ISTC2071 – Computer Forensics Chapter 9 Study Guide

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/19

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

20 Terms

1
New cards

What does scope creep typically do?

Increases the time and resources needed to extract, analyze, and present data

2
New cards

What should be created in order to begin a digital forensics case?

An investigation plan

3
New cards

In addition to search warrants, what defines the scope of civil and criminal cases?

Subpoenas

4
New cards

Which program has an indexed version of the NIST NSRL of MD5 hashes that can be imported to enhance searching for and eliminating known OS and application
files?

Autopsy

5
New cards

Because digital forensics tools have limitations in performing hashing, what tools should be used to ensure data integrity?

Hexadecimal editors

6
New cards

Which AccessData feature compares known file hash values to files on your evidence drive or image files to see whether they contain suspicious data?

KFF

7
New cards

Which activity involves changing or manipulating a file to conceal information?

Data hiding

8
New cards

Which Windows disk partition utility can be used to hide partitions?

diskpart

9
New cards

The data-hiding technique involving marking bad clusters is more commonly used with what type of file system?

FAT

10
New cards

Which term comes from the Greek word for "hidden writing"?

Steganography

11
New cards

When both the original file with no hidden message and the converted file with the hidden message are available, what analysis method is recommended by Johnson
and Jajodia?

Known cover attack

12
New cards

What technology is designed to recover encrypted data if users forget their passphrases or if the user key is corrupted after a system failure?

Key escrow

13
New cards

Which program incorporates an advanced encryption technique that can be used to hide data?

BestCrypt

14
New cards

Which type of recovery is becoming more common in digital forensic analysis?

Password

15
New cards

What type of attacks use every possible letter, number, and character found on a keyboard when cracking a password?

Brute-force

16
New cards

Many password-protected OSs and applications store passwords in the form of
which type of hash values?

MD5

17
New cards

Which action alters hash values, making cracking passwords more difficult?

Salting passwords

18
New cards

What limits the data that can be sought in a criminal investigation?

The search warrant

19
New cards

Which data-hiding technique changes data from readable code to data that looks like binary executable code?

Bit-shifting

20
New cards

Which hashing algorithm is provided by WinHex?

SHA-1