05 Digital Forensics Flashcards
(27 cards)
What is Digital Forensics?
Digital forensics involves extracting, analyzing, and preserving digital evidence from electronic devices such as computers, mobile phones, networks, and even drones. It’s used in cybersecurity investigations to uncover the “who, what, where, when, why, and how” behind cyber incidents.
What are the 5 steps of Forensics Workflow
Acquire
Examine
Timeline
Document
Present
What is ACQUIRE in Forensics Workflow
Secure and preserve original evidence
What is EXAMINE in Forensics Workflow
Analyse artifacts (digital, physical, network).
What is TIMELINE in Forensics Workflow
Build a timeline of events and activities.
What is DOCUMENT in Forensics Workflow
Record findings clearly
What is PRESENT in Forensics Workflow
Report results in a defensible, understandable manner.
What are the Types of Digital Artifacts
Digital Artifact Data (DAD)– Files, logs, system traces.
Physical Artifact Data (PAD) – Device details, firmware.
Network Artifact Data (NAD) – Packet captures, logs.
What are the main Technical Challenges in digital forensics?
Data location, data size, data incompatibility, and anti-forensic tools (data wiping, data hiding, encrypted data).
What are the Big-Data Challenges?
Heterogeneous data, massive volume, inconsistent formats, data validation, trust, processing speed and accuracy.
What are the Legal Challenges?
Privacy concerns, cross-jurisdiction issues, lack of clear legal process, security constraints, and insufficient support.
What are the Mobile/Computer Challenges?
Heterogeneous devices, multiple platforms, malicious applications, lack of specialized forensic tools, tool bugs and varied communication protocols.
What are the Operational Challenges?
Lack of standardized procedures, mobile/computer-specific hurdles, low forensic readiness, and weak incident management.
What are the Investigative Challenges?
Shortage of qualified personnel, unclear investigation thresholds, lack of forensic knowledge and skills.
What are common Anti-Forensics Techniques?
Encryption, data wiping, and data hiding.
What emerging data issues further complicate investigations?
New file formats, cloud dependencies, and explosive growth in data volume.
What is Network Forensics?
Capturing and analyzing network traffic with tools like Wireshark, Snort and Zeek.
What is Log Analysis?
Aggregating, indexing and searching system/application logs to identify relevant events.
What is Cloud Forensics?
Conducting investigations in cloud environments—requires cooperation from the provider and adapts to limited native tooling.
What is Email Forensics?
Examining email headers, message paths and content to detect phishing and trace senders.
What is Malware Analysis?
Studying malicious code via static, dynamic, behavioral analysis and reverse engineering.
What is File System Analysis?
Recovering deleted or hidden data by examining the underlying file system structures.
What is Memory Forensics?
Capturing and analyzing RAM snapshots (e.g. with Volatility) to uncover in-memory artefacts.
What is Mobile Forensics?
Extracting SMS, call logs, GPS, Wi-Fi and app data from smartphones and tablets.
