Harold is a computer forensics investigator working for a consulting firm out of Atlanta Georgia. Harold is called upon to help with a corporate espionage case in Miami Florida. Harold assists in the investigation by pulling all the data from the computers allegedly used in the illegal activities. He finds that two suspects in the company where stealing sensitive corporate information and selling it to competing companies. From the email and instant messenger logs recovered, Harold has discovered that the two employees notified the buyers by writing symbols on the back of specific stop signs. This way, the buyers knew when and where to meet with the alleged suspects to buy the stolen material.

What type of steganography did these two suspects use?

What type of attack sends SYN requests to a target system with spoofed IP addresses?

What term is used to describe a cryptographic technique for embedding information into something else for the sole purpose of hiding that information from the casual observer?

George was recently fired from his job as an IT analyst at Pitts and Company in Dallas Texas. His main duties as an analyst were to support the company Active Directory structure and to create network polices. George now wants to break into the company network by cracking some of company Active Directory structure and to create network polices.

Which password cracking technique should George use in this situation?

An on-site incident response team is called to investigate an alleged case of computer tampering within their company. Before proceeding with the investigation, the CEO informs them that the incident will be classified as low level.

How long will the team have to respond to the incident the investigation?

What advantage does the tool Evidor have over the built-in Windows search?

You are called in to assist the police in an investigation involving a suspected drug dealer. The police searched the suspect house after a warrant was obtained and they located a floppy disk in the suspect bedroom. The disk contains several files, but they appear to be password protected.

What are two common methods used by password cracking software that you could use to obtain the password?

A picture file is recovered from a computer under investigation. During the investigation process, the file is enlarged 500% to get a better view of its contents.
The picture quality is not degraded at all from this process.

What kind of picture is this file its contents?

Preparing an image drive to copy files to is the first step in Linux forensics.
For this purpose, what would the following command accomplish?

dcfldd if=/dev/zero of=/dev/hda bs=4096 conv=noerror, sync

An employee is attempting to wipe out data stored on a couple of compact discs (CDs) and digital video discs (DVDs) by using a large magnet.
You inform him that this method will not be effective in wiping out the data because CDs and DVDs are _________ media used to store large amounts of data and are not affected by the magnet.