16-3 Flashcards
the ___________ command lists any activie sessions connected to the computer you run it on
net sessions
this is a command useful for finding live attacks ongoing
openfiles
___ is a command you can use with a forensic copy of a machine. it compares 2 files and shows the difference.
fc
used to detect ongoing attacks
netstat
This is an incredible repository of potential valuable forensics information, the heart of windows.
windows registry
the registry key is __________ lists USB devices that have been connected to the machine
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\USBSTOR
this allows investigators to mathc the serial number ti a given drive letter
System\MountedDevices
software packages used to gather infor from a sim card
CEllebrite MOBILedit Forensics Express BlackBag Technologies magnet forensics oxygen forensics
information to retrieve from a cell ohone
photo video texts or sms call time, received calls, call durations contact name and numbers
the copying the active file system fromone device to another
logical imaging
___________ are often the first tyoe fo examination forensics analysts will run because they are easy to execute
logical thechniques
the practice of removing a memory chip, or any chip from a circuit board and reading it
chip off technique
Mobile devices that are implementing the BGA style memory incorporate __________ for test and debugging
JTAP Joint Test Action Group
comonly called 2G technology. developed by european telecommunications standards institute. developed for digital voice
GSM
considered halfway between 2G and 3G
EDGE
