MidTerm-Quiz102

How do you find insertion steganography?

Analyzing the data structure carefully. (And knowing what the data structure is
supposed to look like)

What is substitution steganography?

When bits of a host file are replaced with other bits of data to hide a message.
(Usually the last two (or least significant, AKA LSBs) bits)

How do you find substitution steganography?

It can occasionally be detected with steganalysis tools.

What are steg tools?

Steganalysis tools, used for detecting, decoding and recording hidden data.
Particularly, substitution steganography in a host file.

(Hahaha. I like to think they are tools the stegosaurus's used back when they
roamed the earth. Think about it. A stegosaurus using a hammer. Isn't that a kinda
funny image?)

Review Week 10_1 Slide 26-28 to see how Substitution Steganography works.
This isnt a question. Just review it quickly...it was in red

List a common clue that would indicate that steganography was used?
-Duplicate file with different hash values
-A stegenography program (or multiple) installed on the suspect's drive

True or False: When done correctly, it becomes difficult to identify steganography.

False: When done correctly, you cannot detect hidden data in most cases

True or False: Steganography only refers to image files.

False: Steganography can be applied to any type of data. Such as audio and video.

What is a legal application for steganography?

Inserting digital watermarks into a file.

It is used to protect copyrighted material

What are the three types of graphic files?

Bitmap
Vector
Metafile

What are some standard file formats?

.gif
.jpeg
.bmp
.tif

What are some common, non-standard formats?

.tga
.rtl
.psd
.svg

True or False: Some image files compress their data.

True. This is called Lossy or Loseless compression (Lossy loses content, loseless
does not)

What are the common file formats digital cameras produce?

RAW and EXIF JPEG

What are two techniques that are important in recovering image files?
Carving file fragments
Rebuilding image headers

What is the best source for learning about file formats and their headers?
Internet and Google

Important image-related software

Image editors
Image viewers

What is steganorgraphy?
A technique to hide information inside files. (Usually image files)

When examining and analyzing digital evidence, you depend on...

the nature of the investigation
the amount of data to process

Scope Creep
when an investigation expands beyond the original description

What are some common reasons for scope creep?

Unexpected evidence that is found
Attorneys asking investigators to examine other area to recover more evidence

Why is scope creep problematic?

It increases the time and resources needed to extract, analyze, and present
evidence

You begin a case by creating what document?

An investigation plan
What does an investigation plan define?
Goal and Scope of the investigation

The materials needed

Tasks to perform

True or False: The approach you take largely depends on the type of case you are
investigating.
True. As in Corporate, Civil or Criminal

What is an exception to the digital forensics investigation rule, "Examine contents

of all data files in all folders"
Do not do this is your warrant does not cover that section.

True or False: You must follow the investigation plan

False: There may be scenarios where you have to deviate from the plan.

Start with the plan but remain flexible as new evidence comes in.