Appropriate forensic computer-investigation methods and protocols do not include _____.
The _____ search feature allows you to look for words with extensions such as "ing", "ed", and so forth. Show a. fuzzy In FTK ________ search mode, you can also look for files that were accessed or changed during a certain time period. a. live One problem with hiding data using Steganography is _____. a. Software for steganography is very expensive C. The amount of information that can be successfully hidden is usually small The process of converting raw picture data to another format is referred to as ______ a. JEIDA Which of the following statements regarding live acquisitions is not true? a. Live acquisitions are especially useful when you are dealing with active network intrusions or attacks. c. Live acquisitions follow typical forensics procedures A common way of examining network traffic is by running the _______ command a. Netdump _____ is a Sysinternals command that shows all Registry data in real time on a WIndows computer a. PsReg The ______ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. a. Honeynet ______ increases the time and resources needed to extract, analyze, and present evidence. a. Investigation plan You begin any computer forensics case by creating a(n) _____ a. investigation plan In civil and criminal cases, the scope is often defined by search warrants or ________, which specify what data you can recover. a. risk assessment reports There are ___________ searching options for keywords which FTK offers. a. 2 ________ search can locate items such as text hidden in unallocated space that might not turn up in an indexed search. a. Online The ____ search feature allows you to look for words with extensions such as “ing,”“ed,” and so forth. In FTK ____ search mode, you can also look for files that were accessed or changed during a certain time period. FTK and other computer forensics programs use ____ to tag and document digital evidence. Getting a hash value with a ____ is much faster and easier than with a(n) ____. d. hexadecimal editor, computer forensics tool AccessData ____ compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data. Data ____ involves changing or manipulating a file to conceal information. One way to hide partitions is to create a partition on a disk, and then use a disk editor such as ____ to manually delete any reference to it. Marking bad clusters data-hiding technique is more common with ____ file systems. The term ____ comes from the Greek word for“hidden writing.” ____ is defined as the art and science of hiding messages in such a way that only the intended recipient knows the message is there. Many commercial encryption programs use a technology called ____, which is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system data failure. People who want to hide data can also use advanced encryption programs, such as PGP or ____. ____ recovery is a fairly easy task in computer forensic analysis. ____ attacks use every possible letter, number, and character found on a keyboard when cracking a password. ____ are handy when you need to image the drive of a computer far away from your location or when you don’t want a suspect to be aware of an ongoing investigation. ____ is a remote access program for communication between two computers. The connection is established by using the DiskExplorer program (FAT or NTFS) corresponding to the suspect (remote) computer’s file system. ____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes. You use ____ to create, modify, and save bitmap, vector, and metafile graphics files. ____ images store graphics information as grids of individual pixels. The process of converting raw picture data to another format is referred to as ____. The majority of digital cameras use the ____ format to store digital pictures. ____ compression compresses data by permanently discarding bits of information in the file. Recovering pieces of a file is called ____. A(n) ____ file has a hexadecimal header value of FF D8 FF E0 00 10. If you can’t open an image file in an image viewer, the next step is to examine the file’s ____. The uppercase letter ____ has a hexadecimal value of 41. The image format XIF is derived from the more common ____ file format. The simplest way to access a file header is to use a(n) ____ editor The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C01 0000 2065 5874 656E 6465 6420 03. ____ is the art of hiding information inside image files. ____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program. ____ steganography replaces bits of the host file with other bits of data. In the following list, ____ is the only steg tool. ____ has also been used to protect copyrighted material by inserting digital watermarks into a file. When working with image files, computer investigators also need to be aware of ____ laws to guard against copyright violations. Under copyright laws, computer programs may be registered as ____. Under copyright laws, maps and architectural plans may be registered as ____. d. pictorial, graphic, and sculptural works ____ can help you determine whether a network is truly under attack or a user has inadvertently installed an untested patch or custom program. ____ hide the most valuable data at the innermost part of the network. a. layered netowrk defense strategies ____ forensics is the systematic tracking of incoming and outgoing traffic on your network. ____ can be used to create a bootable forensic CD and perform a live acquisition. Helix operates in two modes:Windows Live (GUI or command line) and ____. A common way of examining network traffic is by running the ____ program. ____ is a suite of tools created by Sysinternals. ____ is a Sysinternals command that shows all Registry data in real time on a Windows computer. The PSTools ____ kills processes by name or process ID. ____ is a popular network intrusion detection system that performs packet capture and analysis in real time. ____ is the U.S. DoD computer forensics lab’s version of the dd command that comes with Knoppix-STD. The Knoppix STD tool ____ enables you to reset passwords on a Windows computer, including the administrator password ____ are devices and/or software placed on a network to monitor traffic. Most packet sniffers operate on layer 2 or ____ of the OSI model. Most packet sniffer tools can read anything captured in ____ format. In a(n) ____ attack, the attacker keeps asking your server to establish a connection. ____ is the text version of Ethereal, a packet sniffer tool. ____ is a good tool for extracting information from large Libpcap files. The ____ Project was developed to make information widely available in an attempt to thwart Internet and network hackers. Machines used on a DDoS are known as ____ simply because they have unwittingly become part of the attack. A ____ is a computer set up to look like any other machine on your network, but it lures the attacker to it. E-mail messages are distributed from one central server to many connected client computers, a configuration called ____. a. client/server architecture In an e-mail address, everything after the ____ symbol represents the domain name. With many ____ e-mail programs, you can copy an e-mail message by dragging the message to a storage medium, such as a folder or disk. When working on a Windows environment you can press ____ to copy the selected text to the clipboard. To retrieve e-mail headers in Microsoft Outlook, right-click the e-mail message, and then click ____ to open the Message Options dialog box. The Internet headers text box at the bottom of the dialog box contains the message header. To retrieve an Outlook Express e-mail header right-click the message, and then click ____ to open a dialog box showing general information about the message. For older UNIX applications, such as mail or mailx, you can print the e-mail headers by using the ____ command. To view AOL e-mail headers click Action, ____ from the menu. To view e-mail headers on Yahoo! click the ____ link in the Mail Options window, and then click Show all headers on incoming messages. In Microsoft Outlook, you can save sent, drafted, deleted, and received e-mails in a file with a file extension of ____. ____ is a comprehensive Web site that has options for searching for a suspect, including by e-mail address, phone numbers, and names. ____ allocates space for a log file on the server, and then starts overwriting from the beginning when logging reaches the end of the time frame or the specified log size. The files that provide helpful information to an e-mail investigation are log files and ____ files. ____ contains configuration information for Sendmail, allowing the investigator to determine where the log files reside. Typically, UNIX installations are set to store logs such as maillog in the ____ directory. Exchange logs information about changes to its data in a(n) ____ log. In Exchange, to prevent loss of data from the last backup, a ____ file or marker is inserted in the transaction log to mark the last point at which the database was written to disk. The Novell e-mail server software is called ____. GroupWise has ____ ways of organizing the mailboxes on the server. The GroupWise logs are maintained in a standard log format in the ____ folders. Some e-mail systems store messages in flat plaintext files, known as a(n) ____ format. Investigating cell phones and mobile devices is challenging because _____. b. no single standard exists for how and where cell phones store messages Which of the following items would least likely be stored on a cell phone. b. owner's personal address Which of the following mobile phone networks is the standard in Europe and Asia? Typically, mobile phones store system data in _______ which allows service providers to reprogram phones without having to access memory chips physically. _______ cards are found most commonly in GSM devices and consist of a microprocessor and EEPROM. This mobile phone network was designed for 4G and is less prone to interference than 3G. The operating system (OS) is stored in _______. Mobile phones that use _______ cards allow you to swap them out if you travel to Europe or if you are exceeding your minutes limit. Which of the following represents memory that is volatile and would be lost if power to the phone were shut off? The first step in mobile phone forensics is _____. c. identifying the mobile device Mobile phone forensics would be least likely to yield what type of information? d. biological information such as fingerprints Jane has acquired a mobile phone from a fraud suspect. The phone is turned on. Which of the following actions should she take immediately? b. place the phone in an empty paint can What are the three elements of computer forensics?The key elements of computer forensics are listed below: The use of scientific methods. Collection and preservation. Validation.
What are the computer forensic methodologies?Types of Computer Forensics:
Email forensics. Malware forensics. Memory forensics. Mobile Phone forensics.
Which of the following techniques are used during computer forensic investigations?Some common techniques include the following: Reverse steganography. Steganography is a common tactic used to hide data inside any type of digital file, message or data stream. Computer forensic experts reverse a steganography attempt by analyzing the data hashing that the file in question contains.
What is computer forensics and investigation?We define computer forensics as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence in a court of law.
|