Compression compresses data by permanently discarding bits of information in the file.

____ are based on mathematical instructions that define lines, curves, text, ovals, and other geometric shapes.

____ images store graphics information as grids of individual pixels.

The process of converting raw picture data to another format is referred to as ____.

The majority of digital cameras use the ____ format to store digital pictures.

____ compression compresses data by permanently discarding bits of information in the file.

Recovering pieces of a file is called ____.

A(n) ____ file has a hexadecimal header value of FF D8 FF E0 00 10.

If you can’t open an image file in an image viewer, the next step is to examine the file’s ____.

The image format XIF is derived from the more common ____ file format.

The simplest way to access a file header is to use a(n) ____ editor

The ____ header starts with hexadecimal 49 49 2A and has an offset of four bytes of 5C01 0000 2065 5874 656E 6465 6420 03.

____ is the art of hiding information inside image files.

____ steganography places data from the secret file into the host file without displaying the secret data when you view the host file in its associated program.

____ has also been used to protect copyrighted material by inserting digital watermarks into a file.

When working with image files, computer investigators also need to be aware of ____ laws to guard against copyright violations.

A(n) __________ is an e-mail server that strips identifying information from an e-mail message before forwarding it with the third-party mailing computer’s IP address.

Simple Mail Transfer Protocol (SMTP) is a protocol used to send e-mail that works on port 25.

P2 Commander includes the option to calculate hash codes for drives and partitions. When this option is selected:

P2 Commander automatically creates hash codes for the data on the evidence drive

P2 Commander includes a(n) ___________ that enables the investigator to sort, search scan, and otherwise work with the e-mail data to find the data most relevant to the case.

As you drill down within the file structure, the drives, directories, sub-directories, and folders of the evidence drive are added to the P2 Commander:

How is an audit trail of every machine through which an e-mail message has passed created?

As the message is routed through one or more mail servers, each server adds its own information to the message header

The __________ keeps a record of the message's journey as it travels through the communications network.

How can forensic investigators prove that evidence was not altered during the course of an investigation?

Which of the following statements is true regarding the categories into which P2 Commander has presorted files?

Within each category, P2 Commander provides details such as the create date, last accessed date, last modified date, and MD5 and SHA1 hashes for the files.

At a minimum, an e-mail message header must include:

Maintaining __________ is a problem with live system forensics in which data is not acquired at a unified moment.

The Windows Registry is organized into five sections. The __________ section is very critical to forensic investigations. It has profiles for all the users, including their settings.

__________ is a live-system forensic technique in which you collect a memory dump and perform analysis in an isolated environment.

Which of the following is the definition of heap (H)?

Dynamic memory for a program comes from the heap (H) segment.

The Windows Registry is a repository of all the information on a Windows system.

What is meant by slurred image?

the result of acquiring a file as it is being updated

All versions of Windows support logging. The Applications and Services log is used to store events from a single application or component rather than events that might have system-wide impact.

What term is used to describe one of the five sections of the Windows Registry?

The Swap File is also referred to as virtual memory.

A number of tools and even some Windows utilities are available that can help you to analyze live data on a Windows system. Use __________ to view process and thread statistics on a system.

1. Which of the following takes data from a digital camera’s image sensor to create an unprocessed or minimally processed image? A. PNG B. BMP C. JPEG D. RAW

Which of the following refers to the process of removing unwanted portions of an image? A. Cropping B. Linear filtering C. Color balancing D. Contrast adjustment

Which of the following is the prefix for digital images found on a Nikon camera? A. DCIM B. DSCN C. DCF D. DNG

A megapixel has how many pixels? A. 1,000 B. 10,000 C. 100,000 D. 1,000,000

Which of the following is not an example of a raster graphic? A. .jpg B. .bmp C. .eps D. .tif

Which of the following is an open standard RAW image format for digital photographs that was developed by Adobe? A. DNG B. PNG C. GIF D. TIFF

Which of the following is the smallest element of a raster image, which may be either a dot or a square? A. Raster B. Vector C. Pixel D. Megapixel

Which of the following is a raster image file format that uses lossless data compression? A. Tagged Image File Format (TIFF) B. RAW C. Digital Negative (DNG) D. Scalable Vector Graphics (SVG)

A. Tagged Image Fille Format (TIFF)

Which of the following is an organization that was founded by the FBI and publishes standards for the use of digital and multimedia evidence in the justice system? A. InfraGard B. ASCLD/LAB C. SWDGE D. SWGIT

Which of the following is the root directory found in the file system of a digital camera that contains a series of subdirectories containing digital images? A. DNG B. DCF C. DCIM D. PNG

The Joint Photographic ________ Group file format is the most common picture file found on a digital camera, smartphone, or tablet.

When compression causes a reduction in picture quality, this is referred to as ________.

A(n) ________ graphic is a pixelated image associated with pictures found on a computer or retrieved from a digital camera.

A(n) ________ graphic is comprised of curves, lines, or shapes based on mathematical formulae rather than pixels.

The Design Rule for ________ file system was developed by the Japan Electronic Industry Development Association (JEIDA) to facilitate the exchange of images between digital still cameras and other devices for viewing digital photographs.

Color ________ describes the process of adjusting colors in an image to render them to more accurately reflect the original scene when the photograph was taken.

A(n) ________ Image File is a raster image file format that is generally associated with a Windows PC.

________ adjustment is used to make an image lighter or darker, to make the image easier to view.

A(n) ________ photograph is an image taken with a camera and stored as a computer file.

Exchangeable ________ File Format is the metadata associated with digital pictures.

What is the file format .edb used with? A. GroupWise B. Microsoft Exchange C. Microsoft Outlook D. Linux e-mail

2. IMAP uses port 143. A. True B. False

Which of the following types of mass e-mails are not covered by the CAN-SPAM Act? A. E-mails advertising products B. E-mails advertising legal services C. E-mails advertising a church event D. E-mails advertising stock prices

C. Emails advertising a church event

What is the .ost file format used for? A. Microsoft Outlook mailbox B. Microsoft Outlook offline storage C. Microsoft Lotus Notes D. Microsoft Outlook Express

B. Microsoft Outlook offline storage

Lotus Notes uses the ______ file format

_____ was the first Windows operating system to support FAT32.

How many hives are in the Windows Registry?

Stack memory is stored in a first-in, last-out format

Which of the following is a concern for capturing live data that is caused by data being changed as it is being captured?

In Windows 7, the swap file ends with what extension?

Where are the start-up scripts defined? A. etc/init.d B. /etc/scripts C. /etc/start D./etc/inittab

Which of the following file systems cannot be mounted by using the mount command? A. ext2 B. swap C. fat D. ReiserFS

Which of the following is a file system that provides system statistics? It doesn't contain real files but provides an interface to run-time system information? A. /proc B. /var C. /home D. /boot

_____ is a commonly used name for a command-line utility that provides disk partitioning functions in an operating system. It can list the partitions on a Linux system. A. mkfs B. parted C. fdisk D. format

What single shell command will tell you the home directory, current user, and current history size? A. who B. whois C. env D. logname

Use the ______ command to see running processes as a tree.

The dmesg command can be used to see the Linux boot messages.

Snort is an open source intrusion detecion system (IDS)

GNOME, which is built on GTK+, is a cross-platform toolkit for creating graphical user interfaces

Many devices, such as floppy and CD-ROM drives, are mounted in the /var directory

The _____ directory holds compiled files, which means programs, including some malware, may be found there.

Which linux shell command lists all currently running processes that the user has started (any program or daemon is a process)?

The _____ directory is different from an other directory in that it is not really stored on the hard disk. Is it created in memory and keeps information about currently running processes.

Int he Linuc boot process, the MBR loads up a(n) _____ program, such as LILO

You can use the _____ shell command to make a physical image of what is in live memory

Like Windows, Linux has a number of logs that can be very interesting for a forensic investigation. The /var/log/lpr.log log is the printer log.

In Linux, as with Windows, the first sector on any disk is called the ______.

Which type of compression compresses data permanently by discarding bits of information in the file?

What term refers to recovering fragments of a file?

What technique has been used to protect copyrighted material by inserting digital?

What are the two major forms of steganography?