Guide to Computer Forensics and Investigations 5e Bill Nelson Amelia Phillips Christopher Steuart

Guide to Computer Forensics and Investigations 5e Bill Nelson Amelia Phillips Christopher Steuart

Multiple Choice 1. How many bits are required to create a pixel capable of displaying 65,536 different colors? a. 8 bits b. 16 bits c. 32 bits d. 64 bits ANSWER: b POINTS: 1 REFERENCES: 319 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/25/2014 11:18 PM DATE MODIFIED: 11/25/2014 11:36 PM 2. Which of the following is not considered to be a non-standard graphics file format? a. .dxf b. .tga c. .rtl d. .psd ANSWER: a POINTS: 1 REFERENCES: 320 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/25/2014 11:37 PM DATE MODIFIED: 11/30/2014 9:52 PM 3. All TIF files start at offset 0 with what 6 hexadecimal characters? a. 2A 49 48 b. FF 26 9B c. 49 49 2A d. AC 49 2A ANSWER: c POINTS: 1 REFERENCES: 342 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/25/2014 11:51 PM DATE MODIFIED: 11/25/2014 11:53 PM 4. What kind of graphics file combines bitmap and vector graphics types? a. metafile b. bitmap c. jpeg d. tif ANSWER: a POINTS: 1 REFERENCES: 318 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 12:59 AM DATE MODIFIED: 11/30/2014 10:06 PM 5. The process of converting raw picture data to another format is called _________________. a. splicing b. carving c. demosaicing d. vector quantization ANSWER: c POINTS: 1 REFERENCES: 321 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 1:11 AM DATE MODIFIED: 11/29/2014 1:18 AM 6. What format was developed as a standard for storing metadata in image files? a. jpeg b. tif c. exif d. bitmap ANSWER: c POINTS: 1 REFERENCES: 321 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 1:22 AM DATE MODIFIED: 11/29/2014 1:27 AM 7. Which of the following formats is not considered to be a standard graphics file format? a. gif b. jpeg c. dxf d. tga ANSWER: d POINTS: 1 REFERENCES: 320 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 7:57 PM DATE MODIFIED: 11/29/2014 8:00 PM 8. Select below the utility that is not a lossless compression utility: a. PKZip b. WinZip c. StuffIt d. Lzip ANSWER: d POINTS: 1 REFERENCES: 325 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 9:48 PM DATE MODIFIED: 11/29/2014 9:50 PM 9. In simple terms, _____________ compression discards bits in much the same way rounding off decimal values discards numbers. a. Huffman b. Lempel-Ziv-Welch (LZW) c. Vector Quantization d. Adaptive Quantization ANSWER: c POINTS: 1 REFERENCES: 325 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 9:51 PM DATE MODIFIED: 11/29/2014 9:55 PM 10. What file type starts at offset 0 with a hexidecimal value of FFD8? a. tiff b. jpeg c. xdg d. bmp ANSWER: b POINTS: 1 REFERENCES: 322 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/29/2014 10:00 PM DATE MODIFIED: 11/29/2014 10:02 PM 11. How many different colors can be displayed by a 24 bit colored pixel? a. 256 b. 65,536 c. 16,777,216 d. 4,294,967,296 ANSWER: c POINTS: 1 REFERENCES: 319 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 6:43 PM DATE MODIFIED: 11/30/2014 6:47 PM 12. The _____________ format is a proprietary format used by Adobe Photoshop. a. .tga b. .fh11 c. .svg d. .psd ANSWER: d POINTS: 1 REFERENCES: 320 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 6:51 PM DATE MODIFIED: 11/30/2014 9:52 PM 13. For EXIF JPEG files, the hexadecimal value starting at offset 2 is _____________. a. FFE0 b. FFE1 c. FFD8 d. FFD9 ANSWER: b POINTS: 1 REFERENCES: 322 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 6:54 PM DATE MODIFIED: 11/30/2014 7:03 PM 14. Referred to as a digital negative, the _______ is typically used on many higher-end digital cameras. a. raster file format b. bitmap file format c. jpeg file format d. raw file format ANSWER: d POINTS: 1 REFERENCES: 320 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 7:34 PM DATE MODIFIED: 11/30/2014 7:35 PM 15. The Lempel-Ziv-Welch (LZW) algorithm is used in _____________ compression. a. lossy b. lossless c. vector quantization d. adaptive ANSWER: b POINTS: 1 REFERENCES: 325 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 8:51 PM DATE MODIFIED: 11/30/2014 8:54 PM 16. For all JPEG files, the ending hexadecimal marker, also known as the end of image (EOI), is ____________. a. FFE0 b. FFD8 c. FFD9 d. FFFF ANSWER: c POINTS: 1 REFERENCES: 322 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 7:38 PM DATE MODIFIED: 11/30/2014 7:40 PM 17. Which graphics file format below is rarely compressed? a. GIF b. JPEG c. BMP d. None of the above ANSWER: c POINTS: 1 REFERENCES: 324 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 7:42 PM DATE MODIFIED: 11/30/2014 7:44 PM 18. When looking at a byte of information in binary, such as 11101100, what is the first bit on the left referred to as? a. major significant bit (MSB) b. least significant bit (LSB) c. most significant bit (MSB) d. leading significant bit (LSB) ANSWER: c POINTS: 1 REFERENCES: 346 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 9:10 PM DATE MODIFIED: 11/30/2014 9:12 PM 19. What act defines precisely how copyright laws pertain to graphics? a. 1988 Image Ownership Act b. 1976 Copyright Act c. 1923 Patented Image Act d. 1976 Computer Fraud and Abuse Act ANSWER: b POINTS: 1 REFERENCES: 348 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 9:32 PM DATE MODIFIED: 11/30/2014 9:37 PM 20. Which of the following is not a type of graphic file that is created by a graphics program? a. bitmap images b. vector graphics c. metafile graphics d. raster graphics ANSWER: d POINTS: 1 REFERENCES: 318 QUESTION TYPE: Multiple Choice HAS VARIABLES: False DATE CREATED: 11/30/2014 10:08 PM DATE MODIFIED: 11/30/2014 10:09 PM Completion 21. The ______________ is the best source for learning more about file formats and their extensions. ANSWER: Internet POINTS: 1 REFERENCES: 342 QUESTION TYPE: Completion HAS VARIABLES: False DATE CREATED: 11/25/2014 11:42 PM DATE MODIFIED: 11/25/2014 11:43 PM 22. A standard JFIF JPEG file has a header value of __________________ from offset 0 and the label name JFIF starting at offset 6. ANSWER: FF D8 FF E0 POINTS: 1 REFERENCES: 335 QUESTION TYPE: Completion HAS VARIABLES: False DATE CREATED: 11/30/2014 7:08 PM DATE MODIFIED: 11/30/2014 7:11 PM 23. Bitmap images store graphics information as grids of _________, short for “picture elements.” ANSWER: pixels POINTS: 1 REFERENCES: 318 QUESTION TYPE: Completion HAS VARIABLES: False DATE CREATED: 11/30/2014 7:30 PM DATE MODIFIED: 11/30/2014 7:32 PM 24. ProDiscover adds a ____________ extension automatically on all copied clusters the Recover Clusters function exports. ANSWER: .txt POINTS: 1 REFERENCES: 341 QUESTION TYPE: Completion HAS VARIABLES: False DATE CREATED: 11/30/2014 9:01 PM DATE MODIFIED: 11/30/2014 9:53 PM 25. The _______________ format is an image format produced by the Nuance PaperPort scanning program. ANSWER: XIF POINTS: 1 REFERENCES: 342 QUESTION TYPE: Completion HAS VARIABLES: False DATE CREATED: 11/30/2014 9:05 PM DATE MODIFIED: 11/30/2014 9:07 PM Subjective Short Answer 26. How do vector graphics differ from bitmap and raster images? ANSWER: Vector graphics, unlike bitmap and raster images, use lines instead of dots to make up an image. A vector file stores only the calculations for drawing lines and shapes; a graphics program con- verts these calculations into an image. Because vector files store calculations, not images, they are generally smaller than bitmap files, thereby saving disk space. You can also enlarge a vector graphic without affecting image quality—to make an image twice as large, a vector graphics program, such as CorelDRAW and Adobe Illustrator, computes the image mathematically. POINTS: 1 REFERENCES: 319 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/26/2014 12:05 AM DATE MODIFIED: 11/26/2014 12:08 AM 27. Describe the two major forms of steganography. ANSWER: The two major forms of steganography are insertion and substitution. Insertion places data from a secret file into a host file. This inserted data can only be viewed if the data structure is closely analyzed. Substitution, on the other hand, replaces bits of the host file with other bits of data. To avoid detection of this method, only the bits that result in the least amount of change are substituted. POINTS: 1 REFERENCES: 344-346 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/25/2014 11:43 PM DATE MODIFIED: 11/25/2014 11:48 PM 28. Describe the difference between lossy compression and lossless compression. ANSWER: Lossless compression reduces file size of data without removing any data. When a file that has been compressed with lossless compression is decompressed, all the information is restored. Lossy compression permanently discards bits of information from a file and can cause a reduction in the quality of images. POINTS: 1 REFERENCES: 325 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/29/2014 9:39 PM DATE MODIFIED: 11/29/2014 9:47 PM 29. When using steganography to hide messages, why is it better to change the least significant bits of an image, and how is this detected? ANSWER: Changing the most significant bit (highest priority bit) on the left will cause a greater change in the pixel’s color than changing the least significant bit. Generally speaking, only the last two LSBs in an image can be changed without producing a noticeable change in the shad of the color a pixel displays. To detect a change to the last two LSBs in a graphics file, a steganalysis tool must be used. POINTS: 1 REFERENCES: 346 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 9:15 PM DATE MODIFIED: 11/30/2014 9:23 PM 30. What is a digital watermark, and how is it used? ANSWER: Digital watermarks can be visible or imperceptible in media such as digital photos and audio files. Visible watermarks are usually an image, such as the copyright symbol or a company logo, layered on top of a photo. Imperceptible watermarks don’t change the appearance or sound quality of a copyrighted file. POINTS: 1 REFERENCES: 348 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 9:37 PM DATE MODIFIED: 11/30/2014 9:40 PM 31. What can investigators learn using Exif format metadata, and how is this data accessed? ANSWER: Investigators can learn more about the type of digital camera and the environment in which photos were taken. Investigators must use special programs, such as Exif Reader, Irfan View, or ProDiscover, which has a built-in Exif viewer, in order to access the metadata. POINTS: 1 REFERENCES: 321 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 9:47 PM DATE MODIFIED: 11/30/2014 9:50 PM 32. List the standard bitmap graphics file formats. ANSWER: The standard bitmap graphics file formats are: • Portable Network Graphic (.png) • Graphics Interchange Format (.gif) • Joint Photographic Experts Group (.jpg or .jpeg) • Tagged Image File Format (.tif or .tiff) • Windows Bitmap (.bmp) POINTS: 1 REFERENCES: 320 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 9:53 PM DATE MODIFIED: 11/30/2014 9:58 PM 33. Explain the difference between bitmap and raster images. ANSWER: Bitmap images store graphics information as grids of pixels, short for “picture elements”. Raster images are also collections of pixels, but they store pixels in rows to make images easy to print. In most cases, printing an image converts (rasterizes) it to print pixels line by line instead of processing the complete collection of pixels. POINTS: 1 REFERENCES: 318 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 10:10 PM DATE MODIFIED: 11/30/2014 10:12 PM 34. What is the biggest disadvantage of the raw file format? ANSWER: The biggest disadvantage of the RAW file format is the fact that it is proprietary, and not all image viewers can display these formats. To view a raw graphics file, you might need to get the viewing and conversion software from the camera manufacturer. Each manufacturer has its own program with an algorithm to convert raw data to other standard formats, such as JPEG or TIF. POINTS: 1 REFERENCES: 321 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 10:15 PM DATE MODIFIED: 11/30/2014 10:19 PM 35. Why should date and time for a file be considered subjective evidence? ANSWER: Date and time information for a file should be considered subjective because intentional and unintentional acts make date and time difficult to confirm. For example, suspects could alter a camera’s clock intentionally to record an incorrect date and time when a picture is taken. An unintentional act could be the battery or camera’s electronics failing, for example, which causes an incorrect date and time to be recorded. POINTS: 1 REFERENCES: 323 QUESTION TYPE: Subjective Short Answer HAS VARIABLES: False DATE CREATED: 11/30/2014 10:20 PM DATE MODIFIED: 11/30/2014 10:27 PM True / False 36. The first 3 bytes of an XIF file are exactly the same as a TIF file. a. True b. False ANSWER: True POINTS: 1 REFERENCES: 343 QUESTION TYPE: True / False HAS VARIABLES: False DATE CREATED: 11/25/2014 11:53 PM DATE MODIFIED: 11/25/2014 11:54 PM 37. Graphics files are created and saved in a graphics editor, such as Microsoft Paint, Adobe Freehand MX, Adobe Photoshop, or Gnome GIMP. a. True b. False ANSWER: True POINTS: 1 REFERENCES: 319 QUESTION TYPE: True / False HAS VARIABLES: False DATE CREATED: 11/30/2014 6:47 PM DATE MODIFIED: 11/30/2014 6:48 PM 38. Most digital cameras use the bitmap format to store photos. a. True b. False ANSWER: False POINTS: 1 REFERENCES: 321 QUESTION TYPE: True / False HAS VARIABLES: False DATE CREATED: 11/30/2014 7:15 PM DATE MODIFIED: 11/30/2014 7:17 PM 39. When you decompress data that uses a lossy compression algorithm, you regain data lost by compression. a. True b. False ANSWER: False POINTS: 1 REFERENCES: 325 QUESTION TYPE: True / False HAS VARIABLES: False DATE CREATED: 11/30/2014 7:45 PM DATE MODIFIED: 11/30/2014 7:46 PM 40. Each graphics file type has a unique header value. a. True b. False ANSWER: True POINTS: 1 REFERENCES: 326 QUESTION TYPE: True / False HAS VARIABLES: False DATE CREATED: 11/30/2014 7:47 PM DATE MODIFIED: 11/30/2014 7:48 PM Matching Match each term with the correct definition below: a. bitmap images b. carving c. demosaicing d. Exchangeable Image File (ExIF) e. false positives f. metafile graphics g. nonstandard graphics file formats h. raster images i. vector graphics j. vector quantization (VQ) REFERENCES: 350-351 QUESTION TYPE: Matching HAS VARIABLES: False DATE CREATED: 11/30/2014 6:53 PM DATE MODIFIED: 11/30/2014 7:22 PM 41. The process of converting raw picture data to another fornat, such as JPEG or TIF. ANSWER: c POINTS: 1 42. Graohics based on mathematicsl instructions to form lines, curves, text, and other geometrical shapes. ANSWER: i POINTS: 1 43. Graphics files that are combinations of bitmap and vector images. ANSWER: f POINTS: 1 44. Collections of pixels stored in rows rather than a grid, as with bitmap images, to make graphics easier to print; usually creates when a vector graphic is converted to a bitmap image. ANSWER: h POINTS: 1 45. Collection of dots, or pixels, in a grid format that form a graphic. ANSWER: a POINTS: 1 46. A form of compression that uses an algorithm similar to rounding off decimal values to eliminate unnecessary bits of data. ANSWER: j POINTS: 1 47. A file format the Japan Electronics and Informatuin Technology Industries Association (JEITA) developed as a standard for storing metadata in JPEG or TIF files. ANSWER: d POINTS: 1 48. The process of recovering file fragments that are scattered across a disk. ANSWER: b POINTS: 1 49. Less common graphic file formats, including proprietary formats, newer formats, formats that most image viewers don’t recognize, and old or obsolete formats. ANSWER: g POINTS: 1 50. The results of keyword searches that contain the correct match but aren’t relevant to the investigation. ANSWER: e POINTS: 1