Chapter 09 Homework The Likelihood That Brute force Attack Can Succeed

Unlock access to all the studying documents.

View Full Document

Guide to Computer Forensics and Investigations, 5th ed., 9781285060033

Ch. 9 Solutions-1

Chapter 9 Solutions

Review Questions

1. Which of the following represents known files you can eliminate from an investigation? (Choose all

that apply.)

2. For which of the following reasons should you wipe a target drive?

3. The Known File Filter (KFF) can be used for which of the following purposes? (Choose all that

apply.)

4. Password recovery is included in all forensics tools. True or False?

5. After you shift a file’s bits, the hash value remains the same. True or False?

6. Which forensic image file format creates or incorporates a validation hash value in the image file?

(Choose all that apply.)

a. Expert Witness

7. ___________________ happens when an investigation goes beyond the bounds of its original

description.

8. Suppose you’re investigating an e–mail harassment case. Generally, is collecting evidence for this

type of case easier for an internal corporate investigation or a criminal investigation?

9. You’re using Disk Management to view primary and extended partitions on a suspect’s drive. The

program reports the extended partition’s total size as larger than the sum of the sizes of logical

partitions in this extended partition. What might you infer from this information?

10. Commercial encryption programs often rely on _____________________ technology to recover files

if a password or passphrase is lost.

11. Steganography is used for which of the following purposes?

Guide to Computer Forensics and Investigations, 5th ed., 9781285060033

Ch. 9 Solutions-2

12. The National Software Reference Library provides what type of resource for digital forensics

examiners?

13. In steganalysis, cover-media is which of the following?

14. Rainbow tables serve what purpose for digital forensics examinations?

15. The likelihood that a brute-force attack can succeed in cracking a password depends heavily on the

password length. True or False?

16. If an application uses salting when creating passwords, what concerns should a forensics examiner

have when attempting to recover passwords?

17. Block-wise hashing has which of the following benefits for forensics examiners?

Hands-On Projects

Hands-On Project 9-1

The correspondence2.txt file should be identical to the original correspondence.txt file. Students

should state how reliable this method of data obfuscation is in hiding and recovering data from a file.

Hands-On Project 9-2

Make sure students list all hash values for these image files.

Hands-On Project 9-3

In searching Chris’s e-mails, students should find three messages from baspen99@aol.com. Their reports should

Hands-On Project 9-4

Students should find two e-mail messages related to kayak activities as well as an old StarOffice document

Case Projects

Case Project 9-1

Guide to Computer Forensics and Investigations, 5th ed., 9781285060033

Ch. 9 Solutions-3

Students should list steps to consider for a fraud investigation, such as collecting e-mails and examining Word and

Case Project 9-2

Because the investigation is ongoing, students should state that making a remote image of the suspect’s drive is

Case Project 9-3