Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CS414 - Digital Forensics > Week 4 - Write-Blocking & Hashing > Flashcards

Week 4 - Write-Blocking & Hashing Flashcards

1
Q

What is write blocking?

A

It is a method that prevents write processes on a disk. It is used to ensure that the data on a disk is not corrupted or changed during investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When is write blocking used?

A

Whenever a disk (Original copy or perhaps an image) is plugged into investigative machine. It prevents the machines OS from contamenating the disk’s data by only allowing read operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Give the 3 types of write blockers.

A

Hardware write blockers
Forensically sound OS systems
Software write blockers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Hardware write blocker?

A

A piece of physical hardware that goes in between the machine and the disk, and physically disconnects the write line on the interface to prevent write operations. It basically cannot carry write operations through its connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do forensically sound OSs stop write operations?

A

They give you extra settings to allow you to disable write operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the prefered type of write blocker? Why?

A

Hardware write blockers.

Because they are always forensically certified and reliable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How are images verified to be exact copies of the original?

A

A checksum program is used to compare the hash of the image drive to the hash of the original drive. This is done throughout the investigation during multiple stages, not just at the start and end.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are 2 common checksums?

A

Md5

Sha1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In MD5 hashing, how long is the checksum?

A

128-bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In Sha1 hashing, how long is the checksum?

A

160-bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is hashing used to compare the image and original?

A

Because hashing gives a unique value for each file. If two files are the same, they will give the same hash value. If there is even the slightest change, it will be reflected by a big change in the hash value.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an advantage that Sha1 has one MD5? Why is it used more than MD5?

A

Sha1 has a longer hash value, therefore ther is reduced likelyhood of hash collisions (When two different values give the same hash value).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How would you use the MD5 hash on windows?

A

You would use the MD5 hash program called WinMD5.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How would you run the sha1 command on Linux?

A

sha1sum -c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How would you run the md5 command on Linux?

A

md5sum -c

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CS414 - Digital Forensics (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions