{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

quiz3 - Question 1 0 out of 1 points Updating security...

Info icon This preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Question 1 0 out of 1 points Updating security patches, antivirus software, and OSs fall into the ________________ category of the defense in depth strategy. Selected Answer: defense in depth Correct Answer: Evaluation Method Correct Answer Exact Match operations Question 2 1 out of 1 points Which of the NIST guidelines below requires using a modified boot loader to access RAM for analysis? Selected Answer: a. Hex dumping Answers: a. Hex dumping b. Manual extraction c. Chip-off d. Micro read Question 3 1 out of 1 points Forensics tools can't directly mount VMs as external drives. Selected Answer: Fals e Answers: True Fals e Question 4 1 out of 1 points Which option below is not a disk management tool? Selected Answer: b. HexEdit Answers: a. Partition Magic b. HexEdit c.
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
GRUB d. Partition Master Question 5 1 out of 1 points Where is the OS stored on a smartphone? Selected Answer: c. ROM Answers: a. Microprocessor b. Read/write flash c. ROM d. RAM Question 6 1 out of 1 points The ___________ UNIX e-mail server has two primary configuration files, master.cf and main.cf Selected Answer: postf x Correct Answer: Evaluation Method Correct Answer Exact Match postfx Question 7 1 out of 1 points The AccessData program has a hashing database, ________________, which is available only with FTK, and can be used to flter known program fles from view and contains the hash values of known illegal fles. Selected Answer: b. Known File Filter (KFF) Answers: a. Unknown File Filter (UFF) b. Known File Filter (KFF) c. FTK Hash Imager d. DeepScan Filter
Image of page 2
Question 8 1 out of 1 points Explain how bit-shifting, and related techniques, are used to hide data. Selected Answer: Some home computer users developed the skill of programming in the computer manufacturer’s assembly language and learned how to create a low-level encryption program that changes the order of binary data, making the altered data unreadable when accessed with a text editor or word processor. These programs rearrange bits for each byte in a fle. To secure a fle containing sensitive or incriminating information, these users run an assembler program (also called a macro) on the fle to scramble the bits. To access the fle, they run another program that restores the scrambled bits to their original order. Some of these programs are still used today and can make it difficult for forensic investigators to analyze data on a suspect drive. You should start by identifying any fles you’re not familiar with that might lead to new evidence. Training in assembly language—as well as higher- level programming languages, such as Visual Basic, Visual C++, or Perl—is also helpful. A related, and well-known, technique for hiding data is shifting bit patterns to alter the byte values of data. Bit-shifting changes data from readable code to data that looks like binary executable code. Hex Workshop includes a feature for shifting bits and altering byte patterns of entire fles or specifed data.
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern