Slides 8

Question 1

Define Acquisition

Answer 1

making a copy of the original drive

Question 2

Define Validation

Answer 2

a way to confirm that a tool is functioning as intended

Question 3

Write Blocker

Answer 3

prevents data writes to a hard disk. acts as bridge between suspect drive and forensic station

Question 4

CRC

Answer 4

Math algo. that determines whether a files contents have changed– not considered a forensic hashing algorithm

Question 5

3 Rules for forensic Hashes

Answer 5

1. you cant predict in the hash value of a file/device.
2. no two has values can be the same
3. if anything changes in the file the has value must change

Question 6

Scope Creep

Answer 6

when an investigation expands beyond the original description.

Question 7

Data Hiding

Answer 7

changing or manipulating a file to conceal info

Question 8

3 ways to improve image quality

Answer 8

1. Screen resolution
2. Software
3. Number of color bits per pixel

Question 9

standard bitmap file formats

Answer 9

.bmp

.Jpeg

Question 10

first technique to hide data

Answer 10

change the extensions

Question 11

other techniques to hide data

Answer 11

set up password protection, use encryption

Question 12

Demosaicing

Answer 12

process of converting raw picture data to another format

Question 13

Loseless Compression

Answer 13

reduces file size without removing data

Question 14

Lossy Compression

Answer 14

Permanetley discards bits of info rector quantization

Question 15

Steganography

Answer 15

hides info inside graphic files

Question 16

Insertion

Answer 16

hidden data is not displayed when viewing host files in its associated program

Question 17

Substitution

Answer 17

replaces bits of the host file with other bits of data

Question 18

4 formats for image files

Answer 18

1. EnCase
2. Raw Files
3. SMART files
4. Sleuth Kit

Question 19

Created subfolders

Answer 19

Export, Temp, Report

Question 20

formats ENcase outputs images files to:

Answer 20

Ex01

E01 (older)