Forensics Midterm CH 1-8

11 September 2022
4.7 (114 reviews)
100 test answers

Unlock all answers in this set

Unlock answers (96)
question
Chapter 7 Linux is a certified UNIX operating system.
answer
False
question
Chapter 7 The term "kernel" is often used when discussing Linux because technically, Linus is only the core of the OS.
answer
True
question
Chapter 7 Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.
answer
False - Linux commands ARE case sensitive
question
Chapter 7 In UNIX and Linux, everything except monitors are considered files.
answer
False
question
Chapter 7 The only pieces of metadata not in an inode are the filename and path. T/F
answer
True
question
Chapter 7 Who is the current maintainer of the Linux kernel?
answer
Linus Torvalds
question
Chapter 7 What file under the /etc folder contains the hashed passwords for a local system?
answer
shadow
question
Chapter 7 What is the minimum size of a block in UNIX/Linux filesystems?
answer
512
question
Chapter 7 _______________ contain file and directory metadata and provide a mechanism for linking data stored in data blocks.
answer
Inodes
question
Chapter 7 On Mac OS X systems, what utility can be used to encrypt / decrypt a user's home directory?
answer
FileVault
question
Chapter 7 ________________ is a specialized carving tool that can read many image file formats, such as RAW and Expert Witness.
answer
Foremost
question
Chapter 7 What command below will create a symbolic link to a file?
answer
ln -s
question
Chapter 7 Select below the command that can be used to display bad block information on a Linux file system, but also has the capability to destroy valuable information.
answer
badblocks
question
Chapter 7 Adding the _____________ flag to the ls -l command has the effect of of showing all files beginning with the "." character in addition to other files.
answer
-a
question
Chapter 7 What type of block does a UNIX/Linux computer only have one of?
answer
boot block
question
Chapter 7 What information below is not included within an inode?
answer
The file's or directory's path
question
Chapter 7 A hash that begins with "$6" in the shadow file indicates that it is a hash from what hashing algorithm? 2
answer
SHA-512
question
Chapter 7 As part of a forensics investigation, you need to recover the logon and logoff history information on a Linux based OS. Where can this information be found?
answer
/var/log/wtmp
question
Chapter 7 The ______________ command can be used to see network interfaces.
answer
ifconfig
question
Chapter 7 The Mac OS reduces file fragmentation by using _______________.
answer
clumps
question
Chapter 7 What file is used to store any file information that is not in the MDB or a VCB?
answer
extents overflow file
question
Chapter 7 In a B*tree file system, what node stores link information to previous and next nodes?
answer
index node
question
Chapter 7 Where is the root user's home directory located on a Mac OS X file system?
answer
/private/var/root
question
Chapter 7 Within the /etc/shadow file, what field contains the password hash for a user account if one exists?
answer
2nd field
question
Chapter 7 If a file has 510 bytes of data, what is byte 510?
answer
The logical EOF (End of File)
question
Chapter 8 The first 3 bytes of an XIF file are exactly the same as a TIF file.? t/f
answer
True
question
Chapter 8 Graphics files are created and saved in a graphics editor, such as Microsoft Paint, Adobe Freehand MX, Adobe Photoshop, or Gnome GIMP.? t/f
answer
True
question
Chapter 8 Most digital cameras use the bitmap format to store photos.? t/f
answer
False
question
Chapter 8 When you decompress ?data that uses a lossy compression algorithm, you regain data lost by compression. t/f
answer
False
question
Chapter 8 Each graphics file type has a unique header value.? t/f
answer
True
question
Chapter 8 ?How many bits are required to create a pixel capable of displaying 65,536 different colors? a. 8 bit b. 16 bit c. 32 bit d. 64 bit
answer
b. 16 bit
question
Chapter 8 Which of the following is not considered to be a non-standard graphics file format?? a. .dxf b. .tga c. .rtl d. .psd
answer
a. .dxf
question
Chapter 8 All TIF files start at offset 0 with what 6 hexadecimal characters?? a. 2A 49 48 b. FF 26 9B c. 49 49 2A d. AC 49 2A
answer
c. 49 49 2A
question
Chapter 8 What kind of graphics file combines bitmap and vector graphics types?? a. metafile b. bitmap c. jpeg d. tif
answer
a. metafile
question
Chapter 8 The process of converting raw picture data to another format is called _________________.? a. splicing b. caring c. demosaicing d. vector quanization
answer
c. demosaicing
question
Chapter 8 What format was developed as a standard for storing metadata in image files? a. jpeg b. tif c. exif d. bitmap
answer
c. exif
question
Chapter 8 ?Which of the following formats is not considered to be a standard graphics file format? a. gif b. jpeg c. dxf d. tga
answer
d. tga
question
Chapter 8 Select below the utility that is not a lossless compression utility:? a. PKZip b. WinZip c. Stufflt d. Lzip
answer
d. Lzip
question
Chapter 8 In simple terms, _____________ compression ?discards bits in much the same way rounding off decimal values discards numbers. a. Huffman b. Lempel-Ziv-Welch (LZW) c. Vector Quantization d. Adaptive Quanization
answer
c. Vector Quantization
question
Chapter 8 What file type starts at offset 0 with a hexidecimal value of FFD8?? a. tiff b. jpeg c. xdg d. bmp
answer
b. jpeg
question
Chapter 8 How many different colors can be displayed by a 24 bit colored pixel?? a. 256 b. 65,536 c. 16,777,216 d. 4, 294,967,296
answer
c. 16,777,216
question
Chapter 8 ?The _____________ format is a proprietary format used by Adobe Photoshop. a. .tga b. fhll c. svg d. psd
answer
d. psd
question
Chapter 8 ?For EXIF JPEG files, the hexadecimal value starting at offset 2 is _____________. a. FFE0 b. FFE1 c. FFD8 d. FFD9
answer
b. FFE1
question
Chapter 8 Referred to as a digital negative, the _______ is typically used on many higher-end digital cameras.? a. raster file format b. bitmap file format c. jpeg file format d. raw file format
answer
d. raw file format
question
Chapter 8 The Lempel-Ziv-Welch (LZW) algorithm is used in _____________ compression.? a. lossy b. lossless c. vector quantization d. adaptive
answer
b. lossless
question
Chapter 8 For all JPEG files, the ending hexadecimal marker, also known as the end of image (EOI), is ____________.? a. FFD0 b. FFD8 c. FFD9 d. FFFF
answer
c. FFD9
question
Chapter 8 Which graphics file format below is rarely compressed? a. GIF b. JPEG c. BMP D. None of the above
answer
c. BMP
question
Chapter 8 When looking at a byte of information in binary, such as 11101100, what is the first bit on the left referred to as?? a. major significant bit (MSB) b. least significant bit (LSB) c. most significant bit (MSB) d. leading significant bit (LSB)
answer
c. most significant bit (MSB)
question
Chapter 8 What act defines precisely how copyright laws pertain to graphics? a. 1988 image ownership act b. 1976 copyright act c. 1923 patented image act d. 1976 computer fraud and abuse act
answer
b. 1976 copyright act
question
Chapter 8 Which of the following is not a type of graphic file that is created by a graphics program?? a. bitmap images b. vector graphics c. metafile graphics d. raster graphics
answer
d. raster graphics
question
Linux is a certified UNIX operating system.
answer
False
question
The term "kernel" is often used when discussing Linux because technically, Linus is only the core of the OS.
answer
True
question
Capitalization, or lack thereof, makes no difference with UNIX and Linux commands.
answer
False - Linux commands ARE case sensitive
question
In UNIX and Linux, everything except monitors are considered files.
answer
False
question
The only pieces of metadata not in an inode are the filename and path. T/F
answer
True
question
Who is the current maintainer of the Linux kernel?
answer
Linus Torvalds
question
What file under the /etc folder contains the hashed passwords for a local system?
answer
shadow
question
What is the minimum size of a block in UNIX/Linux filesystems?
answer
512
question
blocks.
answer
Inodes
question
On Mac OS X systems, what utility can be used to encrypt / decrypt a user's home directory?
answer
FileVault
question
Witness.
answer
Foremost
question
What command below will create a symbolic link to a file?
answer
ln -s
question
capability to destroy valuable information.
answer
badblocks
question
"." character in addition to other files.
answer
-a
question
What type of block does a UNIX/Linux computer only have one of?
answer
boot block
question
What information below is not included within an inode?
answer
The file's or directory's path
question
2
answer
SHA-512
question
OS. Where can this information be found?
answer
/var/log/wtmp
question
The ______________ command can be used to see network interfaces.
answer
ifconfig
question
The Mac OS reduces file fragmentation by using _______________.
answer
clumps
question
What file is used to store any file information that is not in the MDB or a VCB?
answer
extents overflow file
question
file system, what node stores link information to previous and next nodes?
answer
index node
question
Where is the root user's home directory located on a Mac OS X file system?
answer
/private/var/root
question
Within the /etc/shadow file, what field contains the password hash for a user account if one exists?
answer
2nd field
question
If a file has 510 bytes of data, what is byte 510?
answer
The logical EOF (End of File)
question
t/f
answer
True
question
t/f
answer
True
question
t/f
answer
False
question
t/f
answer
False
question
t/f
answer
True
question
d. 64 bit
answer
b. 16 bit
question
d. .psd
answer
a. .dxf
question
d. AC 49 2A
answer
c. 49 49 2A
question
d. tif
answer
a. metafile
question
d. vector quanization
answer
c. demosaicing
question
d. bitmap
answer
c. exif
question
d. tga
answer
d. tga
question
d. Lzip
answer
d. Lzip
question
d. Adaptive Quanization
answer
c. Vector Quantization
question
d. bmp
answer
b. jpeg
question
d. 4, 294,967,296
answer
c. 16,777,216
question
d. psd
answer
d. psd
question
d. FFD9
answer
b. FFE1
question
d. raw file format
answer
d. raw file format
question
d. adaptive
answer
b. lossless
question
d. FFFF
answer
c. FFD9
question
D. None of the above
answer
c. BMP
question
d. leading significant bit (LSB)
answer
c. most significant bit (MSB)
question
d. 1976 computer fraud and abuse act
answer
b. 1976 copyright act
question
d. raster graphics
answer
d. raster graphics