Computer Forensics Chapter 8

Ace your homework & exams now with Quizwiz!

Some clues left on a drive that might indicate steganography include which of the followign?

Multiple copies of a graphics file graphics files with the same name but different file sizes steganography programs in the suspect's all programs list

When you carve a graphics file, recovering the image depends on which of the following skills?

Recognizing the pattern of the file header content

The XIF format is an image format produced by the Nuance PaperPort scanning program.

True

least significant bit (LSB)

the lowest bit value in a byte

false positives

the results of keyword searches that contain the correct match but aren't relevant to the investigation

Form of compression using algorithm similar to rounding off decimal values to elimiinate data.

Vector Quantization

Copyright laws don't apply to websites

FALSE

When recovering a file with ProDiscover, you first objective is to recover cluster values

TRUE

The _____ format was developed as a standard for storing metadata in image files

exif

vector graphics

graphics basedon mathematical insturctions to form, curves, text and other geometric shapes

metafile graphics

graphics files that are combinations of bitmap and vector images

What methods do steganography programs use to hide data in graphcis files

insertion subsititution

what methods are used in digital watermarking

invisible modification of the LSBs in the file layering visible symbols on top of the image

What file type starts at offset 0 with a hexidecimal value of FFD8

jpeg

pixels

small dots used to create images

carving

the process of recovering file fragments that are scattered across a disk

The ______ format is a proprietary format used by Adobe Photoshop

.psd

How many bits are required to create a pixel capable of displaying 65,536 differnet colors?

16 bits

______different colors can be displayed by a 24 bit colored pixel.

16,777,216

______defines percisely how copyright laws pertain to graphics

1976 Copyright Act

All TIF files start at offset 0 with what 6 hexadecimal characters?

49 49 2A

Inversion is one of the two major forms of steganography

False

ProDiscover adds an .eoi extension automatically on all copied clusters the Recovery Clusters function exports.

False

When you decompress data that uses a lossy compression algorithm, you regain data lost by compression.

False

a JPEG file uses which type of compression

Lossy

Select below the utility that is not a lossless compression utility.

Lzip

_____ graphics file combines bitmap and vector graphics types.

Metafile

Graphics files that are combinations of Bitmap and Vector images

Metafile Graphics

When looking at a byte of infomraiton in binary, such as 11101100, what is the first bit on the left referred to as?`

Most Significant Bit (MSB)

JPEG files, what's the starting offset positionn for the JFIF label?

Offset 6

Collections of pixels stored in rows rather than a grid making graphics easier to print

Raster Images

________is not considered to be a non-standard graphics file format?

.dxf

Collection of pixels in a grid format forming a graphic.

Bitmap Images

Process of converting raw picture data to another format.

Demosaicing

A JPEG file is an example of a vector graphic

FALSE

Graphics files stored on a computer can't be recovered after they are delted

FALSE

Only one fiel format can compress graphics files

FALSE

The IEEE's website is the best source for learning more about file formats and their extenstions.

FALSE

When investigating graphics files, you should convert them into one standard format

FALSE

For EXIF JPEG file, the hexadecimal value starting at offset 2 is?

FFE1

Each type of graphics file has a unique header contianing information that distinguishes it from other tpes of graphics files

TRUE

When viewing a file header, you need to include hexadecimal information to view the image

TRUE

Which of the following is true about JPEG and TIF files?

They have differnet values for the first 2 bytes of their file headers

A standard JFIF JPEG file has a header value of FF D8 FF E0 from offset 0 and the label name JFIF starting at offset 6.

True

Bitmap images store graphics informaiton as grids of pixels, short for "picture elements"

True

Each graphics files type has a unique header value

True

Graphics files are created and saved in a graphics editor, such as Microsoft Paint, Adobe Freehand MX, Adobe Photoshop or Gnome GIMP.

True

lossless compression

a compression method in which no data is lost

lossy compression

a compression method that permanently discards bits of information in a file

Exhangeable Image File (Exif)

a file format the japan electronics and information technology industries associaation developed as a standard for storing metadata in JPEG and TIF files

raw file format

a file format typically found on higher-end digital cameras

vector quantization

a form of compression that uses an algorithm similar to rounding off decimal vlaues to eliminate unnecessary bits of data

salvaging

another term for carving, used outside north america

bitmap images

collections of dots, or pixels in a grid format that form a graphic

raster images

collections of pixels stored in rows rather than a grid, as with bitmap images, to make graphics easier to print

standard graphics file formats

common graphics file formats that most graphics programs and image viewers can open

vector graphics file formats

common graphics file formats that most graphics programs and image viewers can open

The process of converting raw picture data to another format is called_______

demosaicing

the process of converting raw images to another format is called which of the following?

demosaicing

nonstandard graphics file formats

less common graphics file formats, incuding proprietary formats, newer formats, formats that most image viewers don't recognize, and oldr or obsolete formats

Bitmap (.bmp) fies use hwich of the followign tyes of compression

lossless

The Lempel-Ziv-Welch (LZW) algorithm is used in compression.

lossless

What type of compression uses an algorithm that allows viewing the graphics file without losing any poriton of the data?

lossless

Digital pictures use data compression to accomplish which of the following goals?

save space on a hard drive produce a file that can be emailed or posted on the internet

The _________format is not considered to be a standard graphics file format.

tga

resolution

the density of pixels displayed onscreen, which governs image quality

most significant bit (MSB)

the hightest bit value in a byte

data compression

the process of coding data form a larger form to a smaller form

demosaicing

the process of converting raw picture data to another format, such as JPEG or TIF

Explain how to identify an unknown graphics file format that your digital forensics tool doesnt' recognize

you need to examine a coy of the unknown file with a hexadecimal editor to find the hex code for the first several bytes of the file. then you need to examine the other known file types with similar or identical eader values to see wheather you can confirm its file type


Related study sets

Money Matters Unit 1 Review Questions

View Set

Item Bank Worksheet Ch 9,10,11 stats- PY 211

View Set

Physics Concept Questions for Test on Motion

View Set