Professional Documents
Culture Documents
MidTerm Quiz104
MidTerm Quiz104
MidTerm Quiz104
What do advanced hex editors offer (in the way of validation) that are not
available in most forensic tools
Hashing specific files and/or sectors
What are two popular programs that provide MD5 and SHA-1 hashing algorithms?
WinHex and HxD
In block-wise hashing, what happens when sectors on the suspect's drive match
part of the data set of hashes?
You confirm that the file was stored on the suspect's drive
It compares known file hash values with files on your evidence drive to see if they
contain suspicious data.
Other digital forensics tools can import the NSRL database and run has
comparisons.
What happens when you use the "diskpart remove letter" command in windows?
It unassign the partition's letter which hides it form view in the File Explorer
What command do you use to unhide a partition after you removed the letter?
"diskpart assign letter"
makes altered data unreadable. The user runs an assembler program to scramble
bits and runs another to unscramble them
What is a macro?
An assembler that is used to scramble data in bit-shifting.