File Signature Analysis and Hash Analysis - Review Questions
14 important questions on File Signature Analysis and Hash Analysis - Review Questions
2. A file header is which of the following?
A. A unique set of characters at the beginning of a file that identifies the file type.
B. A unique set of characters following the filename that identifies the file type.
C. A 128-bit value that is unique to a specific file based on its data.
D. Synonymous with file extension.
3. The Windows operating system uses a filename’s ______________ to associate files with the proper applications.
A. signature
B. MD5 hash value
C. extension
D. metadata
C. The Windows operating system uses a file's extension to associate the file with the proper application.
4. Unix (including Linux) operating systems use a file’s ______________ to associate file types to specific applications.
A. metadata
B. header
C. extension
D. hash value
- Higher grades + faster learning
- Never study anything twice
- 100% sure, 100% understanding
For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!
I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.
Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.
Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!
Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!
Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!
I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.
I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.
For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!
I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..
Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.
At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.
Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.
Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!
The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.
In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past
With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.
Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.
5. The Mac OS X operating system uses which of the following file information to associate a file to a specific application?
A. The “user defined” setting
B. Filename extension
C. Metadata (creator code)
D. All of the above
D. When determining which application to use to open a file, Max OS X gives first precedence to "user defined" settings, second precedence to creator code metadata, and third precedence to filename extensions. If non of these are present, other rules come into play.
8. When a file’s signature is known and the file extension does not match, EnCase will display the following result after a signature analysis is performed.
A. Alias (Signature Mismatch)
B. Bad Signature
C. Unknown
D. Match
11. Can a file with a unique header share multiple file extensions?
A. Yes
B. No
A. Yes, A unique file header can share multiple file extensions. An example of such a case is a .jpeg or .jpg file, which shares the same file header.
12. A user can manually add new file headers and extensions by doing which of the following?
A. Manually inputting the data in the FileSignatures.ini file
B. Right-clicking the file and choosing Add File Signature
C. Choosing the File Types view, right-clicking, and selecting New in the appropriate
folder
D. Adding a new file header and extension and then choosing Create Hash Set
C. A user can manually add new file headers and extensions by accessing the File Types view and creating a new entry, with new header and extension.
13. Select the correct answer that completes the following statement: An MD5 hash_________________.
A. is a 128-bit value
B. has odds of one in 2(to the 128th) that two dissimilar files will share the same value
C. is not determined by the filename
D. All of the above
D. An MD% hash is a 128 bit has value, and the odds of two different files having the same value is on in 2(to the 128th). A file's MD5 hash value is based on the file's data area, not its filename, which resides outside the data area.
14. EnCase can create a hash value for the following.
A. Physical devices
B. Logical volumes
C. Files or groups of files
D. All of the above
15. With EnCase 7, how many hash libraries can be applied at one time to any case?
A. One
B. Two
C. Three
D. No limit to the number that can be applied
17. Usually a hash value found in a hash set named Windows 7 would be reported in the Hash Category column as which of the following?
A. Known
B. Notable
C. Evidentiary
D. Nonevidentiary
A. Known, These hash sets have been produced from known safe sources and are categorized as Known. In most cases, they are nonevidentiary and can be ignored when conducting searches and other analyses.
18. With regard to hash categories, evidentiary files or files of interest are categorized as which of the following?
A. Known
B. Notable
C. Evidentiary
D. Nonevidentiary
B. Notable, evidentiary files or files of interest are usually categorized as Notable.
19. An MD5 or SHA1 hash of a specific media generated by EnCase will yield the same hash
value as an independent third-party MD5 or SHA1 hashing utility.
A. True
B. False
20. A hash _______ is comprised of hash _______ , which is comprised of hash ______.
A. set(s), library(ies), value(s)
B. value(s), sets(s), library(ies)
C. library(ies), set(s), value(s)
D. set(s), values(s), library(ies)
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding
