Quiz: Module 08 Media Files and Digital Forensics

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall with Kai
GameKnowt Play
New
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/20

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards

The process of converting raw images to another format is called which of the following?

a. Data conversion

b. Transmogrification

c. Transfiguring

d. Demosaicing

d. Demosaicing

2
New cards

What are the hexadecimal values of a TIF file in little endian?

a. 0x49 0x49 0x2A 0x00

b. 0xFF 0xD8 0xFF 0xE0

c. 0xFF 0xD8 0xFF 0xE1

d. 0x50 0x4B 0x03 0x04

a. 0x49 0x49 0x2A 0x00

3
New cards

Many digital picture formats use data compression to accomplish which of the following goals?

a. Save space on a hard drive.

b. Provide a crisp and clear image.

c. Eliminate redundant data.

d. Produce a file that can be emailed or posted on the Internet.

a. Save space on a hard drive.

4
New cards

Portable Network Graphic (.png) files use which of the following types of compression?

a. WinZip

b. Lossy

c. Lzip

d. Lossless

d. Lossless

5
New cards

A JPEG file uses which type of compression?

a. WinZip

b. Lossy

c. Lzip

d. Lossless

b. Lossy

6
New cards

Steganography is used for which of the following purposes?

a. Validating data

b. Hiding data

c. Accessing remote computers

d. Creating strong passwords

b. Hiding data

7
New cards

Which of the following might indicate that steganography was used to hide data? (Choose all that apply.)

a. Multiple copies of the same graphics file that have different hash values

b. Graphics files with the same name but different file sizes

c. Steganography programs in the suspect computer's All Programs list

d. Graphics files with different timestamps

a. Multiple copies of the same graphics file that have different hash values

b. Graphics files with the same name but different file sizes

c. Steganography programs in the suspect computer's All Programs list

8
New cards

In steganalysis, cover-media is which of the following?

a. The content of a file used for a steganography message

b. The type of steganographic method used to conceal a message

c. The file a steganography tool used to host a hidden message, such as a JPEG or an MP3 file

d. A specific type of graphics file used only for hashing steganographic files

c. The file a steganography tool used to host a hidden message, such as a JPEG or an MP3 file

9
New cards

Which of the following methods are used for digital watermarking?

a. Implanted subroutines that link to a central web server automatically when the watermarked file is accessed

b. Invisible modification of the LSBs in the file

c. Layering visible symbols on top of the image

d. Using a hex editor to alter the image data

b. Invisible modification of the LSBs in the file

10
New cards

You're using Windows Disk Management to view primary and extended partitions on a suspect drive through a write-blocker. The program reports the extended partition's total size as larger than the sum of the sizes of logical partitions in this extended partition. What might you infer from this information?

a. The disk is corrupted.

b. There might be a hidden or deleted partition.

c. Nothing; this is what you'd expect to see.

d. The drive is formatted incorrectly.

b. There might be a hidden or deleted partition.

11
New cards

If an application uses salting when creating passwords, what factors should a forensics examiner consider when attempting to recover passwords?

a. There are no concerns because salting doesn't affect password-recovery tools.

b. Salting can make password recovery extremely difficult and time consuming.

c. Salting applies only to OS start-up passwords, so there are no serious concerns for examiners.

d. The effect on the computer's CMOS clock could alter files' date and time values.

b. Salting can make password recovery extremely difficult and time consuming.

12
New cards

Which of the following methods would likely be most successful when attempting to gain access to a password-protected file found on a computer?

a. Solicit the password from the uncooperative suspect.

b. Use a brute-force attack on the password-protected file.

c. Use a dictionary attack on the password-protected file.

d. Use a tool to build a password profile of the suspect to attack the password-protected file.

d. Use a tool to build a password profile of the suspect to attack the password-protected file.

13
New cards

Rainbow tables serve what purpose for digital forensics examinations?

a. Contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords.

b. Supplement the NIST NSRL library of hash tables.

c. Enhance the search capability of many digital forensics examination tools.

d. Provide a scoring system for probable search terms.

a. Contain computed hashes of possible passwords that some password-recovery programs can use to crack passwords.

14
New cards

Which would be the most appropriate resource for identifying an unknown graphics file format that a digital forensics analysis tool does not recognize?

a. The senior digital forensics examiner

b. The NSRL

c. The Intranet

d. The Internet

d. The Internet

15
New cards

When you carve a graphics file, recovering the image depends on which of the following skills?

a. Recovering the image from a tape backup

b. Recognizing the pattern of the data content

c. Recognizing the pattern of the file header content

d. Recognizing the pattern of a corrupt file

c. Recognizing the pattern of the file header content

16
New cards

Which of the following groups of hexadecimal numbers are the header values of a JPEG file?

a. 0x89, 0x50, 0x4E, 0x47

b. 0xFF, 0xD8, 0xFF, 0xE0

c. 0xFF, 0xD8, 0xFF, 0xE1

d. 0x00, 0x00, 0x00, 0x14

b. 0xFF, 0xD8, 0xFF, 0xE0

17
New cards

Which of the following represents known files you can eliminate from an investigation? (Choose all that apply.)

a. Any graphics files

b. Files associated with an application

c. System files the OS uses

d. Any files pertaining to the company

b. Files associated with an application

c. System files the OS uses

18
New cards

The Exterro's AccessData Known File Filter (KFF) database can be used for which of the following purposes? (Choose all that apply.)

a. Filter known program files from view.

b. Calculate hash values of image files.

c. Compare hash values of known files with evidence files.

d. Filter out evidence that doesn't relate to your investigation.

a. Filter known program files from view.

c. Compare hash values of known files with evidence files.

19
New cards

The National Software Reference Library (NSRL) provides what type of resource for digital forensics examiners?

a. A list of digital forensics tools that make examinations easier

b. A list of MD5 and SHA1 hash values for all known OSs and applications

c. Reference books and materials for digital forensics

d. A repository for software vendors to register their developed applications

b. A list of MD5 and SHA1 hash values for all known OSs and applications

20
New cards

Block-wise hashing has which of the following benefits for forensics examiners?

a. Allows validating sector comparisons between known files

b. Provides a faster way to shift bits in a block or sector of data

c. Verifies the quality of OS files

d. Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect drive

d. Provides a method for hashing sectors of a known good file that can be used to search for data remnants on a suspect drive

21
New cards

What is the first step when initiating a digital forensics examination?

a. Identify needs of the examination.

b. Select the appropriate acquisition tool.

c. Wipe the target drives for the acquisition.

d. Properly preserve the evidence.

d. Properly preserve the evidence