is by running the ____ program.

Tcpdump

Most Code Division Multiple Access (CDMA) networks conform to IS-95, created by the ____.

Telecommunications industry association

Cellebrite includes ____, a mobile forensics tool that's often used by law enforcement and the military

UFED Reader

____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

VECTOR GRAPHICS

Intel ____ has responded to the need for security and performance by producing different CPU designs.

Virtualization Technology (VT)

Criminal investigations are limited to finding data defined in the search ____.

WARRANT

The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C 01 00 00 20 65 58 74 65 6E 64 65 64 20 03.

XIF

___ is a session data probe, collector, and analysis tool

argus

In Facebook the ____ info simply tells you the last time a person logged on.

basic subscriber

____ attacks use every possible letter, number, and character found on a keyboard when cracking a password.

brute-force

In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk.

checkpoint

____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size.

circular logging

The files that provide helpful information to an e-mail investigation are log files and ____ files.

configuration

____ is a layered network defense strategy developed by the National Security Agency (NSA).

defense in depth

The process of converting raw picture data to another format is referred to as ____.

demosaicing

____ trains people to listen to voice recordings to determine who's speaking or read e-mail and other writings known to be by a certain person and determine whether that person wrote the e-mail or letter in question.

forensic linguistics

You use ____ to create, modify, and save bitmap, vector, and metafile graphics.

graphics editors

The file system for a SIM card is a ____ structure.

hierarchical

Some popular Web-based e-mail service providers are Gmail, ____, Outlook Online, and Yahoo!

hotmail

____ hide the most valuable data at the innermost part of the network

layered network defense strategies

Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format.

mbox

To view e-mail headers on Yahoo! click the ____ list arrow, and click View Raw Message

more

____ was designed as an easy-to-use interface for inspecting and analyzing large tcpdump files.

netdude

____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program.

network forensics

To enhance searching for and eliminating known OS and application files, Autopsy has an indexed version of the NIST ____ of MD5 hashes.

nsrl

____ determines how long a piece of information lasts on a system.

order of volatility

____ are devices or software placed on a network to monitor traffic.

packet analyzers

____ recovery is becoming more common in digital forensic analysis.

password

Most packet analyzer tools can read anything captured in ____ format.

pcap

To retrieve e-mail headers in Microsoft Outlook, double-click the e-mail message, and then click File, ____. The "Internet headers" text box at the bottom of the dialog box contains the message header.

porperties

____ alters hash values, which makes cracking passwords more difficult.

salting passwords

____ increases the time and resources needed to extract, analyze, and present evidence.

scope creep

To view Gmail Web e-mail headers open the e-mail, click the down arrow next to the Reply circular arrow, and click ____.

show original

Mobile devices can range from simple phones to ____.

smartphones

___ is defined as hiding messages in such a way that only the intended recipient knows the message is there.

steganography

____ is a data-hiding technique that uses host files to cover the contents of a secret message.

steganography

____ is a good tool for extracting information from large Libpcap files.

tcpslice

____ can be programmed to examine TCP headers to fin the SYN flag.

tethereal

Exchange logs information about changes to its data in a(n) ____ log.

transaction

____ hypervisors are typically, but not exclusively, loaded on servers or workstations with a lot of RAM and storage.

type 1

____ is a tool for viewing network traffic graphically.

Etherape

Most packet analyzers operate on layer 2 or ____ of the OSI model.

3

By the end of 2008, mobile phones had gone through three generations: analog, digital personal communications service (PCS), and ____.

3G

In an e-mail address, everything after the ____ symbol represents the domain name.

@

Developed during WWII, this technology,____, was patented by Qualcomm after the war.

CDMA

When working with image files, computer investigators also need to be aware of ____ laws to guard against copyright violations.

COPYRIGHT

E-mail messages are distributed from a central server to many connected client computers, a configuration called ____.

Client/server architecture

The ____ network is a digital version of the original analog standard for cell phones.

D-AMPS

____ have some limitations in performing hashing, however, so using advanced ____ is necessary to ensure data integrity.

Digital forensics tools, hexadecimal editors

Paraben Software, a vendor of mobile forensics software, offers several tools, such as ____, for mobile device investigations.

E3:DS

The ____ digital network, a faster version of GSM, is designed to deliver data.

EDGE

Typically, phones store system data in ____, which enables service providers to reprogram phones without having to access memory chips physically.

EEPROM

Most digital photographs are stored in the ____ format.

EXIF