WGU D431 - Digital Forensics in
Cybersecurity (DQO1 vocab & study
guide) Questions & Answers..
American Standard Code for Information Interchange (ASCII) Answer- A set of
codes defining all the various keystrokes you could make, including letters, numbers,
characters, and even the spacebar and return keys.
Anonymous remailing Answer- The process of sending an email message to an
anonymizer. The anonymizer strips identifying information from an email message
before forwarding it with the anonymous mailing computer's IP address.
Anti-forensics Answer- The actions that perpetrators take to conceal their locations,
activities, or identities.
Asymmetric cryptography Answer- Cryptography wherein two keys are used: one to
encrypt the message and another to decrypt it.
Asynchronous transfer mode (ATM) Answer- A high-speed connection technology
that uses fixed-length, 53-byte packets called calls.
Authenticate Answer- To verify the identity of a person, or to verify evidence.
Base transceiver station (BTS) Answer- The part of the cell network responsible for
communications between the mobile phone and the network switching system.
Basic input/output system (BIOS) Answer- The basic instructions stored on a chip
for booting up the computer.
Bit-level information Answer- Information at the level of actual 1s and 0s stored in
memory or on the storage device.
Block cipher Answer- A form of cryptography that encrypts data in blocks; 64-bit
blocks are quite common, although some algorithms (like AES) use larger blocks.
Bootstrap environment Answer- A special program, such as U-Boot or RedBoot, that
is stored in a special section of the flash memory.
,Brute-force attack Answer- An attack in which the attacker tries to decrypt a
message by simply applying every possible key in the keyspace.
Business continuity plan (BCP) Answer- A plan for maintaining minimal operations
until the business can return to full normal operations.
Business impact analysis (BIA) Answer- An analysis of how specific incidents might
impact the business operations.
Caesar cipher Answer- The method of cryptography in which someone chooses a
number by which to shift each letter of a text in the alphabet and substitute the new
letter for the letter being encrypted. This is also known as a monoalphabet, single-
alphabet, or substitution cipher.
Carrier Answer- The signal, stream, or data file in which the payload is hidden.
Cell-phone forensics Answer- The process of searching the contents of cell phones.
Chain of custody Answer- The continuity of control of evidence that makes it
possible to account for all that has happened to evidence between its original
collection and its appearance in court, preferably unaltered.
Channel Answer- The type of medium used to hide data in steganography. This may
be photos, video, sound files, or Voice over IP.
Clean room Answer- An environment that has a controlled level of contamination,
such as from dust, microbes, and other particles.
Cloud computing Answer- The practice of delivering hosted services over the
internet. This can be software as a service, platform as a service, or infrastructure as
a service.
Computer forensics Answer- The use of analytical and investigative techniques to
identify, collect, examine, and preserve computer-based material for presentation as
evidence in a court of law.
Consistency checking Answer- A technique for file system repair that involves
scanning a disk's logical structure and ensuring that it is consistent with its
specification.
Cryptanalysis Answer- A method of using techniques other than brute force to
derive a cryptographic key.
Curriculum vitae (CV) Answer- An extensive document expounding one's
experience and qualifications for a position, similar to a résumé but with more detail.
In academia and expert work, it is usually used rather than a résumé.
Cyberstalking Answer- The use of electronic communications to harass or threaten
another person.
, Data consistency Answer- The act of ensuring the data that is extracted is
consistent.
Daubert standard Answer- The standard holding that only methods and tools widely
accepted in the scientific community can be used in court.
Demonstrative evidence Answer- Information that helps explain other evidence. An
example is a chart that explains a technical concept to the judge and jury.
Denial-of-service (DoS) attack Answer- An attack designed to overwhelm the target
system so it can no longer reply to legitimate requests for connection.
Digital evidence Answer- Information that has been processed and assembled so
that it is relevant to an investigation and supports a specific finding or determination.
Digital forensics Answer- Computer forensics expanded to include smartphones,
smart watches, and other current and forthcoming digital media and devices.
Disaster recovery plan (DRP) Answer- A plan for returning the business to full
normal operations.
Disk forensics Answer- The process of acquiring and analyzing information stored
on physical storage media, such as computer hard drives or smartphones.
Disk Operating System (DOS) Answer- A command-line operating system.
Disk striping Answer- Distribution of data across multiple disk sectors to improve
speed (also called RAID 0).
Distributed denial-of-service (DDoS) attack Answer- An attack in which the attacker
seeks to infect several machines, and use those machines to overwhelm the target
system to achieve a denial of service.
Documentary evidence Answer- Data stored in written form, on paper or in
electronic files, such as email messages and telephone call-detail records.
Investigators must authenticate documentary evidence.
Drive geometry Answer- The functional dimensions of a drive in terms of the number
of heads, cylinders, and sectors per track.
Dump Answer- A complete copy of every bit of memory or cache recorded in
permanent storage or printed on paper.
Electronic serial number (ESN) Answer- A unique identification number developed
by the U.S. Federal Communications Commission (FCC) to identify cell phones.
Email forensics Answer- The study of the source and content of email as evidence,
including the identification of the sender, recipient, date, time, and origination
location of an email message.
Cybersecurity (DQO1 vocab & study
guide) Questions & Answers..
American Standard Code for Information Interchange (ASCII) Answer- A set of
codes defining all the various keystrokes you could make, including letters, numbers,
characters, and even the spacebar and return keys.
Anonymous remailing Answer- The process of sending an email message to an
anonymizer. The anonymizer strips identifying information from an email message
before forwarding it with the anonymous mailing computer's IP address.
Anti-forensics Answer- The actions that perpetrators take to conceal their locations,
activities, or identities.
Asymmetric cryptography Answer- Cryptography wherein two keys are used: one to
encrypt the message and another to decrypt it.
Asynchronous transfer mode (ATM) Answer- A high-speed connection technology
that uses fixed-length, 53-byte packets called calls.
Authenticate Answer- To verify the identity of a person, or to verify evidence.
Base transceiver station (BTS) Answer- The part of the cell network responsible for
communications between the mobile phone and the network switching system.
Basic input/output system (BIOS) Answer- The basic instructions stored on a chip
for booting up the computer.
Bit-level information Answer- Information at the level of actual 1s and 0s stored in
memory or on the storage device.
Block cipher Answer- A form of cryptography that encrypts data in blocks; 64-bit
blocks are quite common, although some algorithms (like AES) use larger blocks.
Bootstrap environment Answer- A special program, such as U-Boot or RedBoot, that
is stored in a special section of the flash memory.
,Brute-force attack Answer- An attack in which the attacker tries to decrypt a
message by simply applying every possible key in the keyspace.
Business continuity plan (BCP) Answer- A plan for maintaining minimal operations
until the business can return to full normal operations.
Business impact analysis (BIA) Answer- An analysis of how specific incidents might
impact the business operations.
Caesar cipher Answer- The method of cryptography in which someone chooses a
number by which to shift each letter of a text in the alphabet and substitute the new
letter for the letter being encrypted. This is also known as a monoalphabet, single-
alphabet, or substitution cipher.
Carrier Answer- The signal, stream, or data file in which the payload is hidden.
Cell-phone forensics Answer- The process of searching the contents of cell phones.
Chain of custody Answer- The continuity of control of evidence that makes it
possible to account for all that has happened to evidence between its original
collection and its appearance in court, preferably unaltered.
Channel Answer- The type of medium used to hide data in steganography. This may
be photos, video, sound files, or Voice over IP.
Clean room Answer- An environment that has a controlled level of contamination,
such as from dust, microbes, and other particles.
Cloud computing Answer- The practice of delivering hosted services over the
internet. This can be software as a service, platform as a service, or infrastructure as
a service.
Computer forensics Answer- The use of analytical and investigative techniques to
identify, collect, examine, and preserve computer-based material for presentation as
evidence in a court of law.
Consistency checking Answer- A technique for file system repair that involves
scanning a disk's logical structure and ensuring that it is consistent with its
specification.
Cryptanalysis Answer- A method of using techniques other than brute force to
derive a cryptographic key.
Curriculum vitae (CV) Answer- An extensive document expounding one's
experience and qualifications for a position, similar to a résumé but with more detail.
In academia and expert work, it is usually used rather than a résumé.
Cyberstalking Answer- The use of electronic communications to harass or threaten
another person.
, Data consistency Answer- The act of ensuring the data that is extracted is
consistent.
Daubert standard Answer- The standard holding that only methods and tools widely
accepted in the scientific community can be used in court.
Demonstrative evidence Answer- Information that helps explain other evidence. An
example is a chart that explains a technical concept to the judge and jury.
Denial-of-service (DoS) attack Answer- An attack designed to overwhelm the target
system so it can no longer reply to legitimate requests for connection.
Digital evidence Answer- Information that has been processed and assembled so
that it is relevant to an investigation and supports a specific finding or determination.
Digital forensics Answer- Computer forensics expanded to include smartphones,
smart watches, and other current and forthcoming digital media and devices.
Disaster recovery plan (DRP) Answer- A plan for returning the business to full
normal operations.
Disk forensics Answer- The process of acquiring and analyzing information stored
on physical storage media, such as computer hard drives or smartphones.
Disk Operating System (DOS) Answer- A command-line operating system.
Disk striping Answer- Distribution of data across multiple disk sectors to improve
speed (also called RAID 0).
Distributed denial-of-service (DDoS) attack Answer- An attack in which the attacker
seeks to infect several machines, and use those machines to overwhelm the target
system to achieve a denial of service.
Documentary evidence Answer- Data stored in written form, on paper or in
electronic files, such as email messages and telephone call-detail records.
Investigators must authenticate documentary evidence.
Drive geometry Answer- The functional dimensions of a drive in terms of the number
of heads, cylinders, and sectors per track.
Dump Answer- A complete copy of every bit of memory or cache recorded in
permanent storage or printed on paper.
Electronic serial number (ESN) Answer- A unique identification number developed
by the U.S. Federal Communications Commission (FCC) to identify cell phones.
Email forensics Answer- The study of the source and content of email as evidence,
including the identification of the sender, recipient, date, time, and origination
location of an email message.
